Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Technology

DoS Vulnerability On Nokia Phones 114

Matt_Bennett writes "According to this report from CNN, it is possible to send a SMS (Short Message Service) message to certain Nokia GSM phones, in particular the Nokia 7110, which will cause it to lock up. At this point, they are unsure if it is possible from an email-to-SMS gateway. The phone has to have its battery removed and replaced to return to normal operation." "Sorry I couldn't call you back, my phone was haxx0r3d." We laugh, but as personal electronics get better, we rely on them more... and at the same time, they become more complex: the potential security holes grow. Its kinda creapy.
This discussion has been archived. No new comments can be posted.

DoS Vulnerability On Nokia Phones

Comments Filter:
  • by Anonymous Coward on Sunday September 03, 2000 @06:36AM (#807784)

    On norwegian TV yesterday, they interviewed some Nokia techies finishing up their research on the matter. Its seems that this bug only can be recreated with some sort of Nokia development software and equipment. This things are not readlily avalible.

    Next version of this software should solve the issue. A recall of the exploitalbe phones is not considered
  • <rant>
    It's amazing how unclued that company can remain.
    1. Still no data suite or such protocol for Linux.
    2. Their user interfaces seem to get slower/more complicated to use by every generation they publish.
    3. Instead of bringing out real solutions like handhelds with both GSM and TCP/IP CLI capability, they concentrate on corporate internet-remade-wannabe WAP.

    It's not really just Nokia, it's the general short-sightedness of corporations still unable to get the clue from their own work-force geeks.

    We're moving to information age not because of funny gadgets, but because of real, hard-to-use, hard-to-beat endlessly-programmable-information-processing-capa ble computers. Just miniaturizing PC to a practical, wearable companion doesn't seem to guarantee as much sales as moronic gadgets, only the latter gets implemented by the big players. The only good news in this situation is that small players still would have a chance.
    </rant>

    Vision:
    I want a necklace of batteries and PCMCIA cards wired to my earplugs and sights, that I can secure myself against hazardous SMS'es and other forthcoming hacks.

  • No, I just have a job where we
    make sms solutions and it would be great,
    if we could filter out this type of messages.
  • how mission-critical is a cell phone? must it be online at all times? must it have zero down time?

    for a DoS attack to be successful, the point is to flood a server that is required to be online at all times and that denial successfully takes them offline for an extended length of time.

    this isn't a true DoS attack because the person sending it would have to send out a continual stream of these malformed messages that would get bounced back to them as soon as one brings down the phone. Also, the SMS provider software would shut down the point of entry if their load from a point becomes too large.

    I would call this a simple software glitch that has the unfortunate problem of causing the phone's OS to crash.

    call it a runtime error. call it a macintosh system error. it's just not a DoS
  • so this should be called a triggered runtime error instead of a DoS
  • by quonsar ( 61695 ) on Sunday September 03, 2000 @09:16AM (#807789) Homepage

    Who are the geniuses that think these things up?

    My guess would be Hanna-Barbara. We're all just bit players in a big Jetsons episode.

    "I will gladly pay you today, sir, and eat up

  • How many times do people in the computer and communications have to learn the same lessons? It's bad enough that we have the never ending flurry of browser and other security problems, but we now also have to endure DoS attacks on phones?

    As Dr. Evil said, "Give me a frickin' break."

  • I think he meant crappy... or maybe a mix of the two. It is creepy and crappy at the same time, hence "creapy".
  • Not really, a DoS attack is anything that Denies Service, its just so happens that what you describe (I believe its called a smurf attack) is one common way to do that on the net.

    Also, cell phones are mission critical, for some people anyway. Emergency workers (firefighters, cops, ambulance drivers, etc) are beginning to rely more & more on cell phones for communication. The fact that someone can send my phone a message that forced me to manually reset the phone is pretty pitiful. IF something like this occured in, say, Pine or Elm, its would be considered a pretty big flaw.
  • Friend at work was able to construct a SMS message that crashed every GSM phone available at the company (And understandably, SMS messaging services oriented company has practically all models to test with), not only when sent to phone, but just by being on the SIM card. (Obviously, this crash triggered when parsing the message from memory.) On the bright side, you need SMSC to construct and send such a message.

    Just to state that this is hardly Nokia-specific problem, but of course, Nokia is most visible target, just like Microsoft.
  • Actually, if a Nokia phone is hit by a DoS attack, (7110 especially) it is permanently impossible to send or receive SMS messages. No kidding!
  • "TCP/IP CLI capability" is not a "real solution". It is *somewhat* of a *neat thing* for a very small minority of users...
  • And the thing is, for reconfiguration messages, you have to confirm whether you want them or not. If the user chooses to do so, it's their fault... How clueless could you be to get a reconfiguration message out of the blue and go "Ooh, better accept this!"?
  • how mission-critical is a cell phone? must it be online at all times? must it have zero down time?

    1. How mission-critical the cell phone is depends on who is using it. If it's your average SUV-driving latte-drinking yuppie, then no -- it isn't mission critical at all. But if it's a medical worker on call, it better be considered mission-critical.
    2. The downtime depends on how soon the person notices that the cellphone has crashed.
    3. I simply hate the way people are so used to Windows that they expect instability from an operating system. What happens when silicon becomes even more common? I would hate the day my refrigerator had a GPF...
    for a DoS attack to be successful, the point is to flood a server that is required to be online at all times and that denial successfully takes them offline for an extended length of time.

    DoS stands for Denial of Service, in case you were wondering. A DoS attack is anything that denies anyone service. Neither does it have to be against a server, nor does it have to be a flood. For example, the Winnuke attack was neither a flood, nor against a server (assuming that people aren't running servers on Windos).

    I would call this a simple software glitch that has the unfortunate problem of causing the phone's OS to crash.

    Oh sure, let me just reboot my cellphone. That's no problem, right? I mean software was meant to crash. And if my refrigerator (just wait a few years) suddently decides to crash in the middle of the night, I'll just run down and reboot it as well. No problem!

    call it a runtime error. call it a macintosh system error. it's just not a DoS

    See above.

    --

  • Sure, but what about when you wake up at 4AM, and want the lighs on. You could boot up your box, dial up, go to a web ste, put some passwords in, find the right button to click and the light comes on! If you want a blue light, load windows!

    Seriously though, isnt it cool in star trek when they can control lights by voice. Sensors could turn lights off when you leave the room etc. They dont need to be accessable to Bob in Austrailia, but the applications are endless.

    Having your video recorder available on the net so you can set it recording from work is another very useful thing. As you are driving home you can mumble something about coffee and your car would pick it up, relay it to your kettle and the kettle would switch on, saving you a couple of minutes as its boiled as you get in.

    Web enables bog roll is defiantly a useless thing, but there are many applications for web enabled consumer items, or at least a web enabled X10 interface.

    I ama big cynic when it comes to these new things, like WAP, but I have often wanted to send a quick email from my old non-wap mobile, or perhaps see the time of the next train.
  • Call it a BSOD.

    My phone (non wap mind you) receives text messages when I am in a call, if it crashed then, perhaps while driving, I would not be happy. If someone floods my dial up connection I have to reconnect, its annoying. Its not essential I am on 24/7 (in fat its more like 19/7), but It's annoying when I have to disconnect (2 hour time out in the UK).

    This is literaly a denial of service, but it's not covered by the conventional DoS definition, which is permanent.

  • (assuming that people aren't running servers on Windos).

    Didnt Winnuke rely on port 139 being open, which is, If I can remember back to my windows days, a NetBIOS server port.
  • Could be worse, we might have analogue networks like you instead of digital networks. TriBand phones required for full US coverage are between 5-25 times more expensive then Single band phones suitable throughout the EU.
  • Not even my old classmate would write with so many errors...
    Why do you try to make Germans bad?

    No German would replace every ue with ü...
    or every ss with ß..

  • by emufreak ( 83564 )
    It's too bad that telemarketers aren't required by law to use these phones when calling to spam us.
  • Ericsson's phones cool? Yeah, right... Small displays, bulky outlook, lack of features compared to Nokia etc..
  • Lets see.. $80 for the phone, $25/month for service, including 180 minutes of airtime, 12 month contract with one of the Dutch GSM carriers.. Doesn't sound prohibitively expensive.. Cometo think of it.. Maybe I should get me one of those.. :-)

    (not spam, but I got these prices from this page [www.gsm.nl] it's in Dutch and for the Dutch market though..)

    GSM..ahh..Ain't Europe a great place to be right now ;-) (Apart from Asia and Japanof course..)
    --

  • If the cell phone in question happened to have a high gain mic, such as those used on speaker phones, then this is definitely a possibility. However, some models may not get complete echo cancellation, so there could be scope for detection. It's a rather pricey way of surveilling, and you'd have to remember to switch Caller ID off before calling it, otherwise if it's found, you could easily be traced...

    There are several models of GSM mobiles that have a speakerphone capability, which you might still be able to get hold of if you look around.

  • I had the luxury of having a 7110 phone while doing some WAP development, and all I have to say is; DUH! 50% of all wml pages out there crash that under-powered POS.

    ...get a real phone, go ericsson or nokia 9110!
  • Most cellphones automatically reboot themselves when they detect an exception. Sometimes you notice it, sometimes you don't. This is one of those cases where it's taking a long time to crash - it's probably some buffer overrun problem that causes stack corruption, which will take a non-determinate time to cause a detectable problem.

