OUSPG

[This page is CSS2 enabled. Your browser might not fully support it]

Vulnerability disclosure publications and discussion tracking

$RCSfile: paper.html,v $ $Revision: 1.9 $ $Date: 2005/05/10 05:38:43 $

ABSTRACT

Information security incidents plague the Internet. Our society depends on phone networks. Today, the Internet has gone mobile. There will be an inevitable clash between these two worlds. Mobile phones have transformed into interconnected computing appliances and information about their security vulnerabilities begins to roll-in. We explored the vulnerability scene of the mobile phone networks. What would be characteristic to the mobile phone network vulnerabilities? What security problems in mobile phones have been publicly announced? How did WAP implementations survive test-suites constructed to find flaws with security implications? We realised that despite its pecularities, such as patch deployment problems and a lack of real market diversity, the mobile phone vulnerability scene resembles its Internet counterpart. We encourage you to keep-up your security methodology and level of scrunity even in mobile context.

Table of contents

• ABSTRACT
• Table of contents
• Vulnerabilities
  • Design vulnerabilities
  • Implementation vulnerabilities
• Security solutions
• Analytical papers
• Links to other vulnerability disclosure tracking lists

Vulnerabilities

Design vulnerabilities

• Biryukov, Alex; Shamir, Adi & Wagner, David. Real Time Cryptanalysis of A5/1 on a PC. (1999). http://cryptome.org/a5.ps.
• Saarinen, Markku-Juhani. Attacks Against the WAP WTLS Protocol. http://www.jyu.fi/~mjos/wtls.pdf.

Implementation vulnerabilities

• Rohde, Laura. Messages can freeze popular Nokia phones. (2000). http://www.cnn.com/2000/TECH/computing/09/01/nokia.freeze.idg/index.html.
• PROTOS Test-Suite: c04-wap-wsp-request. http://www.ee.oulu.fi/research/ouspg/protos/testing/c04/wap-wsp-request/.
• Leyden, John. How to crash a phone by SMS. (2001). http://www.theregister.co.uk/content/55/23080.html.
• Siemens Mobile Phone SMS Denial of Service Vulnerability. (2002). http://online.securityfocus.com/bid/3870.
• Whitehouse, Ollie. Nokia SGSN (DX200 Based Network Element) SNMP issue. (2003). http://www.atstake.com/research/advisories/2003/a031303-2.txt.
• Whitehouse, Ollie. Nokia 6210 DoS SMS Issue. (2003). http://www.atstake.com/research/advisories/2003/a022503-1.txt.
• Bluetooth anonymous bonding vulnerability. (2004). http://www.integralis.de/media/press_releases/2004/260304.html.
• PROTOS Test-Suite: c05-wap-wmlc. (2002). http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/wap-wmlc/.
• Siemens *35-45 DoS SMS Lag. (2003). http://www.securityfocus.com/archive/1/313715.
• Nokia. Bluetooth and security. (2004). http://www.nokia.co.uk/BaseProject/Sites/NOKIA_MAIN_18022/CDA/Categories/AboutNokia/_Content/_Static_Files/btweb.pdf.
• Nokia Series 60 BlueTooth Remote Denial Of Service Vulnerability. (2005). http://www.securityfocus.com/bid/12743/.

Security solutions

• SSH Communications Security announces immediate availability of SSH Secure Shell for Handhelds. (2001). http://www.ssh.com/about/press/detail.cfm?id=804.
• F-Secure introduces the ultimate security product family for Nokia Communicators. (2002). http://www.f-secure.com/news/2001/news_2002041600.shtml.

Analytical papers

• Båen, Geir Stian & Kaasin, Erling. Security in GPRS: Master Thesis in Information and Communication Technology. (2001). http://siving.hia.no/ikt01/ikt6400/ekaasin/Master Thesis Web.pdf.
• Arunesh, Mishra & Arbaugh, William A. An Initial Security Analysis of the IEEE 802.1X Standard. (2002). http://www.cs.umd.edu/~waa/1x.pdf.

Links to other vulnerability disclosure tracking lists

http://www.ee.oulu.fi/research/ouspg/sage/disclosure-tracking/index.html

[This page is CSS2 enabled. Your browser might not fully support it]