exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Jolla Phone URI Spoofing

Jolla Phone URI Spoofing
Posted Mar 13, 2015
Authored by Nikolas Sotiriu

Jolla Phone with Sailfish OS versions 1.1.1.27 and below suffer from a telephone URI spoofing vulnerability.

tags | exploit, telephony, spoof
SHA-256 | 1e5ea6ababa53a368f6ee034d8c4f08f4e032acffd627cadd356717cfecfc988

Jolla Phone URI Spoofing

Change Mirror Download

______________________________________________________________________
-------------------------- NSOADV-2015-001 ---------------------------

Jolla Phone tel URI Spoofing
______________________________________________________________________
______________________________________________________________________

111101111
11111 00110 00110001111
111111 01 01 1 11111011111111
11111 0 11 01 0 11 1 1 111011001
11111111101 1 11 0110111 1 1111101111
1001 0 1 10 11 0 10 11 1111111 1 111 111001
111111111 0 10 1111 0 11 11 111111111 1 1101 10
00111 0 0 11 00 0 1110 1 1011111111111 1111111 11 100
10111111 0 01 0 1 1 111110 11 1111111111111 11110000011
0111111110 0110 1110 1 0 11101111111111111011 11100 00
01111 0 10 1110 1 011111 1 111111111111111111111101 01
01110 0 10 111110 110 0 11101111111111111111101111101
111111 11 0 1111 0 1 1 1 1 111111111111111111111101 111
111110110 10 0111110 1 0 0 1111111111111111111111111 110
111 11111 1 1 111 1 10011 101111111111011111111 0 1100
111 10 110 101011110010 11111111111111111111111 11 0011100
11 10 001100 0001 111111111111111111 10 11 11110
11110 00100 00001 10 1 1111 101010001 11111111
11101 0 1011 10000 00100 11100 00001101 0
0110 111011011 0110 10001 101 11110
1011 1 10 101 000001 01 00
1010 1 11001 1 1 101 10
110101011 0 101 11110
110000011
111
______________________________________________________________________
______________________________________________________________________

Title: Jolla Phone tel URI Spoofing
Severity: Low
Advisory ID: NSOADV-2015-001
Date Reported: 2015-01-29
Release Date: 2015-03-13
Author: Nikolas Sotiriu
Website: http://sotiriu.de
Twitter: http://twitter.com/nsoresearch
Mail: nso-research at sotiriu.de
URL: http://sotiriu.de/adv/NSOADV-2015-001.txt
Vendor: Jolla (https://www.jolla.com/)
Affected Products: Jolla Phone
Affected Versions: <= Sailfish OS 1.1.1.27 (Vaarainjärvi)
Remote Exploitable: Yes
Patch Status: Vendor released a patch (See Solution)
Discovered by: Nikolas Sotiriu



Description:
============

The Sailfish OS of the Jolla Phone contains a vulnerability that allows
to spoof the phone number, passed by a tel URI through an A HREF of a
website with some spaces (HTML ).

This could be used to trick a victim to dial a premium-rate telephone
number, for example.



Proof of Concept:
=================

<a href="tel:0000000000[25xSpaces]Spoofed Text[38Spaces]aaaaa">Call</a>

Test Site http://sotiriu.de/demos/callspoof.html



Solution:
=========

Install Version 1.1.2.16 (Yliaavanlampi)

https://together.jolla.com/question/82037/release-notes-upgrade-112-
yliaavanlampi-early-access/



Disclosure Timeline:
====================

2015-01-28: Asked for a PGP Key (security@jolla.com)
2015-01-29: Got the PGP Key
2015-01-29: Sent vulnerability information to vendor
2015-01-29: Feedback that the vendor is looking into the problem
2015-01-30: Got detailed information about the patch process and
timeline
2015-02-19: Got an E-Mail that the patched version is released
2015-03-13: Release of this advisory




Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close