    Mobile phones are becoming more and more complex - there's a huge amount of software in these things, usually upwards of 10s of millions of lines of code, spanning more that one processor. It's never possible to catch all the bugs, although there's (usually) a rigourous test phase to catch as many as possible.

    Unfortunately, there's so much competition in the marketplace at the moment that new software has to be designed and coded to a very tight timescale, which means that human error is not just possible, it's very probable.

    Your fridge/freezer probably already has some firmware to regulate the currently set temperature and control the quick freeze cycle or the defrost cycle - but as it doesn't have to support TCP/IP, then the firmware size is small - of the order of 10's of K, so the chance of error is reduced.

    I'm curious now: If the power went out in the middle of the night, would you get up and check the fuses to work out what had blown, so that you could turn the freezer back on?

  • by drwiii ( 434 ) on Sunday September 03, 2000 @06:39AM (#807809) Homepage
    Some Qualcomm QCP phones will let you spy on other people's SMS messages if you send a SMS to yourself full of high-bit characters. This was working with Bell Titanic's email-to-SMS gateway a few months back, not sure about now. It was kind of weird to get people's backup failure notices, NOCOL errors, and Oracle alerts though.
  • As I see it, this would be curing the symptoms not the cause.

    Some characters at the beginning of the message seem to have a special meaning for Nokia phones. A friend of mine sent ascii graph chistmas greetings, but most Nokia phone owners didn't see them, because the message begun with asterisk, which seems to indicate that a control sequence begins.

  • Sorry no link but... I once read about a bug with the Nokia 6190 where if you shorted a couple of pins on the bottom of the phone, the display would go blank untl you turned it off or reset it.

    Anyways, the implication of this was that you could set it on silent, no vibrate, auto-answer, nuke the display and then leave it somewhere close to sensitive discussions. Just call your phone and listen away.
  • when trying to make it easier to use (Microsoft all over). I'm fairly confident that this can't be caused by a normal SMS-msg with "normal" text (unless those Nokia engineers pulled it off -again-). Nokia phones can be configured using SMS-messages. Take Nokia WAP phones for example. They can be configured for WAP operation by receiveing an SMS message from your operator. Non-WAP Nokia phones also have similar functionality. Sending a malformed "config" msg might be what is causing this. Anyway, big deal. Nokia is a "designer" phone. Nice looks. Geeks in Scandinavia go for Ericsson (yes, I know they've fucked up in the past, but at least not as bad as Nokia this time :)
  • And did you ever notice how all new phones can "fall back" to analog?

    What it means is that in North America there is not the infrastructure for digital phones to be always on the digital service. Dual band phones in North America might mean Digital and Analogue, but Dual Band phones in the rest of the world mean two different carrier band frequencies. I think this answers points (1) and (2) as well.

    Analogue works because the infrastructure is there. Once the infrastucture is there, digital is MUCH preferable to Analogue, and I say this having been on a digital service for four years now in Europe, and when having to deal with the hiss and crackle of a analogue service both when in Canada and the States, it really annoyed me.

    As for the hacking, no it cannot happen on AMPS, but then of course with a cheap scanner, anyone can listen in on your calls.

    All this new-fangled technology, it will never last!! End sarcasm.

  • by neitzert ( 184856 ) on Sunday September 03, 2000 @06:48AM (#807814) Homepage
    heh, you would probably like the nokia 9110/9000 series phones. There is an application that will allow you to send your phone into diagnostic mode and do some pretty silly things; like traingulate your position between three known transmitter towers, pick and choose local transmiter towers, and a plethora of other fun things. I think it still can be found at http://www.yaws.dk/communicator/ Though you'll need to hack yourself a nokia cable to make it work... christopher
  • Yup .. for example you can make the 9110 do funny things by sending it certain 'smart messaging v2' messages, like:
    - the communicator-side changes to mail-application without *any* sign of a received SMS
    - same message but tell the phone you got a million new mails -> it'll eventually crash
    ..to name a couple but actually there's no need to do any special tricks to crash the thing it'll do it eventually anyway by itself :(

  • I guess he means Internet Access hooked up directly to the computer in a car. There was an article in 2600 about the Cadillac Evoq and Internet access in cars. It really is a moronic idea. Of course, my equally moronic Driver's Ed teacher was talking about how useful it would be.
  • Yeah, we have already begged the question
    of what is it going to be like in another five
    years when these devices are dominate in the
    market.

    When you have a chance to start from a clean
    slate why isn't it done right the first time?

    The answer is really simple, when you are rushing
    to get something finished in a not so timely
    manner... usually tests are done for the output
    or operation that you expect to recieve.
    You keep hacking until it starts coming out the
    way it should. Security is usually an after
    thought.

    Everything seems to ship broken... and companies
    only make repairation if it ends up costing
    enough money to make it cheaper to fix.

