Symbian DoS attack revealed
A malformed 'From:' header in an SMS or MMS message leaves certain S60 implementations cursed with silence.
According to an article on CNet, the attack takes the form of a specially crafted SMS message which, once received by a vulnerable handset, prevents further – legitimate – messages from being accepted by the system.
Demonstrated by security researcher Tobias Engel at the Chaos Communication Congress in Berlin last week, the receipt of an SMS containing a 'from' e-mail address of more than 32 characters causes devices based on versions 2.6, 2.8, 3.0 and 3.1 of Nokia's S60 platform to reject all further messages – in the case of 2.6 and 3.0, this happens after a single additional message gets through, with versions 2.8 and 3.1 clonk out after eleven further messages.
When the handset has entered the “curse of silence” state, the only solution is a complete factory reset – which also erases all data held on the internal memory, along with address books and stored messages and images. Data held on external memory such as add-in cards would be unaffected.
Nokia has said that it is “aware of the vulnerability” but “is not currently aware of any malicious incidents on the S60 platform related to this alleged issue and [does] not believe that it represents a significant risk to customers' devices.” Accordingly, there is no firmware fix for the affected devices as yet – although the company is “working with the Symbian team to further investigate” the issue.
The good news is that handsets running S60 3rd Edition Feature Pack 2 – such as the company's popular N95 range – are unaffected by the attack. It is also possible to implement network-based filtering at the service provider level to reject delivery of a malformed SMS message, and Nokia has claimed that “many operators are looking into and actually already implementing network filtering to prevent this issue.” Which operators that might be was not revealed by the company.
Is the attack something to be worried about, or are you hoping you don't irritate anyone enough to be targeted by a denial of service attack? Share your thoughts over in the forums.
Previous Article
8 Comments
Discuss in the forums ReplyAnd the second - as much as I support free access to information, I think that publishing such info is not so good. The main problem is that this vulnerability is extremely easy to exploit, such message can be easily sent from any Nokia phone (probably other manufacturers too), without any modification or even deeper knowledge. Two minutes after publishing it, every kid in the world will be sending those like mad. And despite what Nokia says, none of the operators in Europe implemented any filter as for now.
And the only known remedy is formatting phone memory (a.k.a. factory reset)
Ok, so you say, that BT shouldn't publish such information. But I see that beside this you already do the same thing - no operator in Europe uses such filter as for now. Right...
I'm not too sure of the iPhone phrase, but you should type reboot on your G1 to get te message to your friends for epic lulz!
Not that I'm suggesting anyone should get complacent with updating their phone software, that should still be done as soon as there is an update to address this issue. But at least you don't have to worry in the meantime.
As to the above poster, just because networks haven't told anyone they have implemented this filter yet, does not mean they haven't. Case in point, Vodafone UK.
I happen to own my old, but still active british Orange sim, and the exploit still works. O2 also (didn't confirm myself, but my friend says that it worked yesterday).
Bear in mind that UK is just a small country in a big Europe.
It is, it just takes 11 of those messages to silence it.
@raGe82
BT should by all means publish such info. But first give Nokia some time to ready updates and operators to ready filters. We all know that such information is gold for stupid kids (or stupid adults for that matter), and it's not just a case of resetting your phone - if you make a backup of phone memory than after formatting and using backup your phone is still silenced. Only option is to format without using backup, which of course leads to losing lots of important data. Well, you can still recover it, but most people wouldn't know how.
And once the information about the possibility of silencing a s60 phone is known, it's just a case of a minute with Google to find any info you would want about it - complete with a list of all European operators filtering it (currently 1, plus Vodafone UK from what Vigilante says).