Slashdot Mirror
Japanese I-Mode Phones Under Attack
radsoft.net is reporting that DoCoMo phones arre under attack by new wormish i-mode attachments. According to the announcement, i-mode phone users shouldn't open emails from unknown senders. I used a docomo phone while I was in Japan a few weeks ago. They are so far ahead of us in phones: lighter, cooler, longer battery life, more features, and i-mode is cool. Anyway, the funny part is that these attachments, if opened, will do nifty things like call arbitrary phone numbers (your worst enemy? Emergency?) or simply freeze your phone. Docomo has market penetration that makes local cel phone mega corps look like mom and pop shops. Anyway, there's no doubt that consumer electronics will be targets of more attacks in the future.
I remember when kids would make prank calls to random numbers in the telephone book.
Yeah, we did that. Let's see. "Is your refridgerator running?" "Do you have Prince Albert in a can?"
Wansu, th' chinese sailor
That's a bad analogy. The reason that NTT are in the position of market dominance that they now enjoy is because they were a government-sanctioned monopoly. You literally could not compete with NTT, if you did, you would eventually be arrested. The law stated that NTT were the only people permitted to run a telco, and that was that.
Say what you like about Microsoft, but they achieved market dominance by competing in a free market. Linux is a viable alternative for many applications, you are free to distribute and use it as you please. Neither Microsoft nor the government are in any way able to enforce that you do otherwise - in fact there's this little thing called the Constitution that protects you.
So, really, the situation isn't similar at all.
The reason Japanese phones are smaller, lighter, and have longer battery life than American equivalents is because the cell size is much smaller.
Optimal cell size is a function of population density. In the Tokyo area, you've got about a billion people per square foot, so you can afford to keep the cell size small, which means you don't need a lot of power to transmit.
If you were to try to use the same cell size in a place like Texas, you'd be putting up more cell towers than there are people. It's just not economically feasable to do that.
Americans want phones they can take anywhere in the country and have them work. They need a big battery and a high power transmitter to make that work.
Here in the building where I work in Ibaraki-prefecture there's almost no cell coverage because we're a government lab (KEK) and you can't place a cell tower on government property according to Japanese law. People have to run to the roof whenever their cell phone rings. The lab isn't that big, either. It' can't me much more than a couple of square kilometers. Once you get off the lab, your phone works pretty much everywhere.
Don't expect to see Japan-sized phones in the U.S. any time soon. We need a ten-fold increase in population density before it will become practical.
The latter, they're very good at. ;)
In terms of access and availability, I don't think I've ever been anywhere in the U.S. (aside from well within the confines of one or national parks) where I was more than a short walk from a functional land line and handset. If I'm in anything resembling a populated area, I can promise you I'll have no trouble whatsoever finding a phone that is both accessible and available for my use. The last two times I've moved, I've had telephone service connected and functional within an hour.
If all this sounds familiar to you, then consider that the phrase "one of the best" may just include your Nation of Choice in "the best". Nobody claimed vast superiority over the entire world, here.
There's a difference between being able to execute applications and being able to execute a message someone sends you. The latter is just unnecessary. It's a message... messages are data. If you want to send me your message in video form, fine. You can even send me the player. But why the hell would I want my message-handling software to execute that player? All it needs to do is deliver the damn thing to me, and I'll take it from there.
Maybe in Japan, where the soda density is so much higher...
Jeez, when are manufacturers going to learn?
I'll just bet that the next generation of GPRS and UMTS phones will be hacked to death because the manufacturers forgot about security.
Deleted
Well, it's not working, now, is it?
Having different mobile telephone standards is like having different networking standards. On the Internet we all use TCP/IP. Feel free to go back to ipx/spx/banyan/netbeui/whatever archaic networking protocol you want.
In Europe, we all use GSM for our mobiles and soon, GPRS. Then once the telcos have paid off the loans for those rediculously large 3G licenses we might have a world wide standard in 50 years.
Deleted
No joke. A shell on a vt100 gives a person far more power than mystery preprogrammed checkboxes and attatchments.
"Hello, do you have a John in the house?"
"No!"
"Then what do you do, go in your pants?"
i-mode mailers don't support attachments; nor are they supposed to support HTML, but some of them do. Anyway, it's possible to put a link to tel:110 in a page, or sometimes in email, and to disguise it. Recent i-mode phones will always show the number and ask for confirmation before dialling, but older ones did not.
Telephone links are a great idea. The problem is the fact that they can be disguised. Newer i-mode phones always show the number and give a prompt before dialling. The WAP standard that defines similar features requires prompting as well; hopefully manufacturers will learn from this and always prompt.
soon they are going to start making worms that actually crawl into your ear...
