SMS Can Crash Nokia Handsets

The USA based security company, @stake has reported that there is a vulnerability which allows an attacker to remotely crash a Nokia 6210. There is a format string vulnerability in the processing of Multi-Part vCards. When the phone receives vCard fields containing many format string characters the phone will crash in one of 3 ways:

• SMS Receiver handler will die
• Phone will lock up, requiring battery to be removed
• Phone will automatically restart

Some users of the Nokia 6210 may potentially experience an error when someone deliberately sends a specially created non-standard Business Card-text message to the phone. The error causes the Nokia 6210 to either a) crash b) show corrupted business card with ill-behaving user interface or c) reject the business card and all the following business cards, non-standard or not. Users will recover from the error if they restart the phone by removing the battery. There is no damage caused to the phone memory, software or stored data. The error affects the Nokia 6210 with SW version 05.27 or above.

The possibility of this error occurring is very remote, as it is depending on the potential attacker's ability to create and send malformatted Business Cards over the air to the Nokia 6210 mobile phone. In addition it is very simple to deal with the error, as the user only needs to restart the phone by removing the battery and there is no damage caused to the phone memory, software or stored data. Due to these reasons, Nokia currently has no plans to issue a software fix for this error caused by an intentional action of a person.

@stake says that network operators should look to deploy SMS proxies ensuring that all user supplied SMSes are correctly formed and that any malformed SMSes are not received by the SMSC."

Posted to the site on 27th February 2003