ss1271's Site

风餐露宿,不可一日无码.

Sony Ericsson(索爱)短信漏洞开启……让你的手机不停重启

| Comments

各位,继NOKIA和SE完蛋之后,我们还能投靠谁?

当然欢迎大家踊跃加入Windows Mobile和BlackBerry的阵营!稳定和多元功能才是王道!


Some modern phones do a pretty good job of rebooting at random on their own without additional assistance from miscreants, but unfortunately, the real world is filled with people who’d like to make your gadgets just a little bit buggier than they already are. Enter this nifty little vulnerability recently discovered to affect a good number of Sony Ericsson models, involving a specially crafted WAP Push message carried via SMS that’ll instantly restart the phone. That’s not the best part, though – in theory, an attacker could send you a string of these bad boys that would get queued up by your carrier, so the second the phone comes back online, it gets the next message and restarts once again – potentially leading to a long, painful spell without a usable handset. Apparently, there isn’t any known fix for this, so if you’re carrying one of the affected models, just stay on the good side of any evil-doers you happen to know for now, okay? Follow the break for a video of the restarts in action (we understand the outgoing calls are just to demonstrate that the attack can be initiated at any time, though we can’t say for sure).

转载自瘾科技,翻译者为本人,转载请注明。

现在很多手机都能够在遇到错误时候自动重启,但是,不幸的是,现实社会中总有些人喜欢把这些功能搞得全是bug。最近发现的一个涉及到很多型号索爱手机的漏洞,能够让攻击者通过编制一个特定的WAP Push短信让你的手机立刻重启。这显然不是最给力的,从理论上讲,攻击者可以通过运营商编制一串攻击代码,让你的手机在刚刚完成重启之后继续不停往复重启,让你握着一个不停重启的手机号啕大哭。显然,现在还没有任何方法能够修补此漏洞,所以如果你正好有那些漏洞手机,先别让那些可能做坏事的人知道好不?下面就是中招的视频演示。(按照我们理解,打电话只是为了证明这个攻击可以在任何时候让你的手机完蛋)。
 

 

好心附上漏洞相关情况……

The vulnerability is caused due to an error in the processing of WAP Push packets, which can be exploited to reboot or crash an affected device e.g. via a specially crafted SMS or a specially crafted UDP packet to port 2948.
根据这句话就可以写出一个Push短信了。

The vulnerability is reported in the following products:

受影响的型号有(海外型号,国内型号请自行对照):

W910i
W660i
K618i
K610i
Z610i
K810i
K660i
W880i
K530i

Comments