Talk about market penetration!
The answer is as obvious as the answer to email worms: my (telephone|MUA) should not even *try* to be a public compute server, which is exactly what the ability to send "active" attachments means. Just Say No to active messaging. The cool factor simply doesn't outweigh the potential cost.
No its not, its viruses
...
--
I hope we shall crush in its birth the aristocracy of our monied corporations
And I'd be a Libertarian, if they weren't all a bunch of tax-dodging professional whiners.
Berke Breathed
"they put creatures... in our bodies..."
Wrath of Khan.
It doesn't mean much now, it's built for the future.
I was reading iMode's html-ish spec tonight and I saw the URL designation tel:// (as in tel://911)
What a bad iDea *that* is... (Yes, it's already been exploited, though over here, I think it's 119, rather than 911...)
Someone made an innocent goof in a HTML-based game a few weeks ago that highlighted this vulnerability.
On top of that, it costs the *initiator* of the call for calls placed from cell phones here, not the recipient - what was that exchange in the Carribean that was supposed to be so bad - 809?
iMode is just untroducing Java on its phones, but from what i've read on the keitai-l listserve, auto-dialing like this is not on an option.
Cheers,
Jim in Tokyo
MMDC.NET
-- My Weblog.
"If a tree falls in a forest.... it isn't a tree making the noise but a log"
So, if a tree falls in the forest and nobody hears it, the sound is logged?
+1 Funny
-1 Offtopic
+1 Funny
-1 Redundant
+1 Underrated
-1 Flamebait
Kevin Fox
--
Kevin Fox
Probably from the movie "Dogma" the one made by the guys who made "Clerks." Watch it, its hallarious.
Lets see, telco takes off atleast 75% of that for their own cost leaving you 18000000
Court orders you to pay each person their 1 dollar back. Leaving you 54000000 in the hole.
Oh I thought you meant, the facts about their Stinger phone system was going to be brought up in court. You mean the other kinda trial, "Yawn."
I think the worst part of this could be that the virus may cause the phones to automatically dial an emergency number.
Extra calls to emergency call centers that flood the lines is going beyond just filling inboxes. Although I'm not familiar with the "110" emergency number stated in the article, if it's anything like 911, it could obviously affect lives. This seems to me to be far worse than a worm that calls numbers at random or freezes up the screen of a phone (also mentioned in the article).
They were only protecting their shipping interests by attacking the U.S. It was all our fault. Hollywood would _never_ alter a historical story.
Rick
You are in a maze of twisty little passages, all alike.
I'll give you the benefit of the doubt and assume you really don't know the difference between a Java app running on a cell phone and a browser built into the phone.
As the browser built into the phone is just a binary application, it can do whatever it likes with the phone - send secret messages to aliens, wipe any flash ram you might have, randomize digits in stored phone numbers, or simply dial out when a WAP page you browse to asks it to. You can imagine that it was the first feature a marketing person thought would be handy to add to the built in browser.
Java apps on the other hand, have a limited API that defines what they can do - if there is no API to destroy the faceplate of the phone for example, a Java program (called "MIDlet" on phones using the MIDP Java API) will be unable to do so, no matter how hard they try. Similarily, at the moment I'm pretty sure (though I do not have exhaustive knowledge of the API) that there simply is no way for a Java app to ask the phone to dial a number. Already though developers are asking for such a capability - thus my original point about them probably adding in such a feature later on, but since the Java VM controls the actual action of dialing the number it can at least ask the user if they really want to dial a particular number and throw away repeated requests until the user responds.
That's why downloading a Java app might not be nearly as bad as browsing to some back-corner porn site on your phone that then made your phone call some of those great country codes that cost you hundreds of dollars per minute!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In the U.S.? Yeah, right, and I've got a moon plot to sell you.
Don't get me wrong, the U.S. isn't like a 3rd world country when it comes to its phone system. But I've heard enough complaints about US phone service to think it has to be at the bottom of a list of First world countries.
No offence. But your Telephone companies don't sell telephone service, they sell utter frustration.
Since the phone obviously dials numbers predefined, I say its a scam Miss Cleo concocted for her psych[o]ic network... "I see joor fuchah and eet says dat joo weel call me nouuw!"
Want Root?
Image the suprise as during the middle of an important business meeting, your cell phone switches to speakerphone and calls THE DUNGEON.
1-800-800-8900
FOR MEN WHO ARE SERIOUS ABOUT LEATHER AND THE FETISH LIFE STYLE
Interesting comments, although way off base
The UK has one of the largest mobile usage rates in the world, and I would not call it sparsely populated! (~65m ppl in a country about 700x300 miles in size - including plenty of water). In fact it's (I believe) one of the highest population densities in the West.
