Feeds

Chinese SMS can crash Siemens mobiles

Language skills

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Siemens is evaluating the impact of a security bug that allows malicious hackers to crash phones by sending a malformed SMS message in Chinese.

The flaw, which affects Siemens 3568i (or below) mobiles but not Siemens 6688 phones, involves a bug in the way exceptional characters are displayed, Chinese researchers xfocus advise.

According to xfocus, a malformed message can shutdown a vulnerable mobile and make it impossible to delete a rogue message without downloading software that does not normally come with the phone. The exploit might be used as a denial of service attack.

xfocus published its discovery exploit last month but the bug was news to Siemens UK operation when we first contacted them about it last week. A spokesman said its product management team was looking into the issue, which is thought at this time to be restricted to Chinese language SMS messages.

In December we reported how a malformed text message could crash older Nokia mobiles. That bug is related to sending SMS messages where the User Data Header is broken and is a separate issue from the Chinese language SMS vulnerability, although the effects are much the same. ®

Related stories

SMS phone crash exploit a risk for older Nokias

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.