[Tobias Engel] released a serious Nokia vulnerability today. By using a specially crafted SMS message, you can block the recipient from getting any future SMS messages. The attacker changes their Protocol Identifier to “Internet Electronic Mail” and then uses any email address 32 characters or more in their message. The recipient will receive no indication that they got the message and no other messages will be allowed until the phone is factory reset. You can see a demo video here. This affects many different varieties of S60 phones and no fix is known.
[Thanks fh]
Sweet – would somebody please send me one?
That’s so weird. Haha, good thing I don’t have a Nokia.
Works on my N95 8GB:
Mirror:
http://home.kitara.nl/s60-curse-of-silence.zip
tempted to do this to my girlfriend, who i think is cheating on me. she’s got an n95, would have a nervous breakdown without SMS.
i dont know if it is a flaw or a function of the phone co’s service termination system.
i mean that if the phone co wants to they can send the message and shut down the phone .
lets say you violated the terms of service or the phone got lost or stolen then co can send the message and disable the phone.
seb: do it dude. seriously. let us know how it goes hahahaha that would be epic on your part.
I’d like to know how to get the bluetooth script that the guy uses on his laptop.
This is wicked.
wait, if this is triggered by receiving an evil SMS, wouldn’t your operator notice?
You can’t hide caller ID for SMS… so if you cursed someone’s phone, and that person really wanted to know who did it, I guess they could… am I right?
This is kind of unrelated but where can I buy hack-a-day decals like the oneseen in this pic?
in reply to concernedcitizen:
unless there is a way to find a logfile/debug file within symbian, remember that the text message doesnt appear within the inbox, therefore untraceable to the average consumer.
Is the provider still charging you for the incoming texts?
The reason I ask is some people *want* to block all incoming SMS. But I don’t think any American telcos allow you to completely block incoming SMS even if you request it. They claim they “can’t do it” which seems like a bunch of hooey to me.
@sean,
You want gnokii. http://www.gnokii.org/
They have linux & prebuilt windows binaries. All good stuff. The “smssend” you saw above is a script that probably calls gnokii under the covers.
hey wait… f-secure told that they’ve got “mobile security” thingy which can disinfect an attacked phone: http://www.f-secure.com/v-descs/exploit_symbos_smscurse_a.shtml
what they know what we don’t?
Seems that some engineers will be celebrating the 2009 new years eve at a Nokia office solving this together with some PR folks doing damage control…
Thank God i have S40 device.I wont b having this problem. :)
How can I set Protocol Identifier to “Internet Electronic Mail” ?
Any ideas for a social engineering angle on this that might let me out of my (AU, therefore criminal) phone contract?
hola el articulo me parese muy muy bien aun me gustaria saber si el administrador o encargado de la pagina que siempre me pongo aver puede ayudarme con eso de atacar a otros celulares o que programa es adecuado para robarles saldo espero que me digan el tema de la ingieneria inversa
bueno nos vemos y me agregan toshiro.dark.bleach@hotmail.com
This is great way to atleast stop spam sms messages
Anh oj