Thursday, April 2, 2009

Beware of the 'Curse of Silence' mobile phone attack

Beware of the 'Curse of Silence' mobile phone attack
Jan 14, 2009

By Jasmine Osada

If you are using a Nokia phone running the Symbian OS, be careful when you next receive text message from an unknown source.

According to security systems company Fortinet, a new mobile phone attack, known as the "Curse of Silence" or "Curse SMS", was recently discovered and revealed at the 25th Chaos Communication Congress, an annual meeting of the international hacker community.

The attack involves sending a maliciously crafted SMS to potential targets. Upon receipt, the targeted device may no longer be able to receive SMS or MMS messages.

Depending on the operating system version of the targeted mobile phone, the device may require a factory reset to properly function again.

Fortinet has identified the Symbian OS in its list of vulnerable software. The operating system is commonly found on smartphones.

Versions of the Symbian OS vulnerable to the "Curse of Silence" attack include:

  • Symbian OS S60 2nd Edition Feature Pack 2
  • 2nd Edition Feature Pack 3
  • 3rd Edition
  • 3rd Edition Feature Pack 1

Several models of Nokia phones, including several phones of the "N" series up to the N95, and the "E" series up to the E90, as well as older models like the 6680, were named as potentially vulnerable devices by Fortinet.

Mobile phone owners however, can take steps to safeguard their devices from such attacks. Fortinet has released a free-of-charge license to its new FortiCleanup tool, which helps users to recover once their mobile phone has been attacked by the "Curse of Silence" or "Curse SMS" attack.

The tool protects devices by automatically scans and removes malicious messages that are preventing the handset from functioning properly. The FortiCleanup tool can be downloaded from Fortinet's website here.

Is your handset vulnerable?

Potentially vulnerable handsets, in alphabetical order:

Nokia 3250
Nokia 5500 Sport
Nokia 5700 XpressMusic
Nokia 6110 Navigator
Nokia 6120 Classic
Nokia 6121 Classic
Nokia 6124 Classic
Nokia 6290
Nokia 6630
Nokia 6680
Nokia 6681
Nokia 6682
Nokia E50
Nokia E51
Nokia E60
Nokia E61
Nokia E62
Nokia E63
Nokia E65
Nokia E66
Nokia E70
Nokia E71
Nokia E90 Communicator
Nokia N70
Nokia N71
Nokia N72
Nokia N73
Nokia N75
Nokia N76
Nokia N77
Nokia N80
Nokia N81
Nokia N81 8GB
Nokia N82
Nokia N90
Nokia N91
Nokia N91 8GB
Nokia N92
Nokia N93
Nokia N95
Nokia N95 8GB

*Note that this list is not exhaustive. A more up-to-date list can be found at Fortinet's website here.

No comments: