Saturday, January 06 2007
here is a quick and easy way to protect yourself against NotiFlood (my MMS notification attack against PocketPC-based mobile phones, see my PocketPC Security Research).
As I explained, the PushRouter
is the application that listens on port 2948 it basically gets all WAP push messages and routes them the destination application.
If the PushRouter doesn't know which destination application to use it discards the WAP push message. So in order to
protect us against a NotiFlood attack we simply need to remove the MMS mime type from the PushRouter configuration, after this
the PushRouter will not be able to forward any WAP push messages to tmail.exe (the MMS application).
The PushRouter configuration for MMS is stored in the WinCE registry at:
The only value in this registry key is
DEFAULT for me it is set to
Now we have a couple of options: delete the complete key, delete the value, and modify the value. I for my part
just modified the value (so I can easily switch MMS back on). I basically just added a underline (_) to the key value.
Now since the value of the key is wrong the PushRouter can no longer forward the MMS message to tmail.exe.
Note, also these settings are from my IPAQ PocketPC 4.2 they should be the same on all 4.2x devices.
This modification disables receiving MMS all together! Don't do it if you still want to receive MMS messages.
Since there is no regedit on PocketPC you need to get a third party application. I used PHM RegEdit.
That is it! You're secure now ;-)
See the pictures from unboxing the N800.
The N800 looks like the device
that was named the 870 by various sites.
Can't wait to hold it in my hands!
I did some googeling and found this: nokiausa.com/support/contact_us select Phone Product and Feature Information, press GO, and you will get a list of devices ... the list allready includes the N800.