On Touch Cruiser devices, SMS inbox can be completely filled by sending
more then 450 large vCards (size 32K).
The device will not be able to receive SMS anymore or to access the
message stored inside the device until SMS deletion occurs.
Additionally, when large vCards are sent, no acoustic notification (ring
tones) will be played upon incoming messages, making the attack more
silent and less noticeable by an user.
Battery removal may be needed, in some cases, for restoring normal
functionalities.
Manual deletion of all received SMS requires a very long time, making
organizing digital music and video files. The program is also an interface to
manage the contents on Apple's popular iPod and other digital media players
such as the iPhone and iPad. Additionally, iTunes can connect to the iTunes
Store via the Internet to purchase and download music, music videos, television
shows, applications, iPod games, audiobooks, podcasts, feature length films and
movie rentals (not available in all countries), and ringtones (only used for
iPhone). It is also used to download applications for the iPhone and iPod touch
running iPhone OS 2.0 or later." [3]
========
Timeline
desired content, that will be embedded in each vCard sent.
Finally, a dedicated option (-s), can be used for demonstrating the
effect of very large vCards.
According to the advisory, these vCards are silently received without
triggering any sound or ringtone, even if they have been properly
selected on the UI settings.
Regards.
--
URI that could lead to a second order attack.
Mitigating Factors: By default Windows mobile device policy require
SI messages to be authenticated. The Mobile Operators have the
ability to change the policy to not requiring authentication in
order for 3rd party ring tones and other SI messages.
Microsoft will look into a different architecture in future versions.
Recommendation:
