TMCnet News
F-Secure Protects Against "SMS Curse of Silence"SAN JOSE, Calif. --(Business Wire)-- A new exploit for a wide range of Symbian OS-based smartphones was made public yesterday. This exploit has been dubbed the "SMS Curse of Silence" by Tobias Engel, who discovered and disclosed the exploit at the 25th Chaos Communication Congress. The exploit can make the text messaging function of the affected phone unusable. Affected phones cannot receive SMS text messages. Smartphones that can be attacked this way include UIQ devices and S60 2nd Edition Feature Packs 2 and 3, 3rd Edition and 3rd Edition Feature Pack 1. S60 3rd Edition Feature Pack 2 or 5th Edition phones are not affected. The Denial-of-Service attack consists of sending one or, depending on the phone model, several specifically formatted SMS messages to the smartphone being targeted. The messages crash the phone's SMS system, but the phone remains functional otherwise. Older models do not show symptoms of the attack that would be visible to the user; however newer phones can show messages that the phone is running out of memory or experience constantly flashing message icons after the attack. Samu Konttinen, Vice President of the Mobile Business Unit at F-Secure said, "Performing the attack does not require technical expertise, and due to this, there is a risk of it becoming a nuisance. We have already provided a security update to this threat to our F-Secure Mobile Security customers." The F-Secure Mobile Security solution protects against this exploit by detecting it and by repairing the phone so that users don't lose the messages in their inboxes. The solution is available for all the smartphone models at risk. It can be downloaded directly to the phone by using the phone's browser to access www.f-secure.mobi. There is a free 7-day trial version of F-Secure Mobile Security available. F-Secure would like to thank Mr. Engel for his cooperation in communicating his discovery in advance. More information on the smartphone DOS exploit is available on F-Secure's weblog at www.f-secure.com/weblog. About F-Secure Corporation F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. F-Secure's award-winning solutions are available as a service subscription through more than 170 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in this market. The solutions are also available as licensed products through thousands of resellers globally. The company aspires to be the most reliable security provider, helping to make computer and smartphone users' connected lives safe and easy. This is substantiated by the company's independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the NASDAQ OMX Helsinki Ltd since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the F-Secure Data Security Lab weblog at http://www.f-secure.com/weblog/. |