    How many of us get paid any more if their
    applications are just a little higher quality
    or more secure then the next guy. Management
    watches time tables... always have and always
    will. Until companies start changing, we are
    going to see more of these incidencies.

  • naah the T38m with bluetooth wireless headset kicks some serious ass.... ..now if they'd release it in the states i'd save myself the airfare...
  • ...just another ignorant idiot...
    cya
    YerMaster

    You're addicted to the net when
    - You call 911 when your ISP goes down
  • How many people outside of Japan know about the guy who set up a WAP home page that redirected the viewer's phone to 110 (the Japanese phone number for emergency services)? They got 5500 false calls in three months around the country from idiots viewing the page. The guy who made it was arrested the other day for interfering with official services.

    Now imagine that as a phone virus...

  • by Anonymous Coward
    I worked for a while on the SMS software of a major US carrier. We saw situations where phones would get randomly locked up due to SMS traffic. The bad part is that the phone looks like it's on--you don't know that you're phone isn't answering calls or receiving messages until you try to use it. Firmware does get fixed, but only customers that complain (might) get told they need to upgrade.

    At my company, at least, security and reliability were not high priority issues. First priority was anything that might be visible to the chiefs (high executives of the company) in their use of the phones ("The CEO can't get his messages?!? Get the whole team on it right away!!!"). Second priority was marketing, which generally meant sweeping problems under the rug.

    I shudder to think that anyone could be relying on these devices for important, live-and-death issues. They're considerably less reliable than, say, your typical accursed ISP. Don't depend on them!

  • "Remotely triggered runtime error" RTRE. there we have it.
  • Hey,

    SMS is hardly the only way to lock up your GSM

    Indeed not. You can permanantly destroy many GSM mobiles (including the SIM card) just by repeatedly hitting them with a sledgehammer.

    Yes, that was a joke.

    Michael

    ...another comment from Michael Tandy.

  • > (I believe its called a smurf attack)

    No, a smurf attack consisits of sending and ICMP Echo packet to the bradcast address of a subnet who still allows that sort of thing, but the trick is, you spoofed the source IP in the IP header, so every host on that subnet sends an ICMP Echo Response packet to the spoofed source IP (your target). This has the benefit of multiplying you outgoung datastream by the number of hosts on the subnet you are bouncing from. it allows you to flood the target with much more bandwidth than you have available to you.

    That is a smurf attack, emailing a Cell Phone does not count.
  • A phone hanging is one thing, but what if it were permantly locked? I've recently played around my 7110 and successfully unlocked the simlock (to allow it to use other networks' SIM cards). Now, the scary thing is that a logical extension is that if I were to leave my IR active, it would be quite straightforward for anyone with a laptop nearby to lock the phone so that it won't work my my SIM (or any SIM for that matter)... now that's a scary thought.
  • It seems to me that the real money is in security. As more devices gain IPs, as more people own cell phones, as more people (and countries) rely on the Internet, security becomes a major issue.

    It's scary to think that World War III could be some hacker dismantling America's computer systems, and suddenly we're stuck with very little. I'm quite surprised we haven't focused even more on security.

    Now, even my cell phone is at risk. Do you honestly think I'm going to go ahead and submit credit card information over the Internet just yet?

    Luckily, this isn't burglary. On the Internet, things are a bit more easily tracked I would think. Security isn't difficult -- precautions aren't hard to fathom. Therefore, it is any company's responsibility to consider this before netting their devices.

    I just think it's scary. We're so dependant one these things. But it's no less frightening then the first cars and the chance of getting hit, or even the first horses and stepping in sh*t. (that rhymed)

    My point is: this is all necessary and wonderful, but let's just be very, very careful. Hopefully Congress will get moving and other countries will too.
  • Exactly the same thing happens (or happened, until I got the firmware upgraded) to my Nokia 6150.. only happened with Quios SMS though, I couldn't read them when they came in, they'd lock up the phone.. so I'd remove/replace the battery, and then they were fine.
  • I have a 7110 and occasionally use it for WAP - I would use it more, but about 1/3 of all pages I browse, including some portal sites, just can't be displayed. So calling this a good browser is rather an exaggeration, though it may well be better than the others you tested.
  • by Anonymous Coward
    if (DoSAttack == 1) {
    DisableSMS(permanently);
    }
  • Flamebait?! Come on moderators, you could at least mark it "offtopic", or "not funny" or something!
  • Does someone got any examples how to do this ??

  • At least now when I don't answer my boss I'll have a good excuse...
  • AAAAAG! That's not a phone! That's a handheld computer disguised as a phone! See this PC Mag review [zdnet.com] and this summary of the non-US version [nokia.com] (with interactive demo). Where's the Linux port?

