Archive for February, 2009

PoC

Monday, February 9th, 2009

A new page is now online at poc.mseclab.com.
We plan to use such space to release tools, projects and, most of all, the proof-of-concept codes and test pages related to the published vulnerabilities.
The test page for a specific vulnerability will be accessible from the Advisories page, or by directly accessing the address above.
We hope this provides means of testing that can be used by anyone, including operators and manufacturers, for verifying vulnerabilities and solutions.

In this perspective, the possibility to remotely test HTC Touch handsets against the MSL-2008-002 vulnerability has just been released and is now available here.
Enjoy!

Noise on the line

Tuesday, February 3rd, 2009

The Wappush vulnerability, present on some Sony Ericsson handsets, has been discussed on several “places” on the web , after the release of our advisory.
We feel that, in order to avoid possible misconceptions, a few points need being remarked:

Calls in video: Performing a phone call is not required in order to allow the attack to take place. Rebooting will happen regardless of the activities being performed on the phone at the moment of the attack.

SMS messages: It is not needed to open a received SMS, for triggering the vulnerability. As shown in the video, the handset crashes upon SMS message reception, and no SMS message is displayed or present in the Message Inbox after the handset reboots.

IP packets: It is not needed to send an IP packet to a broadcast address in order to trigger the vulnerability. A crafted unicast packet, directed to the handset IP address, is all that is needed.

Operator IP Networks: We don’t know of any Mobile Operator allowing broadcast IP packets in their networks. On the other hand, at the time writing, there are Mobile Operators that assign unfiltered public IP addresses to handsets connecting to the Internet.

Tools: Despite of what has been stated elsewhere, we are not aware of any public tool that is able to exploit the vulnerability, either by using IP or SMS.

Active exploitations: Up to now, we have not heard of any hostile activity that has taken place exploiting the issue.

With regard to these specific points, we would be interested to hear of anything different.