...stuff I do and things I like...

Friday, December 19 2008

HTC Touch vCard over IP Denial of Service

here is another nice Windows Mobile (HTC) security bug that is related to WAP push. The vulnerability can be triggered by sending vCards to port 9204/UDP over either WiFi or GPRS/UMTS. The effect seems to be significant device slow down and/or device freezing that requires battery removal. This again reminds me of my good all MMS Notification DoS attack.

The bug was discovered by the Mobile Security Lab (who ever this is). I hope we will see more interesting discoveries from them, they just seem to have setup their site in October.