25C3: Nokia exploit stops all inbound SMS

nokia

[Tobias Engel] released a serious Nokia vulnerability today. By using a specially crafted SMS message, you can block the recipient from getting any future SMS messages. The attacker changes their Protocol Identifier to “Internet Electronic Mail” and then uses any email address 32 characters or more in their message. The recipient will receive no indication that they got the message and no other messages will be allowed until the phone is factory reset. You can see a demo video here. This affects many different varieties of S60 phones and no fix is known.

[Thanks fh]

21 thoughts on “25C3: Nokia exploit stops all inbound SMS

  1. i dont know if it is a flaw or a function of the phone co’s service termination system.

    i mean that if the phone co wants to they can send the message and shut down the phone .

    lets say you violated the terms of service or the phone got lost or stolen then co can send the message and disable the phone.

  2. wait, if this is triggered by receiving an evil SMS, wouldn’t your operator notice?

    You can’t hide caller ID for SMS… so if you cursed someone’s phone, and that person really wanted to know who did it, I guess they could… am I right?

  3. in reply to concernedcitizen:

    unless there is a way to find a logfile/debug file within symbian, remember that the text message doesnt appear within the inbox, therefore untraceable to the average consumer.

  4. Is the provider still charging you for the incoming texts?

    The reason I ask is some people *want* to block all incoming SMS. But I don’t think any American telcos allow you to completely block incoming SMS even if you request it. They claim they “can’t do it” which seems like a bunch of hooey to me.

  5. Seems that some engineers will be celebrating the 2009 new years eve at a Nokia office solving this together with some PR folks doing damage control…

  6. hola el articulo me parese muy muy bien aun me gustaria saber si el administrador o encargado de la pagina que siempre me pongo aver puede ayudarme con eso de atacar a otros celulares o que programa es adecuado para robarles saldo espero que me digan el tema de la ingieneria inversa

    bueno nos vemos y me agregan toshiro.dark.bleach@hotmail.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s