Nokia的手机系统Symbian S60日前爆出漏洞,如果受到名为"Curse of Silence"的攻击,它的短信和彩信接收功能将被锁住而无法接收。德国的Chaos Computer Club小组发现,短信中包含33个字符的email地址格式信息时,可以锁住S60接收信息的功能。
据悉,在受到攻击后,2.6和3.0版本的S60在接收1条此特定格式信息后将锁定信息接收功能,而2.8版在接收11条特定格式信息后就不能再接收信息。目前Nokia尚未发布任何相关补丁。
英文原文:
Text message can lock out Nokia S60 devices
Nokia's handsets running on the Symbian S60 operating system are vulnerable to what is being called the Curse of Silence attack that knocks out the devices' ability to receive SMS and MMS messages, a German group has found. The Chaos Computer Club has somehow discovered this weakness which allows a specifically formatted incoming e-mail message that contains at least 33 characters to disable the handset's ability to receive any further messages. Devices running S60 version 2.6 and 3.0 lock up after receiving just one message, while 2.8 and 3.0 versions of the software will stop the functionality after receiving 11 messages.
As of this time, the only way to prevent the devices from being affected by the Curse of Silence is to install an SMS-blocking application that only lets through messages from approved sources. Chaos Computer Club has brought the issue to Nokia's attention and GSM carriers ahead of the embedded video's broad release on December 30th.
Apparently, the only current fix for affected handsets is a hard reset for affected handsets and it is not yet known if Nokia has released or plans to release any sort of fix via a firmware update. [via BGR]
附:
S60第一版包括:
诺基亚:3650、36607610、7650、N-Gage、N-Gage、QD
S60第二版包括:
诺基亚:N70、N72、N90、3230、6260、6600、6620、6630、6670、6680、6681、7610
其他:Siemens:SX1,三星:D700/720/730,松下:X700/X800、
S60第三版包括:诺基亚:N71、N73、N75、N76、N77、N80、N91、N93、N95、3250、N71、E50、E60、E61、E62、E70、E50、N95、
N92、5500、N75、N76、N80 6210S
攻击字串:超过32个字符+一个空格就可以了。
比如:"1234567890@1234567890.123456789012 "
(发送“新建短信息电邮”)
Curse of Silence 我建议翻译成“静默诅咒”