There are 4 physical networks here, all national and all GSM, which means if you're on any of them you can call from pretty much anywhere in the world (yes I know there are issues with frequencies in some cases but with a modern phone you really don't notice it these days). The fact is that when GSM was emerging as a standard, the european telcos saw that standards were good, and interoperability was important, but the US nets decided on their own standards. Sound familiar?
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Here people get mobiles for free when they change their tires. You can pick up a mobile phone at the supermarket for about US 50 and then you have a Nokia 3210. The phone is equipped with a pre-paid card, so no subscription nescessary. Everytime your card is empty, you buy a new one, call a number and you go. Ease of use and cheapness. Here at the University we got phones for free from the University, with a subscription plan that is the cheapest I know. Sorry, you're argument is faulty.
Another point to be made is that in Europe, lane phone lines are hideously expensive. It makes more sense to use a cell phone there since it is cheaper (or close to it), but in the US this isn't true.
Sorry not true. We pay for local calls contrary to the US, but it is not too expensive and certainly cheaper then a mobile. On a side note, nobody gives up the land line they have, they just get the mobile as an extra. So they pay for two phones. Yet again you're arguing is flawed.
Sorry to say, but it seems that even though you're working in the industry, you don't know about the way it works here in Europe.
On a related note, somebody else mentioned that 4Europe was less densily populated and therefore there were more mobiles. Not true either, mobiles are used mostly in city areas and the London City or the business Center of Paris are great places to spot the latest Nokia. Fact of the matter is that the most densily populated countries like the Netherlands, but also the least densily populated countries, like the Scandinavian countries all have national coverage and a high usage rate. There is basically no excuse for American mobile phone companies other then that they made major errors in the pricing, the technology, the marketing, the regulations etc. They still haven't entered an incredibly large market.
Use Adsense for Charity
I've always had the suspicion that virus creators are secretly supported by the anti-virus industry. There's this multi-billion dollar industry that depends on hackers in Eastern Europe and lame security in Microsoft products to create a problem that can never really be solved. That's suspicious.
imode here
It looks kinda geegawish to me. but then, i still use vi in xterms, so go figure.
Treatment, not tyranny. End the drug war and free our American POWs.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
I live in a small (pop 75,000) midwestern community which only has analog cell service provided by Cellular One or Verizon. That's it. Since the market is so small, it just doesn't pay to put up a new digital tower (Sprint PCS and the like) because they won't make any money. In many European countries and Japan, the population density is much greater (2-3x) and therefore it is more economical to provide the latest and greatest service.
On the other hand, I get my local and long distance phone service, 250 digital cable TV channels, and 1.5 MB/256k cable modem for just $100/month through a local provider. Guess I can't complain too loudly.
----
There's no point in being grown up if you can't be childish sometimes. -- Dr. Who
Please remember, my American compatriots, that the reason why we are 'so far behind' in many telco issues is not because we are some bleating band of nincompoops, but rather that many other countries simply didn't have much in the way of infrastructure to begin with and when they installed, they installed modern digital because it was the prevailing technology.
Our telco infrastructure is much older, widely based on the old copper and analog systems, and we have to spend a lot of money to upgrade it to the modern stadards, unsurprisingly enough, because we still have one of the best telephone systems in the world in terms of access and availability for users. It's a shame that deregulation will probably destroy that.
In space, no one can hear you moo.
All your cellphones are...oh, nevermind.
---
On that note, there was a "911 Virus" that spread via open Windows shares and randomly called 911 last year. This didn't spread far because it was so malicious (it erased users' hard drives) but it is an example of this sort of thing happening. The Houston, TX police department got a large number of false calls.
sulli
RTFJ.
Just to clarify (however belatedly), since I've been developing for DoCoMo's Java phones for the last few months...
You can do nothing to the phone itself from Java. You can't dial, you can't send E-mail (well, you can connect back to your server and have it send E-mail, but if you're going to spam from a server you don't need a phone), you can't connect to any remote site other than the one the program was downloaded from, you can't access the phone's memory / dial history / etc., you can't even run another Java app from inside yours (which is a major PITA since the maximum size of a JAR file is 10k). Moreover, the Docomo spec calls for the chip that implements the JVM to be physically separate from the chip(s) controlling the rest of the phone--obviously they're connected and all, but it certainly reduces the chance of a rogue Java program "accidentally" messing with main memory or such.
--
BACKNEXTFINISHCANCEL
Are you telling me that I can blame the messages that I leave on my ex-girlfriend's answering machine in a drunken stupor on a virus. Woo hoo. Gotta go make a phone call....