    Of course, at $1K for the phone itself, plus probably $200/month for all the services needed to make it worth having, I won't junk my Palm Vx any time soon. Especially since I'm still hoping for CPDP service in my area. Not that I'm holding my breath for that -- there's every indication that pocket-network developers are abandoning PDAs in favor of augmented cell phones, like this puppy. For example, Paypal has discontinued their popular Palm app [palminfocenter.com] in favor of phone-based apps.

  • Hey guy, we've had computers in cars for a long time. What do you think your car has instead of a carburetor? How do you suppose ABS brakes work?

    But that reminds me of a funny story. A very long time ago, I was working with an engineer who'd come out of the auto industry. I asked him when we would see ABS brakes in actual consumer cars. He told me he would never drive a car that relied on (possibly buggy) software to stop. "It brings a whole new meaning to the halting problem!"

  • I seem to remember once managing to get my dad's Nokia 2160 to lock up, requiring the battery to be removed and reinstalled.... it used to be used on AT&T Wireless service, and they had this MessageFlash software that would allow text messages to be sent to the phone from your PC.. if I remember right, MessageFlash liked to crash the PC too... anyway, I sent a MessageFlash message saying "test" or something to that regard, and it went kaput. Not that it ever worked right, either... nor did it ever work right as a phone... can anyone say "paperweight"? Of course, we were paying serious extra for digital service... (sigh)

    And just HOW does Nextel work so damn well? I think it's somehow magically enchanted.

    Blue Neon - quite possibly the perfect semi-caffiene-inspired online comic. [cjb.net]

  • Actually... ;)
    Yes, some of the TCP/IP stacks for DOS have some well-known issues... Especially buffer overflows.

    Nowadays, they're rare indeed as most internet apps are linked against Watt-32 (the successor to WatTcp). Since it's still actively developed, any DoS attacks can be fixed in the library source and the app can be relinked. Just like on *nix.. ;)

    And, please... NO DOS IS DEAD EMAILS... Thanks... I get enough of it IRL, don't need it from here too... ;)

    --Matt
  • My uncle Joe (in-law, actually) felt the same way. Despite living in the Bay area, so close to Silicon Valley, he won't use telephones or watch TV.

    Hmmm... come to think of it, just look how dependent everyone seems to have gotten upon those hi-tech "wheel" doo-hickies. Just look at those tire recalls!

    Point is, *any* technology at *any* level may have flaws.
  • by zyzko ( 6739 ) <kari.asikainen@gmai[ ]om ['l.c' in gap]> on Sunday September 03, 2000 @06:18AM (#807838)
    This is already second time this happens to Nokia. My roommate's Nokia 5110 had originally buggy firmware (which he later upgraded for obvious reasons...) which locked the phone if someone sent him an SMS-message with 160 dots. The phone locked up completely, only removing the battery brought it back to life.
  • This is just the latest in a string of stories that have come out recently about the lack of security with WAP. Anyone remember the stir that Timofonica caused a few months back? How bad is WAP as a protocol in terms of its provision for security?
  • by Zaaf ( 190878 )
    Uhm, I guess he meant the Zuse I, 'cause that was invented in a country captured by the Merkins (with Allied allies and Russia) which makes is a merkin invention in the eyes of every Merkin.

    One other explanation would be that the comment was written by Al Gore.

    ---
  • Come on, you can crash your 7110 by ANSWERING to a incoming call, or at least by hanging up. My 7110 crashes regularly ~2-3 per week, usually when i close the lid to end the call. I don't even use WAP (cuz it sux even worse;)
  • by Jacco de Leeuw ( 4646 ) on Sunday September 03, 2000 @06:22AM (#807842) Homepage
    Since an SMS gateway is always required, can't these messages be filtered by the operator?

    Jacco
    ---
    # cd /var/log

  • I get fed up with people who want to web-enable everything in your entire house.

    Well, maybe you're not really into this big brother [terra.com] thing. Some guy overhere in The Netherlands is however so interested in it that he web-enabled his entire house [icepick.com] including his frigde and his recylce bin.

    ---
  • Must your desktop computer be online at all times? Must it have zero down time? If not, please give me your IP address, and a vulnerability which causes you to do a full reset on your computer. I'll write an appropriate exploit.

    Here's how to turn it into a true DoS.

    while(1){
    crashPhone();
    sleep(120);
    }

    Now as you were noting about this not being a DoS attack, could you please give me your Nokia phone's SMS e-mail gateway address?


    ----------------------------
  • it was pretty easy to do with the old 5110 and afair some of the 6110. You just had to send a SMS Message filled with dots to the phone you wanted to crash. Scary, isn't it.
  • Sure they'll find me, as long as I'm not using a hacked account in .cz or .ru, and sending the SMS messages through a web or e-mail gateway. This is like every other hack in the book, where they'll find you if you're dumb, but any sysadmin or network admin worth their salt could do it, if they were so inclined.

