警惕Nokia S60V3平台短信息功能假死漏洞

According to this post at
F-Secure’s site (http://www.f-secure.com/weblog/archives/00001569.html), at the 25th Chaos Communication Congress in Berlin, a
presentation titled ‘Security Nightmares 2009′ showed a demonstration
of a ‘Curse of Silence‘ exploit that reportedly affects S60 2nd Edition
phones, and even S60 3rd Edition, up to Feature Pack 1 (Feature Pack 2
phones are reportedly immune, as is S60 5th Edition). The exploit
apparently involves sending a specially formatted SMS to the recipient,
and renders the messaging capabilities of the phone completely useless.

This ‘attack’ cannot be achieved via an application, or over Bluetooth.
Only by receiving an SMS. With the Nokia N95, the attacker must send a
multitude of messages before the critical limit is reached, and the
user is presented with a ‘Not enough memory to receive message(s).
Delete some data first.’ and a blinking envelope in the top corner of
the screen.

If you get attacked with this, you’ll need to hard reset your phone.
You cannot use any backup/restore features, as that will reportedly
only restore the offending messages, recreating the problem.

漏洞利用步骤:
用N95 8G给N73发送一条能激活该漏洞的短信
发送报告提示“已送达
N73上却没有任何显示,已经中招。

是的,仅仅这么简单!

这诡异的信息就是
33字符的邮件地址……123*@321*.098
请勿随意找朋友做测试!!!

中招后的现象:

  1. 重新启动中招手机,问题依旧。
  2. S60 2.8/3.1系统的诺基亚手机,在收到十余条该短信时会出现“内存不足,请先删除一些短信”类似提示,并且无法收到新短信。
  3. 其他上述提及系统的诺基亚手机,收到一条该短信后便无法收到新短信,且无任何提示。

临时解决办法:
1.预防:装来电防火墙类的手机软件,拒绝接受未知号码的短消息。推荐信安易安全助手,过滤所有陌生号码,如果可能的话设置关键词过滤(过滤123*@321*.098字段),避免有朋友发这样的短信来开玩笑。
2.临时补丁。下载FortiCleanUp(已签名)

http://cid-d59b37022d2e4714.skydrive.live.com/embedrowdetail.aspx/Public/FortiCleanup|_CurseSMS|_v|_1|_0|_3|_signed.sis

安装后请重新启动手机
然后打开该补丁进行扫描,短信接收既可恢复正常
如果系统内已装有短信过滤程序,该补丁会自动停止扫描以免造成系统混乱。

3.手动清除办法(仅限于已破解过的手机):N82受到攻击后(11条短信)出现短信无法接收的问题,提示存储空间不足^ ^攻击成功.接下来就是手动修复,方法很简单,先把短信存储改成E盘,之后关闭权限验证,进入c:private 删除1000484B然后再把短信存储改回C盘。记住,在转存的时候,不要复制原先的内容。(我忘记什么提示,好象是选择2个否)之后重新启动手机,短信功能恢复正常。(转自opda)
4.希望中国移动、联通等运行商可以及时在短信网关处设置同样的关键词过滤,以最大限度的保证Nokia用户的手机安全。

以上内容为网上资料整理及个人安全观点,希望及时告诉您周围使用nokia手机的朋友提高警惕,切勿尝试此类攻击行为。