Chinese SMS can crash Siemens mobiles
Siemens is evaluating the impact of a security bug that allows malicious hackers to crash phones by sending a malformed SMS message in Chinese.
The flaw, which affects Siemens 3568i (or below) mobiles but not Siemens 6688 phones, involves a bug in the way exceptional characters are displayed, Chinese researchers xfocus advise.
According to xfocus, a malformed message can shutdown a vulnerable mobile and make it impossible to delete a rogue message without downloading software that does not normally come with the phone. The exploit might be used as a denial of service attack.
xfocus published its discovery exploit last month but the bug was news to Siemens UK operation when we first contacted them about it last week. A spokesman said its product management team was looking into the issue, which is thought at this time to be restricted to Chinese language SMS messages.
In December we reported how a malformed text message could crash older Nokia mobiles. That bug is related to sending SMS messages where the User Data Header is broken and is a separate issue from the Chinese language SMS vulnerability, although the effects are much the same. ®