Serious new denial-of-service attack against certain Nokia phones surfaces

A new exploit involving text messages was demonstrated this week against several models of Nokia mobile phones. According to researcher Tobias Engel, of the Chaos Communication Congress in Berlin, a specially formatted text message, or SMS could be sent to silently crash the SMS inboxes of phones running versions 8 through 9.2 of the Symbian operating systems. This problem also affects the Nokia Series 60 phone versions 2.6 through 3.1, as well as Sony Ericsson's UiQ.

Even powering off and on the victimized phone won't stop or reset the effects of the attack, which ranges from being unable to receive new SMSs to general phone instability. Indeed, the malicious messages do not trigger any warning, and are in effect invisible. This also means that once received, users will not be able to locate and delete these messages.

On the bright side, Engel noted, "At least it is not possible to steal user data from the phones or make calls at other people's expense. But it shows again that mobile phones are just computers which are connected to the network all the time."

Finally, Engel pointed out that phone manufacturers and network operators should create ways to quickly deploy new firmware that fixes bugs to phones that is free of charge to the end-user. "Symbian Update" anyone? No firmware update or workaround is available at this point.

To read more about this story:
- check out this article from DarkReading
- check out this video from YouTube

Related Articles:
Nokia news from FierceMobileIT
Nokia completes acquisition of Symbian
Survey: Two-thirds of Americans believe it is safer to use a hands-free cell phone