Slashdot Mirror
Worm Developed for Nokia Series-60 Phones
Tuxedo Jack writes "It had to happen. The first worm designed specifically for cellular phones has been developed, and Cabir appears to be a way of effectively killing Nokia Series-60 cellular phones via shortening the battery life due to scanning for nearby Bluetooth devices and propagating itself. This still relies on a user to open it, so hopefully that won't be many, and those that do must use a file manager to find and kill the worm. At least it isn't a dialer!"
It had to happen sooner or later, with people predicting the cell phone will be your next computer.
I guess Series 60 phone owners should be thankful that it just drains battery life. What if the worm sent 80,012 text messages to everyone in your contact list! Imagine the cell network congestion and billing chaos that would ensue... Lets hope cell phone manufacturers start tweaking their phone OSes to prevent that kind of disaster in the future!
Urge to post... fading... fading... RISING!... fading... fading... gone.
After searching Google news and other sources I could not find a similar story anywhere besides this similar story posted on ZDnet Australia. The only problem is that it was dated back 10 February 2004. Not sure if it's the same story... or same worm but worth a read for those that cannot get out to Symantec.
Hmmm.
I'd just like to say that this is why it's still nice to have a phone with relatively limited features - well, that and it's a Motorola (T720). I don't have to worry about the Bluetooth stuff, and I don't even have web access activated on it.
Also, according to the SARC article linked - this worm will attack any bluetooth device that it finds in it's range - not just phones - SARC uses a printer as an example, but what about those nice bluetooth mice/keyboards and PDAs, etc?
They have an image of the phone with the message displayed on it too.
Sure, the difference isn't that big a deal, but to most people, there isn't any real difference between Linux and Unix...
Obliteracy: Words with explosions
Bluetooth should be turned off out of the box. If an end-user is smart enough to know they want Bluetooth, they probably won't get hit with this attack.
"Here's a spoiler: You're will die alone."-Triumph the Insult Comic Dog
...better yet, a dialer that propagates itself and then sends out pre-recorded sales calls. This may sound crazy now, but will it sound crazy three years from now?
Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
Those who fail to learn from history, are condemned to repeat it.
Hate me!
I would love to see a simpler phone without features like Bluetooth. This would eliminate some of this out of the box. I may be in the minority, but all I need to do on my cell phone is make phone calls.
Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
``Oh look, Johnny sent me a new ring tone''
ZAP!
Until software companies will devote serious time to making sure their products aren't vulnerable like this, we will continue to see these types of monkey business.
So... This is the digital equivalent of an STD for 'toothers, right?
How did these 1-900 charges get on my phone bill?
I imagine that because of the cellphone frenzy there soon will be as much advertising (spam) in that medium as there is on the internet. Its just too big and too attractive a market to miss. And as cellphones get more and more features crammed into them - there will be viruses, worms, dialers. And they will be just as common.
Remind me to bring an infected phone to the movie theater every time I go.
So this is, like, the first real-world application of Bluetooth? A virus vector? You mean it's not just useless marketing hype-ware after all?!!! They are right, you learn something new every day!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I guess now the anti-virus software people now have themselves a new market to penetrate. I guess windows boxes were not enough to maintain their business model.
"I bow to no man" - Riddick
That old crank-operated phone on my parents' wall is looking better and better.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
Unscrupulous types will drive around the suburbs with bluetooth transmitters on the top of honda civics and old hiaces, broadcasting viagra apps into our phones while we eat.
E-marketers will place transmitters everywhere, including bins, bus seats and on signs in the middle of the desert so our phones never stop telling us about products that improve our lives.
We will all begin to recieve mysterious bills for calls we made to a premium rate talking clock number while we were asleep.
Our phones will broadcast our every move and spoken word to marketing agencies, who will happily charge us for a map of the route we took to work that morning, or for telling how good our
eloqution is.
Bluetooth porn spam will being blaring out of everyones mobile the minute that slightly dazed looking yuppie walks into the room with his brand new phone that he uses for browsing on the net and email and chat and buying stuff and everything!!!
This situation(commencing next week) will continue without pause, until, faced with users mass binning their mobiles, symbian forcefully create their own virus to patch the phone on the fly as no-one , apart from geeks, will have bothered to delete the patch.
You doubt me!?! You doubt my powers of foresight?!!
So do I, but I'm sticking with my series 40 phone just in case.
May the Maths Be with you!
Most people buy bluetooth phones and don't know what to use it for, just that it's another thing they have. (I have a Bluetooth phone, but only because my Powerbook also has bluetooth and can sync wirelessly. Otherwise I keep it turned off.)