I couldn't fail to disagree with you any less.
Replacements will again have the appropriate messages coded in to say, "Stay in school so you can make more money to spend at shopping malls", "You need Barbie/GI Joe", "Be a consumer whore", "Watch TV until you have no concept of reality", "Get a gun, get several in fact, play with them" and of course "The government and Microsoft are your friends"
Gosh, I shudder at the consequences! Excuse me, now, the fridge told me I'm an idiot for not stocking up on Bud Light for the weekend, must go to store, must fill out card membership form divulging personal information, must stop reading slashdot, bad influence there...
-- .sig are belong to us!
All your
A feeling of having made the same mistake before: Deja Foobar
Consider most of the world's TV's were PAL and the US stuck with NTSC for decades, and will still have to support it for decades to come. It has much to do with the horserace of selling some new product and not worrying about better technology to come and how best to work with it. There's so much vested in the current standards and use of airwaves to easily change. I was greatly disappointed when I learned this back in 1992, that my US cell phone wouldn't work in Europe. I wanted to say, "Just who the heck is responsible for this fsck up!", but it was I, as I had endorsed the US standard by buying into it ignorantly. Be glad the IP protocol is the same the world over, the internet would still be a backwater if it had been done the same way.
-- .sig are belong to us!
All your
A feeling of having made the same mistake before: Deja Foobar
Mobile phones have been around since the 50's (yeah, big radio phones, but the cellular idea is older than you think) and they had decades to come up with something intelligent and work with other companies in the world to establish a global standard, because, GASP!, it's about communication.
Never trust anyone who
-- .sig are belong to us!
All your
A feeling of having made the same mistake before: Deja Foobar
I hear they're 'r33t'
... and sooner or later: McAfee for Nokia.
--
What ? Me, worry ?
"911, what's your emergency?"
"Please, you have to help us. My husband was just driving the car, when he passed out. I got the car stopped, but he's not breathing!"
"Ma'am, can you perform CPR on your husband?"
"I think so..."
"Okay, my computer can't tell where your cellphone is located, so I need you to tell me where you are so I can dispatch an ambulance."
"I'm on InterstaHAHAHA. Y04 F0n 4@s b33n H4XX0red! I AM L33t!!!"
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
So, lets see, Docomo has incredible market penetration (to the nearly monopolistic level). And their products are under attack by viruses that target only their products and no one elses. (*cough*Outlook*cough*)
Does this sound like microsoft to anyone else?
Domoco should have expected this, given that they have such a similar situation to microsoft. Yes, the market is different (cells vs. software) but the context is similar.
I wish I had a sig, I wish I had a sig, I wish I had a sig, oh, wait...
Lately I have had reason to be working with some DoCoMo information and it is scary. These phones track what you look at on-line, everything you buy and, with their nifty new multiple cell base triangulation automation, they keep track of where you are when you use your phone to surf or buy something.
And, unlike most annoying tracking and information compilation efforts we are subjected to constantly, this one is directly linked to you personally, not just to a demographic segment. DoCoMo keeps all of your personal information combined with your demographics in the sections of their server system called D-MAX and U-MAX.
DoCoMo touts all this as the birth of true one to one marketing and says that part of the beauty of this is that a great deal of information can be collected without the users knowledge.
They might be light years ahead of us in cell phone technology, but they are also light years ahead of us in marketing driven privacy invasion. And it is only going to get worse with the next generation of IMT-2000 phones, some of which will have GPS to nail down your location even further.
And for those who aren't aware, which I imagine is damned few in this venue, the underlying technology in the i502 series on is Java. This allows lots of cool stuff to be downloaded into your phone, but I guess they haven't worked out all the security kinks yet. Too bad to hear about that, since warts and all I like Java.
7. What we cannot speak about we must pass over in silence.
I remember when kids would make prank calls to random numbers in the telephone book. But that's old fashioned now. Now, you make a virus that makes prank calls to random numbers in the telephone book.
This is called progress. =P
hey, with innovation comes inherent difficulties. New communcations devices, new software, new virus. And when this bug finally gets squashed, there will be ten more to replace it. It's an inescapable fact of technological advancement.
Yes, it's true that adding convenience features will ALWAYS introduce the possibility for exploitation.
However, my relatively simple Samsung PCS phone with WAP support has the SAME ability to dial phone numbers from e-mails. Yet, it is not exploitable because it simply does this:
Dial 911?
[OK] [Cancel]
"Why would God give us a waist if we wasn't supposed to rest our pants on it?" - Rev. Roy McDaniels