Information:

The name of vulnerability: Siemens *35-45 DoS SMS Lag

To vulnerability are subject: All versions siemens *35 and *45.

Official site: www.siemens-mobile.com

Kind of vulnerability: Refusal in Service (Denial of Service).

Type of vulnerability: Removed / local.

Author: subj (r2subj3ct (at) dwcgr0up (dot) com [email concealed])

Date: 02.03.2003

Site: www.dwcgr0up.com

Description of vulnerability:

There is a local and remote vulnerability and

Siemens *35 and *45 series phones.

A message of the form "%String", where String is on of the

languages from the phone language selection menu, will

completely disable *35 series phones and result

in a 2 minute read delay on *45 series phones. Note that

the first letter of language should be capitalized and

the quotation marks should be present in the message.

The phone will try to read the message and then after 2 minutes

return to the main menu. This happens every time the message is sent.

After 10-15 messages the battery (NiMH) gets empty.

There is a local vulnerability of the same kind. A message of the

form "%some_word", where some_word is any lower case letter

sequence will result in the same effects described above.

Vulnerability exploiting:

(for remote):

We send on "phone - victim" the message:

"%Deutsch"

Or

"%Polski" "%Magyar" "%English" "%Deutsch"

(for local):

"testedersecurity"

Thanks:

DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp

l0bster, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, dron

(Ivanov Andrey)

[ reply ]