Most people really just want a phone that can hold contacts, get really great reception, and lasts a while between charges. (And, outside the US, send and recieve text messages easily.) Why not focus on these features? The same reason most car commercials are about performance and showing off instead of reliability and gas mileage; people are more convinced by flash than substance.
Repeat after me: Something that has a lot of functions doesn't do any of those things as well as a dedicated piece of equipment. (PCs are a special case; software isn't.) Just like the only unitasker in your kitchen should be a fire extinguisher, the only multitasker in your geek lair should be your PC.
I'm in the hole of the broadband donut.
That is the sound of inevitability...
-- -pjk Perry Kundert perry@kundert.ca http://kundert.2y.net
Have you tried your local Goodwill or Salvation Army?
Even garage sales have old phones...
This post is half-funny, and half-sad. Phones are getting more feature-packed every year. Where I work, I am not allowed to have any sort of camera, for security reasons. When all phones have camreas, no phones will be allowed in my office. Sad, but true.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
Remind me when cybernetic implants come out, to not get one. The last thing I need is a worm infecting my cybernetic arm.
Really, this does not prove anything. It doesn't exploit any weakness in the system and very easy to avoid.
I am not sure how many of people who have posted before actually OWN series 60 device, but let me assure you that it's not as simple as accepting somebody's bluetooth transfer.
First of all, you must have bluetooth always on and your device available to all, which is really bad idea considering that it eats your battery much faster. Battery life of the series 60 devices is pretty small as is. Having bluetooth on is sure way to kill it further.
Second, you will have to go through few steps of actually INSTALLING unsigned application. This is VERY intrusive.
Third, this thing does not auto startup. So, when your device is drained off battery, it won't run by itself as far as I can see.
All in all, very poor attempt to create a malware for Series 60. I am sure you can get much higher propagation by installing an autoexec worm inside of S60 warez releases.
Other avenue to look into is malformed MMS message that does buffer overrun and allows to execute arbitrary code. Now this would be a real baddy because you will be infected as soon as you open a message.
Nice try, but no cake.
-- shortcut - the longest distance between two points.
It has to be assumed that any system open to the general public, can be expected to come under hostile attack from hackers/spammers/criminals/terrorists. All hardware and software deployed in the field needs to be examined carefully for this. It is even more critical when you have a "monoculture" of HW/SW, since one exploit compromises the whole system.
History has shown time and time again, hackers will expend a great deal of effort to compromise any accessible system even if just for the heck of it.
My rights don't need management.
It may be related to this morning's Akamai DNS problems. Many large sites aren't easily accessible at the moment.
Developers: We can use your help.
I have a T730 with Verizon and the phone isn't KISS at all, it's pretty complicated, capable of downloading and running software.
What bothers me is the *fake* simplicity and lockout. Why can't I just hook this phone to my PC with the USB cable and access the filesystem, transfering programs, ringtones, images and so on to the phone? With the phone software I can get some address book sync (it's such a shitty package, I regret buying it).
Of course, I know it's all about Verizon making money off of downloads, but its such bullshit selling a "closed" device with fake simplicity. Yes, I know I can get warez copies of Moto phone tools, but how much harder would it be to make the phone show up as a USB storage device? The addressbook as a CSV file? A directory each for tones and images?
Modern phones have infrared, right? So what if you combine the worm with this idea? >:)
Dammit, and I was just starting to get the hang of Toothing
I mod down so you can mod up. Your welcome.
- Bluetooth has a 30 ft range.
- by shorting battery life users will be less likely to carry it to remote systems (a dead phone cannot transmit it).
- Bluetooth connections must be accepted.
- The file also must be accepted.
It is very similar to a virus being spread by email attachments. Most likely the only fix for this would be a stronger warning on the phone when a file is being passed from a Bluetooth connection.The grass is only greener, if you don't take care of your own lawn.
...but also other Symbain OS phones like Sony Ericsson P800/P900 and Motorola a920/a925.
if their competitor's OS was plagued with viruses and not theirs
:-)
yes but on a historical basis/precedent, it's not very likely, is it?
Perhaps we should not have sent away all the telephone sanitizers.
"Danke daß Du mich gemolken hast" said the German cow.
What happens when the newest worm automatically dials 911. The system would be absolutely swamped, cops would be running around because when someone dials 911 and hangs up they still have to call, many people that actually had an emergency would never get through. It would be a serious disaster.
I'm a firm believer in the philosophy of a ruling class. Especially since I rule. -Randal, Clerks