Chinese SMS can crash Siemens mobiles

Language skills

Siemens is evaluating the impact of a security bug that allows malicious hackers to crash phones by sending a malformed SMS message in Chinese.

The flaw, which affects Siemens 3568i (or below) mobiles but not Siemens 6688 phones, involves a bug in the way exceptional characters are displayed, Chinese researchers xfocus advise.

According to xfocus, a malformed message can shutdown a vulnerable mobile and make it impossible to delete a rogue message without downloading software that does not normally come with the phone. The exploit might be used as a denial of service attack.

xfocus published its discovery exploit last month but the bug was news to Siemens UK operation when we first contacted them about it last week. A spokesman said its product management team was looking into the issue, which is thought at this time to be restricted to Chinese language SMS messages.

In December we reported how a malformed text message could crash older Nokia mobiles. That bug is related to sending SMS messages where the User Data Header is broken and is a separate issue from the Chinese language SMS vulnerability, although the effects are much the same. ®

Related stories

SMS phone crash exploit a risk for older Nokias

Sponsored: Network DDoS protection