Viruses Find A New Host: Cell Phones

An anonymous reader writes "A NYTimes article (free reg) describes the dangers posed by viruses as 3G and text-messaging become more common, inluding an incident in '01 where numerous phones in Japan began calling 110 (equivalent to 911 in the U.S.). Wired mentions 13M vulnerable phones in Japan alone." (And that was a few years ago.)

should be easy to fix

[SemperUbi]

I don't see why the protocol for text messaging can't be set so that only ASCII text is sent and received, making any kind of embedded script pointless. Then again, I don't know that much about cellphone protocols to begin with. It just seems as if it SHOULD be easy to prevent.

More gadgets = more complication

[NineNine]

This is inevitable. As people buy more and more stupid gadgets, their lives become geometrically more complicated. Personally, I have a cell phone and I use it for... making telephone calls! No stupid wireless web, messaging, taking pictures, or whatever in the hell people are doing with phones these days. You want the stupid gadgets? You're going to pay for it up front in cash, you're going to pay in time to figure everything out, and you're going to pay in headaches. Rarely are new technologies worth the trouble. A computer is good in it's most basic uses, and a phone is good. All of those stupid ipods/pdas/superphones/etc aren't worth it.

Re:More gadgets = more complication

[whiteranger99x]

Personally, I have a cell phone and I use it for... making telephone calls! No stupid wireless web, messaging, taking pictures, or whatever in the hell people are doing with phones these days.

I agree, I dont need a fucking phone that has everything, including the kitchen sink (although games are a plus :) I'm hesitant to upgrade my phone for that very reason, granted I'm not all that attached to my current phone and provider. I never could father how one could use a typical cell phone for instant messaging (AIM, Yahoo!, whatever) as its a royal pain in the ass to type stuff in.

A computer is good in it's most basic uses, and a phone is good. All of those stupid ipods/pdas/superphones/etc aren't worth it.

However, my stance on this is that to SOME people, the PDAs, iPODs, etc are worth their time, BUT I think people like buying those superphones as it were, only for the "gee whiz, look what bitchin' shit i got here" factor.

Re:This is only going to get worse

[robogun]

Verizon (the one US provider I am familiar with) already does this, but you have to initiate the install (*861 or something as I recall). However, after the last update, all of a sudden I couldn't get the reception I used to, and I had to punt that phone for Cingular. As I remember, Verizon was having a real problem with text spam.

Monocultures

[heironymouscoward]

Modern IT works like a natural system.

As soon as there is a host that can be infected, in quantities of relative interest, viruses will evolve that can parasite it.

Mobile phones are safe only so long as they are too stupid to act as carries for self-reproducing code.

A good reason IMHO to spurn "smart" phones.

Re:Monocultures

[heironymouscoward]

This is true, but the intelligence is kept almost entirely segregated. The SIM card is not accessible except via a restricted interface; the user interface is not programmable except by eprom; the network cannot be accessed by any user-loadable code.

Yes, a 2G mobile phone (especially GSMs) is very sophisticated, but it is not programmable in the way needed to propagate a virus. With a GSM, for instance, the worst you can do is send malformed SMS messages that smash the eprom. You cannot take control, insert your own code, send out supretitious copies.

While the 2G phones are "smart" compared to an analogue phone, they are not "smart" in the sense that they cannot be programmed at the user level.

3G phones are a lot more programmable and rely on security through complexity, i.e. encryption, signatures, etc. This complexity creates the weaknesses that parasite code can exploit.

A simple example: as soon as a phone can run a Java applet that can access the Internet (which my 2.5G phone can do), it takes just one flaw in the Java runtime for the phone to be a potential target.

Simplicity is an excellent defense against parasitic code. 3G phones are significantly more complex than 2G and 2.5G phones. They therefore have more weaknesses.

The "monoculture" aspect just means that a large population share the same weaknesses and an infection will spread faster and wider.

Re:Monocultures

[iggymanz]

I wonder how segregated things really are - I received a notice from my carrier to dial a number and perform certain keystrokes to "upgrade" my phone.......and it's a very basic Motorola phone. Couldn't something naughty be done this way?

Re:71% of e-mails sent to cell phones is spam

[pvt_medic]

yes but watch how quickly if spam starts to spreading to cell phones their will be a quick outcry of people on this. It is illegal for telemarketers to call cell phones so sending unsolicited text messages in theory would fall under the same guidelines.

How did they get this virus?

[ifwm]

What kind of signs should we be looking for, like when you tell someone not to open .exe's. I wouldn't even know where to begin. Also, isn't all of the traffic on cell phones documented? Shouldn't the companies be able to find the culprit fairly easily?

Good news for Hollywood

Well, on the bright side, this may be just the shot in the arm Hollywood needs for its horror movies. Now instead of saying "drat, the batteries are dead" when the screenwriters need to get rid of the cell phone for dramatic purposes, they can instead say "drat, my cell phone has a virus!"

Just Great!

[Herkum01]

Now we will get virus's that will imitate commercials and everywhere you go there will cell phones saying, "Can you hear me now?" Of course the consumer will not have the know-how to remove a virus and their cell phone is to useful to drop in the trash can.

This also brings up...


"Can you hear me now? GOOD! *CLICK*

No, the internet was designed /w security in mind.

[Rahga]

Anyone who claims that the Internet, which started life as ARPANET, was not designed with security in mind.... does not deserve a "Score:5, Insightful", that's for sure. Even e-mail was designed with security in mind, it's just that the masses would still rather take e-mail from anyone rather than whitelist incoming mail from trusted networks only.

They already do surveilance on mobile phones...

[Von+Helmet]

There's been a couple of murderers and rapists and the like in the UK lately who have been caught based on mobile phone records. A murder trial - two young girls, very nasty - that's currently taking place involves the evidence that one of the victim's mobile phones was switched off outside the suspect's house the evening that the girls went missing.

It's all fairly simple stuff at this stage, though it's kinda the stuff we've been seeing in films for years and scoffing at on the basis that it's "so unrealistic". Just the idea of being able to track where a phone signal for a particular phone number is coming from, and tying that to GPS and the like.

There's also the idea that they keep track of what you talk about on the phone - they start recording if you say bomb or president or whatever, that kind of thing.

It is only going to get worse though, as you say. When phones start doing more interesting stuff, there'll only be more for them to watch you do...

Re:costs

[kavau]

If companies are held financially liable it will force them to do a better job of programming and testing software.

*Chortles* Right...

When has Microsoft ever been held financially responsible for the damage its product caused?

Liability of the software maker is certainly a double-edged sword (think of Open Source contributors...). But don't you think if Microsoft were forced to pay some multi-billion dollar amounts for the damages caused by Blaster & Co., they would really start taking the whole security issue a bit more seriously?