December 4th, 2001, 06:57 PM
Did you hear about sms virus which crach your mobil phone?
This text is from www.theregister.co.uk
So now you can send an SMS and crash a mobile phone, so that the user is locked out.
Job de Haas, a security researcher at ITSX, has adapted a program called sms_client, which sends an SMS message from an Internet-connected PC, in which the User Data Header is broken.
During a presentation during the Black Hat conference last week, he demonstrated how a malformed message crashes a Nokia 6210 phone on its receipt. Once the message is received it is impossible to turn on an infected phone again.
The vulnerability is tied to the software used by a phone. The flaw affects Nokia 6210, 3310 and 3330 phones, de Haas has discovered, but not a Siemens phone he tried. Phones from other manufacturers are yet to be tested.
To fix the problem users have to put a SIM card into a phone without the bug. Alternatively if the SMS message is registered in a user's In-box this could be deleted with a SMS management tool on a PC.
To repeat the exploit requires knowledge of SS7 signalling and telco protocols to adapt sms_client into an attack tool. But given the power of the attack security through obscurity doesn't appeal. The kicker is that the modified sms_client makes it trivial to spoof the source of any attack.
Nokia told us that sending a message which freezes a phone is "something it encountered" before. The company is unfamiliar with the exploit uncovered by ITSX, which comes as a new twist even to clued-up Black Hat attendees. It promises to get us a more detailed technical response, and we'll update you when this becomes available. ®
Do you know where can i find something more about it?Pleas give me url of the website.
December 4th, 2001, 07:24 PM
its not a "virus" anyway...
Ah well...I\'m back on AntiOnline!
December 4th, 2001, 08:39 PM
In my opinion it is a virus but all of us have diffrent opinions
December 4th, 2001, 08:43 PM
It's not a virus, Job de Haas from ITSX gave a talk on the subject during HAL 2001 and also provided a Powerpoint presentation on how to exploit this. I have a copy, if you would be interested please e-mail me firstname.lastname@example.org
and I will send you a copy.
December 4th, 2001, 08:55 PM
Yeah, it's not a virus, i think that it block the card SIM.
December 4th, 2001, 09:26 PM
It's more of a DoS attack than anything.