Slashdot Mirror
Proof of Concept PocketPC Virus Created
SpooForBrains writes "The Register has reported that "Ratter" of the virus writing group 29A has created the world's first PocketPC virus as a proof of concept. This one has no payload and is polite enough to ask if it can spread, so the dangers are minimal, but it occurs that the possibility of PocketPC and Symbian virii suddenly makes the concept of bluejacking somewhat more sinister."
Do you accept the microsoft EULA?
Just like biological ecosystems, our information infrastructure has niches, and viral "life" will thrive in any niche it can find for itself. Same with spammers, they are exploiting a niche which exists to make money. Virus writers are exploiting computing niches which allow for this kind of attack.
It is inevitable that any networked system will suffer from these attacks. See the recent Mozilla shell exploits. We have Linux security issues, and as the OS gains popularity, we will start to see virii for it. It will happen.
We have basically created electronic primordial soup. Three cheers for compu-evolution!
Please bid on this Karmann Ghia! Please pleas
For spreading viruses need a sufficiently high density of potential victims. So your PoketPC is safe. The story is completely different if someone get this done on cell phones.
Unless there is a flaw on the implementation of the phone can this kind of virus really spreads?
-- tinyhack.com
Proof of Concept Amish Virus!
You have been infected. This virus works on the honor system. Please delete all files on your computer. Thank you.
How many times does it need to be said that the plural of "virus" is "viruses", not "virii"??
I mean, c'mon people, the pocket pc is running windows. This virus isn't exactly revolutionary.
At least now I can justify the Zaurus over the 'other guys'!
-
We've come to expect decent security on desktops and servers, why not PDAs as well? At least it may make manufacturers think twice before jumping on the MS bandwagon.
Duts may not be able to spread, but take out the bits that make it "benign" and you've got the makings of a real annoyance. Even if the source for this particular virus is kept safely out of the hands of malicious individuals, the fact that its now been proven do-able means others will try.
My patience is infinite, my time is not.
Anyway Pocket PC viruses are going to be rarer than one for Macs
Reminds of Donut , the .NET virus ... but there hasn't been a real one in the wild yet ?.
bash$ alias kill='chmod -R 0666 /'
Quidquid latine dictum sit, altum videtur
The user to my understanding still has to accept the incomming file. so just make it a polocy (like email) don't open a file unless you are expecting it. Better yet turn of bluetooth discoverbility.
What happened to the Trustworthy Computing paradigm? I guess if you now mention that to [Sir] Bill G., you might not get all that much! On the other hand, I ask myself why these coders (or virus authors) do not direct their energy to coding for OSS. So many projects need a hand. My help goes in submitting bug reports and cash whenever possible. [But] I could be wrong here, may be some already do something for OSS.
"Is that a virus in your Pocket or are you just happy to see me?"
-C.
It would be interesting if the affected Bluetooth-enabled Nokia phones mentioned in a previous article a few weeks ago were somehow able to transfer their goods to PocketPCs ... ...come on now, how many people do YOU know with a Bluetooth-enabled PocketPC, who leave Bluetooth discovery on? (I have an iPaq 2215, but Bluetooth is off to save battery life)
:)
This is a neat proof-of-concept, but I think these virus creators should go back to hacking cell phones if they want to make waves.
[an error occured while processing this directive]
if you have an ipaq 1940/45. It seems if something writes to the "filestore" the rom becomes corrupt and it has to be sent back to hp. As my main memory is basically full, I'll know when a virus hits; my ipaq's rom will need to be reflashed.
=================
Unix is very user friendly, it's just picky about who its friends are.
This proves that every networked computer device can be infected with a virus. This makes it stupid and illogical to assume that there will be no security holes on any given OS. What matters is how severe those security holes are, and how quickly they are patched. It is in that area that linux is firmly ahead of Microsoft (and perhaps OS X, I'm not sure).
Creating a Pocket PC virus is a trivial matter. It uses the PE format, so I'm sure it would be very simple to adapt virii to infect Windows CE files - basically just a recompile of the virus source to XScale / ARM (assumming it is not in x86 ASM).
.NET / C# bytecode.
Windows CE is actually more secure than Windows XP because the majority of the OS is in ROM. Those files are protected at the file system level - it is not even possible to read or copy the files, let along modify them.
After an infection one could always do a hard reset to quickly have a clean device that is at least usable.