    Fortunately though, most people with the skills to cause such hassles also realize that it's just plain dumb to do such things.
    ----------------------------

  • Absolutly. There are NUMEROUS documented problems with (for instance) phones and beepers.

    I had written a gateway interface at Pagemart, only to find that almost every beeper had it's own problems. Normally, though, the providers are quick to respond. (Typically, a customer tries to send a JPEG file to their phone.. har har har. it locks up.. doh)

    pan
  • wait, wait wait... it's not a DoS attack, yet it DENIES you SERVICE? What exactly *would* you call it then?
  • I wholeheartedly agree, in principle at least.
    However, things get a bit complicated when the gateway does infact compile the wml/xml. This is a key point not to be ignored, as the phones have to turn the wmlc into xml/wml before any parsing is done.
    I agree the error messages leave a lot to be desired (in fact, they are often quite misleading!), but it's not necessarily a plain browser issue..

    Of course, the networking and terminal departements of several big telecom companies, such as Nokia and Ericsson, tend to be somewhat seperate (not necessarily a bad thing, actually).
  • by plaa ( 29967 ) <sampo.niskanen@i k i .fi> on Sunday September 03, 2000 @07:07AM (#807850) Homepage
    Finland-based Nokia said that it was already in contact with Web2Wap, but that Nokia, the world's largest mobile phone maker, had itself never experienced such problems in the past.

    That is not true.

    Sending a message with 160 chars of '.' in it to older 5110 models caused them to lock up too. I've heard that this was an easter-egg deliberately made by some coder (though I'm not sure is this true or just another urban legend). The newer models don't have the bug (eg. mine doesn't - version 05.07 20-11-98 (you can see the version by typing *#0000#)).

    Furthermore, this article [metrolehti.fi] (only Finnish, sorry) says that in some cases the SMS also destroyed the SIM-card (no specifics mentioned).

    The article also mentions that Web2Wap has contacted Nokia and Nokia experts will meet with them Wednesday, but Nokia denies getting any contact requests. Typical.
  • hah, and i own a 9000il us, 9110/eu, and a 9000/eu. ( i travel ALOT), and frankly they arent *that* expensive, and with a generic omnipoint account for $19.95 a month does the minimal.

    the specs are:
    9110 - 486sx 16mbs ram
    9000 - 386 8mbs ram.
    linux? hell yeah!

    chris
  • Many of the early crackers were phone phreaks. Looks like we've come full circle.
  • My friend had one of these too. Just recieving and viewing the message doesn't do the trick, you have to scroll to the end of the message to launch the bug. And you don't have to remove the battery if you're not in a hurry, the phone locks only for a couple of minutes.

    Of course, since the bug wasn't detected and fixed at a very early stage, there are several affected firmware revisions. I have no idea if they all work exactly the same way.

  • That is wrong. That phone has a really flawed protocol stack, ICMP echo implementation is totally broken. The 7110 has a much better protocol and browser, than both r320 and Motorola Talkabout.

    If you sere wondering why you can't use your Ericsson with halfof the existing Wap gateways, well, now you know.

  • Its not on their biggest list of priorities when the linux user base is like 5-10%. Of course the interface is going to be complicated, how the hell can you type 26 letters with a 12 button keypad?
  • The "virus" was already denied. Web2Wap was unable to show it to Nokia. The only link I have is in Czech, here [mobil.cz].
  • Ok so I bought the 7110e, not because it was wap enabled but because the Ir and Modem funtions melded well with my Handspring and Vaio Ir/Modem requirements. So there Iam a happy little geekoid coding, surfing and using my technology when suddenly my 7110 just locks the hell up... This occurs several days in a row and when I speak to Orange technical support they say they are aware of the 'fault' and that I need a Sw upgrade.... Since when did I buy a Microsoft product ? so anyway I have the latest version of the Nokia sw and still Isuffer occasional faults that are exactly like DoS.

    Question:
    As a monthly paying subscriber locked into a phone contract for a product that is clearly unsuitable for commercial use. ( read that I am self employed) who do I approach for compensation ?

    Oh well thanks for the news Im off to inform a few people of the issues.
  • There's another bug in Nokia 7110, which does in fact work.
    Want do DoS your friend's Nokia 7110? Just send him a calendar note from Nokia 6110 via a SMS. The calendar in 7110 will stop showing calendar notes. This works at least with firmware 4.84, I didn't check any other versions.

    I wonder if we will live up to buffer overruns in mobiles. :-)

  • I just tried with my Nokia 8110i, and it worked just fine, no lokups.

