BugTraq
LG U8120 Mobile Phone Denial of Service Apr 13 2005 09:18PM
Luca Ercoli (io lucaercoli it)


===============================================================
Model: LG U8120 (other LG phones maybe vulnerable)
Auth: http://www.lge.com
Vulnerability Type: Remote Denial Of Service
--

Disclaimer:
==========

The information is provided "as is" without warranty of any kind.
The author of this issue shall not be held liable for any
damages due to the informations contained in this advisory.

Vulnerability Description:
=========================

A vulnerability in LG U8120 Mobile Phone has been discovered.
A specially crafted midi file can be used to perform a
denial of service attack against the device.
Playing the malicious midi will cause the mobile phone
to crash.

There are other vulnerable models?:
==================================

I think that other LG mobile phones are vulnerable
to this attack, specially mobile phone with bluetooth
features, like:

- LG G1610
- LG U8200
- LG U8210
- LG M4300

But i've not tested this flaw on those models.

Exploit:
========

www.lucaercoli.it/LG/lgfreeze.mid

How to exploit the vulnerability:
================================

In order to exploit the mentionated vulnerability,
an attacker must send the midi file via mms to
vulnerable device.

To perform the attack from LG U8120:
(WARNING: DOING THIS OPERATIONS YOU CAN BLOCK YOUR DEVICE!
TO RESET IT USE THIS CODE: 277634#*#)

1- Save a mms draft with a dummy midi file
2- Connect mobile phone to PC and overwrite the dummy file with 'lgfreeze.mid'.
3- Send the mms draft.

credits:
--
Luca Ercoli <io [at] lucaercoli.it>
www.lucaercoli.it

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus