Slashdot Mirror
Viruses Find A New Host: Cell Phones
An anonymous reader writes "A NYTimes article (free reg) describes the dangers posed by viruses as 3G and text-messaging become more common, inluding an incident in '01 where numerous phones in Japan began calling 110 (equivalent to 911 in the U.S.). Wired mentions 13M vulnerable phones in Japan alone." (And that was a few years ago.)
After the recent use's of in vehicle mounted cell phones for surveillance I would how long it will be before they (they being anyone legal or not who has a reason to listen) infect your cell phone with snoop and control software.
*chuckle* The next couple of decades are going to be interesting.
Ward
. Silence! Be thankful thy species is unpalatable! .
The internet wasn't designed with security in mind , but these new 3G/4G phones can be.
Isn't this a chance to do things right , rather than repeat the design oversights of the past?
The fact that no one understands you doesn't mean you're an artist.
There should NEVER be an api to mess with the phone numbers and dialing.
keep them seperate from your applications. otherwise you have these silly problems.
--
"I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo
Japan should charge the phone company for each fake call to recover costs.
If companies are held financially liable it will force them to do a better job of programming and testing software.
After thinking for a while I guess that phone viruses can be as dangerous as computer viruses, imagine a virus that sends itself to every phone in the address book, calls expensive/international numbers, spams a number till it can't be used any more...
And I think phone viruses are becoming more and more possible through out the advances in phone technology.
The IT section color scheme sucks.
If a virus can make a phone dial the emergency services, it can presumably also make the phone call the premium-rate phone number the virus writer set up in a foreign country. This could get nasty.
And how secure is that backdoor?
VBScript is ASCII only, that doesnt stop the virus - the problem is the software on the phone is able to perform (or can be overflowed to produce) actions based on the input recieved.
This problem will get worse if the sandbox around the gaming/user run utilties is weak or unsecure.
It is also something that because devices are already out there would be difficult to prevent or fix. Perhaps requiring the Service provider automatically screening ALL txt messages with known exploits (This is also something the PC ISP's as a whole should do anyway, but thats a different subject).
liqbase
nggh make that 81% /cry
However we might have to really start worrying about this if a standardization of cell phones similar to the standardization of desktop computers happens.
As long as the standards remain different, cell phones aren't likely to be as affected as computers.
if I buy a cell phone then shouldn't it be just that? A cell phone..?
The 3G phones are pretty much going to become the Windows of the cell phone world - Everyone is going to want one because it's pretty and does lots of things... but at a price.
...is a phone to make calls!
WTF does this have to do with a virus problem?
Oh, I know it. That lame ass crap I never used on my stupid phone... like games and worse crap they build into phones these days... are the reason.
Maybe if there wouldn't be the *STUPID* need for a fucking OPERATING SYSTEM that can play games and CRAP in your phone you wouldn't have problems with viruses?
As long asd we like to bloat simple things with shit, such stuff keeps happen!
I used to work for one of the manufacturers, they knew several years ago that the same problems which affect PCs would eventually make their way down to the phones they produce as they added features and ended up with general purpose operating systems on the phones. The problem is that fixing phones is far more difficult than a PC.
It looks like they've decided it'll be cheaper not to bother making them secure. Now, if there was a case for secure computing anywhere, it'd be phones.
Government of the people, by corporate executives, for corporate profits.
If the phone only accepts updates signed with the manufacturer's private key, and if that private key is kept private, then it is very secure.
My phone (Danger Hiptop) can recieve automatic over-the-air updates (it has already recieved two), but it is still secure as it only accepts signed code.
The article isn't very clear about what is actually behind this problem. Over in the UK we've had text messaging (SMS, whatever you want to call it) for as long as I can remember - I was actually shocked to hear that most American mobile phone companies didn't use it. Anyway...
Point is, I don't think text messages are really the problem here. I've never heard of anything like this happening in text messages. A text message is a text message - a bunch of text. The cleverest thing I've ever seen done with text is being able to send messages that appear in flashing text, and even that only works on Nokia handsets. The only other remotely clever thing you can do with text messages is ASCII art, and we all know how clever that is.
I can imagine it being more of a problem when you get on to the idea of sending more sophisticated stuff, like video or more complex data. Hence I'm not surprised this has already been happening in Japan, as they are miles ahead of everyone on the mobile phone front.
The way I figure it, is there should be no means for a message to do anything remotely clever to your phone. In the same way that a properly set up mail client won't execute any old attachment, but merely present it to the user, a phone should present data or messages and have some means to keep them away from more sensitive parts of the phones software.
The way I see it, mobile phones have got too complicated for their own good. If you want a phone to make calls (remember the days when that was what a phone did?), then buy a phone. If you want to pick up your e-mail, send files to people, or surf the web, buy a PDA for pity's sake. At least the software for PDAs (Windows CE and it's more recent brethren) has been written with a decent knowledge of OS security in mind.
Now why am I not surprised this happened?
[rant]
When you take a device that was originally designed to perform ONE function -- in this context, to be a good portable communications tool -- and you start loading it up with all kinds of useless bloat that is completely UNRELATED to being a communications tool, this is exactly the kind of crap you're going to run into.
Contrary to popular belief, not everyone thinks highly of downloadable ring tones, color screens, web access, gaming capability, or text messaging. I know, because I'm one of them. I would be perfectly happy with a simple, rugged, and RELIABLE mobile phone that was exactly that: A mobile phone, perhaps with the voice-activated calling feature, a good-sized speed dial directory, and the ability to snap into a fixed-mount handsfree cradle in the car.
The last thing I need is a ton of "features" that I don't want, don't need, and DON'T want to have to pay extra for just because they're present. Don't even get me started on the insane "Smaller is Better!" craze. It has served only to give us keypads that are so small that Tinkerbell would have problems with them.
[/rant]
Bruce Lane, KC7GR,
Blue Feather Technologies
The internet was designed with reliability in mind , it's meant to route around disasters ( read : nuclear attack ) to keep communication lines up.
If it were designed with security in mind we wouldn't have to bolt - on such additions as SSL or certificates. These are meant to work around the problems that we face now.
Admittedly these wouldn't be such a problem on a purely military network , where every machine has a static IP and a known owner. But that's not the world we live in , is it ?
The fact that no one understands you doesn't mean you're an artist.
AT&T is launching its mMode service, turning mobile phones into a sophisticated wireless services platform. Their pitch to developers is "XHTML as the mark-up language of choice, more viral marketing tools and better public exposure." (free registration/questionnaire required). Geeks can debate the supremacy of XHTML, and only a prude is against better public exposure. But which marketdroid is pushing "viral marketing" from the technology source to the users? Which developer will publish the innoculation apps to keep us running in place, in the spam race?
--
make install -not war