  • ...mechanisms

    When they wrote the firmware they just made sure that the phone could parse the messages which were sent by another copy of the same program (or a completely standard-compliant version from Ericson, Siemens or whatever).
    But they never thought that they would have to handle 3v1l H@x0rs who send messages with fucked up length headers, escape characters or one of the usual other DoS attacks (I don't know anything about SMS, but all protocols kinda look like the other, so I think I can make that assumption)

    If I were old enough to remember I coulda sing the "When will they ever learn?" song :p

  • Anyway, I'm lame, so yeah
  • Well I do agree to most of what you say...except the WAP part. 90% of today's web pages today simply can't be viewed on regular cellular phones. And while they could make some fancy color screen surfin devices, GSM is fair to slow for serious use. However, in three years we'll have a replacement for GSM, UMTS, in most parts of Europe. That's a lot faster than ISDN. And the devices created for UMTS (which Nokia for one is researching in) will come with full-fledged web-browser and will also run on GSM where UMTS isn't available. I don't see this as short-sightedness. The WAP was doomed before it launched, and when UMTS is here I don't think it will stand a chance at all. As you say....it's useless.
  • Is it too much trouble to flip a god damn switch!? Who are the geniuses that think these things up?

    This is how that thing called 'progress' works. Someone comes up with a cool new technology. People come up with hundreds of nifty new gadgets and applications for that technology. Those gadgets and applications that people want to use become household items. Those gadgets that people don't want to use show up in fifty years time as jokes in TV shows.

    Go back and look at all the stupid ideas people had when they first came up with that "electricity" thing. Think of the wacky ideas people had about how radio and television could be used. Think of the fact that only about one in twenty high-tech startups survive.

    The trick, however, is that it's nearly impossible to tell before the fact which gadgets will be wanted, and which will not. Some things that are really good ideas will tank because it was released in the wrong place at the wrong time. Some things that we all think are stupid will turn into the next big craze in consumer electronics. So the only logical thing to do is to produce all of them, and let Darwin sort them out.

    We prosper as a society when we allow people to think as wildly as possible, give them enough rope^H^H^Hesources to try their ideas out, take the best, and let the rest drop out.

    Charles Miller


    --
  • The user interface is going to be the least of the problems...for one thing most kids used to sending SMS (and that is 75% where I live) types faster with the 9-button keypad than with a regular PC keyboard....
  • nokia 7110 has wap. i think it was the first phone public with wap... at least here in sweden
  • Are you sure it's the Nokia browser's fault?
    Don't rule out bad wml and/or a picky gateway (that would be my guess).
  • Have you ever tried sending an SMS message from a Nokia-phone that starts with an asterisk (*)? Ever seen it go anywhere?

    For some reason these messages end up being empty when they get to the receiver. Somewhat annoying for those of us that like to use the *s to show action taken. Like: "*knocks head in table*... My bad"

    Does anybody know what these messages do anyway? Can I use them to tweak my phone or something?

  • Imagine, soon we'll have computers in CARS! Now if someone would to DoS them ;-) *CRASH* What about fridges? Now if someone would h4xx0r my fridge and all my coke would be warm someone would be DEAD! ;-)
  • So what you are really saying is that Microsoft is the world largest producer of DoS?
  • a) use English b) stop writing bullshit

    a) benutze die Englische Sprache b) hör auf scheisse zu schreiben
  • By Design, it might be nice if my car could be stopped (by me, once in a while) by a message analogous to an SMS - i.e. in case it should ever be stolen.

    Also, I've often wondered if a cel.tel could be activated - on the sly - as a surveillance device... i.e. open the microphone in response to a (silent) incoming call/message... it doesn't ring, light up , vibrate or talk... but listens and sends what it hears to an unknown operator.

    If not now, then it's just a matter of time...

  • The SIM card being destroyed was probably a side-effect of having to remove the battery while the phone was still turned on. Nokia even warns about doing this, saying that in some rare cases taking the battery off without switching off the phone you might damage the sim. (Although you usually don't have a choice when you're phone has crashed). I have to do it all the time, my 7110 crashes every third wap-page. Anyone know if there's a software version that fixes this ?

    Message on our company Intranet:
    "You have a sticker in your private area"
  • by Ewan ( 5533 ) on Sunday September 03, 2000 @06:27AM (#807873) Homepage Journal
    This isn't a WAP thing, its just dodgy software in nokia phones (they arent even wap phones).

    Ewan
  • by mav[LAG] ( 31387 ) on Sunday September 03, 2000 @06:27AM (#807874)
    We never learn. The more complex a system becomes, the more possible paths through that system there are and so the more bugs and potential security holes there are. Placing more and more technology in smaller and smaller places isn't going to be as wonderful as we think unless security is taken seriously from the very very beginning.

    I'm willing to bet that today's Nokias are more powerful that the PCs of 15 years ago. What kind of security problems will we be seeing from phones in 5 years time?

  • "The Computer - American invention"

    Let's see. Did you mean the original Difference Engine (generally considered to be the forefather of the modern computer), invented by Charles Babbage the Brit?
    Or did you mean the first electronic computer, Enigma, invented by The Allies during WW2 (i.e. NOT the Americans only)?
    Or did you mean the first non-millitary computer, the Manchester Mark 1, invented by the British?
    Or did you mean the first affordable Home Computer, invented by Sinclair Research, yet another non-American company?