Also, the amount of damage that could be inflicted would be moderate because most PDAs are synchronized with a host PC. So the information on the PDA is essentially backed up multiple times a day.
The real concern would be a virus that could propogate over multiple platforms running different processors. This is one reason to be afraid of
Dan East
Better known as 318230.
If memory space for running programs on my PDA was not limited enough. Now I'll have to waste more of it running a virus checker.
Steve.
I know it's being predantic, but Bill G has an honorary knighthood. Only citizens of countries which reconise the queen as head of state can have full or substantive awards.
The rules are explained a little better here
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered.....my life is my own.
There already are PalmOS viruses. See here for an example. The key difference is that PalmOS has had only recently gotten any sort of wireless connectivity. So these virus all spread via human intraction (i.e. Hotsync of an infected file, or IR beam of an infected file).
Give it time and there will be ones that spread via bluetooth or WiFi.
Bork Bork Bork!!
Unless there is a flaw on the implementation of the phone can this kind of virus really spreads?
It's not a phone virus, it's a Pocket PC virus.
From the article:
The first computer virus to infect handheld devices running Microsoft's PocketPC OS was discovered over the weekend... Cabir - like Duts - was a proof-of-concept exercise. In both instances, 29A sent its malicious code straight to anti-virus firms.
To my mind, the word "discovered" doesn't really apply here.
Previous attempts have been made to monkey around with handhelds. Google is now overflowing with this latest 'news' but I am pretty sure this is not a first. Palms have had their IR connections compromised. Pocket PCs were never going to be bulletproof in the first place.
This threat assessment might be useful to someone.
Shouldn't that be "please shred all files in your desk drawer" ?
May contain traces of nut.
Made from the freshest electrons.
> Windows CE is actually more secure than Windows XP because the majority of the OS
> is in ROM. Those files are protected at the file system level - it is not even
> possible to read or copy the files, let along modify them.
Keeping files in ROM does not inherently constitute a better virus protection.
Of course, altering a ROM file is (usually) impossible. However, any complex
operating system has a lot of options for RAM or FLASH based files to "hook-in",
and RAM and FLASH are certainly not impossible to alter.
A virus that hooks into the startup sequence of a pocket device is as effective
as a hypothetical one that managed to alter the ROM of that device. Sure, a
ROM device might have a "wipe-all" reset button that gets rid of the virus,
but it would get rid of all personalization data as well - files, installed
software, addresses etc.
So, how does that make the ROM device less vulnerable to virus attacks? It
can't be rendered completely unusable. Ok. But all the other threats continue
to exist. You can loose your data, you can spread the virus to other devices,
you could even sync a multiplatform virus to your desktop PC, etc.
Marc
Windows Mobile is easy enough to mess up without viruses. It implements the registry like on desktop Windows, only it's harder to backup.
Quite a few people on the E800 forum I read have had problems where their Bluetooth stops working.
I know the parent post was meant to be funny, but if you could make a palm virus, it could potentially be devastating. Don't know of any phone that runs PocketPC OS (Although i'm sure there are some...),but I know PalmOS runs on Phones (Like the Treo 600...). Any virus that could spread by calling could cause A LOT of trouble... like long-distance calls at random...
But unlike the Pocket PC OS, Palm OS is mutli-threaded, single-task OS. You would have to trick the OS into making the virus a new Thread of the current process... Not impossible but a bit harder to do...
I see to remember a article that compared the Pocket PC OS with PalmOS, stating that, while PalmOS was inferior, It was better designed for the job (it did not try to do everything)... I don't have the link (I'm at work)
Any Palm dev/coder out there that could comment?
I live in Soviet Canuckistan you insensitive clod!
The word 'virii' never existed in Latin. The plural for 'virus' can be 'viri', but since the plural of 'vir' is also 'viri' even the old Romans avoided 'viri' as plural for 'virus'. Ending a word with 'ii' is not Latin, it's not common in any language. It's as obnoxious as writing Micro$oft.
PalmOS viruses have already been reported. PalmOS has a larger market share than PocketPC. Can these numbers be used to understand the relative importance of availability versus vulnerability in the incidence of info viruses?
--
make install -not war
A grad student did this at ISU over 2 years ago when the iPaq was new. His virus didn't do anything harmful but it did propogate itself over wireless newtworks and was an interesting demo for the computer engineering ugrads.