Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43431
  • Total Topics: 16526
  • Online today: 2962
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 2920
Total: 2922









Author Topic: Security Vendors Ready Fix for 'Curse of Silence' SMS Attack  (Read 2754 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


A single malformed text message can prevent some Nokia smartphones from receiving further messages via SMS (Short Message Service) -- and the offending message can be sent from almost any Nokia phone, even non-smartphone models, a German security researcher demonstrated Tuesday.

At least one security software vendor has already released software to protect against the denial-of-service attack, dubbed the "Curse of Silence" by the researcher that demonstrated it at the Chaos Communications Congress in Berlin, organized by Germany's Chaos Computer Club (CCC).

CCC member Tobias Engel showed how smartphones running versions 2.6 through 3.1 of Nokia's Series 60 software running on Symbian OS are unable to receive further messages by SMS or MMS (Multimedia Messaging Service) after receiving malformed text messages. Versions 2.8 and 3.1 of the software will warn of memory problems after one malformed message, and will silently fail after receiving 11 such messages, he said.

The problem is worse for phones running versions 2.6 and 3.0 of the software: they will silently fail after receiving a single malformed message, he said.

The phone must be factory-reset to resolve the problem and allow it to receive text messages once again, Engel said.

Sony Ericsson phones running UIQ software on top of Symbian OS are also vulnerable, security software vendor F-Secure warned Wednesday.

The simplicity of the attack -- it can be launched from almost any Nokia phone with the option to send an SMS text message as "Internet Electronic Mail", including older non-smartphone models -- makes it likely that people will try it just to see what happens, F-Secure said. The attack's nuisance value is increased because mobile phone networks also send notifications of new voicemail by SMS, so an attacked phone may stop advising of new voice messages too, it warned.

The company has developed a fix that can protect vulnerable phones from malformed messages as part of its F-Secure Mobile Security software for smartphones, it said.

Engel suggested a different approach to protecting phones, proposing that network operators deal with the problem by filtering out the malformed messages as they pass through their SMS servers.

(PC World)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023