Breaking

Tuesday, 24 October 2017

How to Hack Nokia Phones - Remote DDOS

Yep,One can hack Nokia phones by just sending a SMS,seems devilish isn't it? Although this vulnerability was found more than an year ago, I recently tried it and found it working in many sets. The Nokia S60 hacked -  rdhacker.blogspot.comvulnerability dubbed as “Curse of Silence” affects all Nokia Symbian 60/Series 60 devices and allows for remote SMS/MMS Denial of Service.One can send a specially crafted sms to lockup/crash any Series 60 device.
What is Required ?
  • MSISDN of the target.
  • Mobile phone service provider which allows sending of SMS messages (Airtel in my case)
  • (Almost) any Nokia phone (or some other means of sending SMS messages with TP-PID set to "Internet Electronic Mail" )
Risk Levels
Although the vulnerability is spread across many versions of S60 platform,the Risk level is quite high for (for S60 2.6 and 3.0 devices)as upon attack,the target will not be able to receive any SMS or MMS messages until the device is Factory Resetted and Medium for S60 2.8 and 3.1 devices as upon Ddos attack,the target will not be able to receive any SMS or MMS messages while the attack is ongoing. After that, only very limited message receiving is possible until the device is Factory Resetted.
 The Series 60 N Series, E Series and some more phones can Be hacked - rdhacker.blogspot.com
The Attack
One can send an email using an sms by setting the messages Protocol Identifier to "Internet Electronic Mail" and formatting the message like this:
<email-address><space><message body>
The simplest attack will be -
123456789@123456789.1234567890123
If such messages contain an <email-address> with more than 32 characters, S60 2.6, 2.8, 3.0 and 3.1 devices fail to display the message or give any indication on the user interface that such a message has been received. They do,however, signal to the SMS Career that they have received the message.Nokia Series 60 3.0 Prominent phones -  rdhacker.blogspot.com
Devices running S60 2.6 or 3.0 will not be able to receive any other SMS message after that. The user interface does not give any indication of this situation. The only action to remedy this situation seems to be a Factory Reset of the device (by entering "*#7370#" ) or using a Vulcan Death Grip. Nokia Series 60 3.1 Prominent phones -  rdhacker.blogspot.com
Devices running S60 2.8 or 3.1 react a little different: They do not lock up until they received at least 11 SMS-email messages with an email address that is longer than 32 characters after that the device will not be able to receive any other SMS message and the phone will just display a warning that there is not enough memory to receive further messages and that data should be deleted first. This message is even displayed on an otherwise completely "empty" device. Nokia Series 60 2.8 Prominent phones -  rdhacker.blogspot.com
After switching the phone off and on again, it has limited capability for receiving SMS messages again: If it receives a SMS message that is split up into several parts it is only able to receive the first part and will display the "not enough memory" warning again. After powercycling the device again, it can then receive the second part. If there is a third part, it has to be powercycled again, and so on.
Also, an attacker now just needs to send one more "Curse Of Silence" message to lock the phone up again. By always sending yet another one as soon as the status report for delivery of the previous message is received, the attacker could completely prevent a target from receiving any other SMS/MMS messages.
Only Factory Resetting the device will restore its full message receiving capabilities. Note that, if a backup is made using Nokia PC-Suite *after* being attacked, the blocking messages are also backuped and will be sent to the device again when restoring the backup after the Factory Reset.
Detailed List of affected phones
Tested on several S60 2.6, 3.0 and 3.1 devices. Since the vulnerable component is a S60 base functionality, it seems safe to assume that all devices with these OS versions are affected. I short if you own one of these,you are rounded unless u have a firmware upgrade/fix release by Nokia which fixes this attack.

No comments:

Post a Comment