InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘Nokia’

Curse of Silence Update 2

Posted by Jaime Raphael Licauco, CISSP, GSEC on January 29, 2009

If you have a Nokia S60 3rd Edition phone, which doesn’t seem to be accepting messages, or just accepts some but not all messages, your phone may have been attacked by what’s been called as the “Curse of Silence“. Nokia Europe has just released their SMS Cleaner which can clean Nokia S60 3rd Edition (Initial or Feature Pack 1) based devices. Nokia doesn’t say if it will erase anything from the affected phone aside from the “Curse of Silence” messages.

S60 3rd Edition, Feature Pack 1 (S60 3.1):
Nokia E90 Communicator
Nokia E71
Nokia E66
Nokia E51
Nokia N95 8GB
Nokia N95
Nokia N82
Nokia N81 8GB
Nokia N81
Nokia N76
Nokia 6290
Nokia 6124 classic
Nokia 6121 classic
Nokia 6120 classic
Nokia 6110 Navigator
Nokia 5700 XpressMusic

S60 3rd Edition, initial release (S60 3.0):
Nokia E70
Nokia E65
Nokia E62
Nokia E61i
Nokia E61
Nokia E60
Nokia E50
Nokia N93i
Nokia N93
Nokia N92
Nokia N91 8GB
Nokia N91
Nokia N80
Nokia N77
Nokia N73
Nokia N71
Nokia 5500
Nokia 3250

No word yet on software that can undo the problem for devices with S60 2nd edition with Feature Pack 2 and 3.

You can also check out this site to find out if your handset is running S60 and what Feature Pack it has.


A few days after this post, Nokia released SMS Cleaner for Feature Pack 2 and 3.

Advertisement

Posted in DOS, ISMS, malware | Tagged: , , , , , | Leave a Comment »

Curse of Silence Update

Posted by Jaime Raphael Licauco, CISSP, GSEC on January 9, 2009

F-Secure apparently has a solution for this, but you would have to pay for it after 15 days. I’ve also confirmed that this attack works on at least one of the major local networks. No word yet if they have changed their settings to what was suggested to stop the attack. Sony Ericsson UiQ devices were found by F-Secure to also be vulnerable to the attack.

Nokia isn’t very worried about it since it is a denial of service attack and doesn’t allow an attacker to leach information from your cellphone. I still think it would be very annoying if I would have to do a factory reset of my phone, losing all my contacts, settings and messages. I also wouldn’t like it if my competitor knows my company uses the vulnerable phones and starts shutting down SMS capabilities until we notice it. That could potentially hit productivity and the bottom line.

I have no details of the local test done except that it exists and it was possible. If one watches the video, the victim wouldn’t even know who sent the message. The phone just stops receiving messages… in other words, Nokia’s advice in the Heise Security article is pretty useless.

Nokia which got the demo around a month before the public release and which recently acquired Symbian, is currently working on a remedy for the vulnerability. I will post it here as soon as I get word of it.

Posted in vulnerability | Tagged: , , , | Leave a Comment »

Happy New Year to All :)

Posted by Jaime Raphael Licauco, CISSP, GSEC on January 6, 2009

A lot of people in the Philippines are probably still hungover from the long vacation from Dec 25 to Jan 4, unless of course they were part of sales, or a BPO… anyway, on to the news:

OpenVAS 2.0 was released around two weeks ago, and a respected security expert (who wishes to remain anonymous) thinks it is, “fast approaching the maturity level needed to truly compete with Nessus in the vulnerability assessment area.”

The OpenVas 2.0 press release states that:
OpenVAS is a fork of the Nessus security scanner which has continued development under a proprietary license since late 2005. Since the release of OpenVAS 1.0.0 in October 2007, the OpenVAS developers continued the auditing of the code inherited from Nessus and have added a variety of useful features for OpenVAS users, for server administrators and for developers of Network Vulnerability Tests (NVTs).

Some of the Philippines’ high ranking government officials may want to look into cellphone voice encryption (as mentioned in this SecurityPark.net article) before calling some other high ranking government official so that they wouldn’t need to give a televised public apology (wink).

Speaking of mobile phone security, there was a DOS vulnerability found in Nokia Series 60 cellphones just before new year’s eve called the “Curse of Silence”, which either stops the cellphone from receiving SMS until a factory reset is done (Series 60 2.6 and 3.0 devices) or not all SMS’s are received (Series 60 2.8 and 3.1).

This is done via the following steps (check out the demo video link below):
For Series 60 phones v2.2, 2.3, 3.0 and 3.1 attack target phones
1. create an email that has an e-mail address with more than 32 characters followed by a space.
2. set TP Protocol Identifier of SMS Message to Internet Electronic Mail
3. send message to target (eleven times to Series 60 v 3.1, only one message is needed for all other versions)

There are currently no client side workarounds published as of the moment. If ever you work for Smart Communications, Globe Telecom or Sun Cellular maybe your network team can take heed of the suggestion in the document that “network operators should filter messages with TP-PID ‘Internet Electronic Mail’ and an email address of more than 32 characters or reset the TP-PID of these messages to 0”. I also do not have a Series 60 phone mentioned in the list so I cannot test if it can affect cell phones here in the Philippines. Kindly drop me a line in case you were able to test this.

Phones affected:
S60 3rd Edition, Feature Pack 1 (S60 3.1):
Nokia E90 Communicator
Nokia E71
Nokia E66
Nokia E51
Nokia N95 8GB
Nokia N95
Nokia N82
Nokia N81 8GB
Nokia N81
Nokia N76
Nokia 6290
Nokia 6124 classic
Nokia 6121 classic
Nokia 6120 classic
Nokia 6110 Navigator
Nokia 5700 XpressMusic

S60 3rd Edition, initial release (S60 3.0):
Nokia E70
Nokia E65
Nokia E62
Nokia E61i
Nokia E61
Nokia E60
Nokia E50
Nokia N93i
Nokia N93
Nokia N92
Nokia N91 8GB
Nokia N91
Nokia N80
Nokia N77
Nokia N73
Nokia N71
Nokia 5500
Nokia 3250

S60 2nd Edition, Feature Pack 3 (S60 2.8):
Nokia N90
Nokia N72
Nokia N70

S60 2nd Edition, Feature Pack 2 (S60 2.6):
Nokia 6682
Nokia 6681
Nokia 6680
Nokia 6630

More details can be found in a must see video (21 MB) and a document (6.8 KB) on the website of Tobias Engel, who is a member of the Chaos Computer Club.

Microblogging site Twitter had a major breach and has phishing problems reports HeiseSecurity, SCMagazineUS, and SecurityFocus. Apparently, US President elect Barack Obama’s and Britney Spears’ accounts were compromised.

In related news, (The Register) Bogus LinkedIn profiles punt malware to fools.

A security update for the popular email client Mozilla Thunderbird was recently released. (Heise Security report, SCMagazineUS report)

The recently found MD5 vulnerability links:
(SCMagazineUS) MD5 insecurity affects all internet users
(SCMagazineUS) Hackers find hole to create rogue digital certificates
(Heise Security) Verisign/RapidSSL close 25C3 MD5 vulnerability
(SecurityFocus) Survey: One in seven SSL certificates are weak

Posted in News, social engineering, Social Networking, vulnerability, vulnerability assessment | Tagged: , , , , , , , , , , , , , , , , | 1 Comment »