    So, to which particular definition of "invention of the computer" are you referring, Mr Coward?

  • This is a really serious problem. ...

    Disregard the above, it is a troll. There is no such address and the actual link points... elsewhere.
    --

  • by kootch ( 81702 ) on Sunday September 03, 2000 @06:30AM (#807877) Homepage
    so it's a malformed message that causes the computer to freeze up. big deal. they're already fixing the problem on the server side so that a malformed message can't be routed through the server. and if it happens to you, you simply pop out the battery and pop it back in. oh darn. that's really difficult. it's not a hack. it's not even a DoS attack. it's simply a fuckup. it wouldn't be all that hard for the companies that make the SMS server software to fix the problem. (that's more than I can say for today's companies that get DoS attacks and can't do a damn thing to prevent them)

  • The 7110 had problems in the early versions of the firmware, but the one shipping the last few months is pretty good. It has the best protocol stack and best browser of the competing Ericsson R320 and Motorola Talkabout. I had to test them all, part of my job. I hope you get your hands on these models so you can compare. Try with several WAP sites, browse around, and decide for yourself.
    Check the firmware version of the 7110, 4.80 is already rather good (even though about 6 months old). Type *#0000# to check the version.

    BTW, IMHO the Motorola Talkabout has an outright ugly and unfriendly screen. Where on earth has Motorola found such cheap, contrastless LCD screens!?

  • by Mindbridge ( 70295 ) on Sunday September 03, 2000 @07:55AM (#807881) Homepage
    SMS is hardly the only way to lock up your GSM, although it is certainly the most accessible. The WAP-capable phones appear to open a whole new can (no, make that a barrel) of worms.

    Earlier in the year we were working on a WAP application for a major automibile company. We actually had to put special effort in to ensure that the application *did not* lock up the phones. We tested the app with a number of phones from different manifacturers, including Nokia (I think the model used was 7110). The shocking part was that _almost all_ could be locked up, usually in different ways (which made things all the more frustrating, of course), and the problems occurred even when using the most basic WML. (the design of WML is another interesting discussion topic, but I guess I would have to leave that rant for another time)

    A particularly interesting side of all that was that a lot of the ways in which the problems occurred pointed out to possible buffer overflow problems, something that would explain the lockups (one of the most obvious ones was lockups on some phones when the encoded and compressed WML pages, together with the POST data were above a certain size). Given this observation, I have been pondering since then whether those problems are actually exploitable. If they are, that would be majorly cool, or majorly scary, depending on what side of the fence you are on. Pity I don't have the zeal to delve into phone hacking at this point :).
  • I get fed up with people who want to web-enable everything in your entire house. They want to put barcode readers in your fridge to tell you when your milk is bad, internet access so the fridge can order more milk for you, heaters/airconditioners that can access the weather forecasts to more efficiently mantain your thermostat, web-enabled robots to feed your pets, even lightbulbs that have built-in TCP/IP support so you can turn them off via the web! Why in the hell would we ever need such silliness? Is it too much trouble to flip a god damn switch!? Who are the geniuses that think these things up?

    "Hey, I got an idea! Why don't we make people so lazy that they don't ever have to get out of bed to do anything, and at the same time forget about how totally insecure the technology we are creating is, and thus give all those kiddie h4xxors the ability to spoil peoples' food, freeze them to death, starve their animals to death, and submit them to torturous light shows, all via the anonymity and distance of the internet!"
  • We have come used to take software as no-warranty (EULAs,...), but we think we have some rights when we buy physical items.

    Since phones are more and more software, can we finally reclaim for faulty software?


    __
  • No big deal. I have Siemens S10, also known as "the brick", and if a message arrives from www.quios.com [quios.com] onto this phone, the moment you try to read it, the phone shuts down. The same happens if you want to view a saved message from Quios. The only way to read message is to EDIT it instead of VIEWing it.
  • Good point, but IMO browsers should be strict in what they send and liberal in what they send (the old IETF credo), i.e. they should be able to display something even if the WML is bad. If they really can't display anything they should show an informative error message so I can harass the WAP site or the WAP gateway as appropriate.

    Since I'm using Orange in the UK, Nokia is also supplying the WAP gateway...

    Anyway, as a 'plain user' I would probably have given up on WAP a long time ago due to these hassles - it's quite amazing to me that WAP works so badly for such a high percentage of pages. I happen to have a professional interest in WAP, GPRS, 3G, etc, so I keep on trying occasionally.

"Conversion, fastidious Goddess, loves blood better than brick, and feasts most subtly on the human will." -- Virginia Woolf, "Mrs. Dalloway"

Working...