Slashdot Mirror
First Destructive Mobile Phone Virus In The Wild
gbjbaanb writes "eek! the BBC is reporting the first mobile phone virus that causes damage is out and about. The virus only works with the Symbian Series 60's OS (no, not the Smartphone) and spreads through an adapted copy of the legitimate Mosquitos game.
Once installed, a hidden program sends SMS texts to premium rate numbers.
That's not so bad, no doubt the premium rate numbers will be switched off soon but the worst is yet to come - "typically we see them in the wild then copycat ones come along soon after," said Sal Viveros, director of wireless security at McAfee."
"Once we are in the 3G world, we basically have a broadband connection, so phones will be closer to PCs in terms of functionality.
"Having that connectivity historically leads to the spread of viruses."
Once more and more devices run the same OS/software and more and more people are using that same OS/software more and more viruses will be written for it. Bandwith has little to do with it.
SMS' to "premium numbers" are annoying and don't require massive mobile bandwith to work.
First, its not a virus since it cant spread on its own. Its a trojan if its anything. Second, since this only effects people who steal software, why should i care?
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
This is more a user intelligence program than a true threat to the symbian 60 series. If it propogated to all the numbers in a phone book (via SMS for example) then it would be something worth worrying about.
... a phone needs to be just a bloody phone.
As much of a technophile as I am, I'm starting to see a disturbing trend in technology...nifty new technology that's supposed to make your life more convenient (TiVO, VoIP, multi-function cell phones) almost always end up having problems, and end up creating a lot of stress and headache (although whether this negates the device's 'usefulness' is debatable, obviously). We've had telephones for quite a while now, same thing with cars, TV, etc, but all of a sudden there are troubleshooting prodecures for everything.
I don't want to live in a world where I have to download patches and updates for my phone, TV, cell phone, alarmclock, bathroom scale, toaster, fridge, etc, every other week, or worry about them charging me money or disclosing private information. Some things work just great already and don't need all sorts of crazy upgrading, networking, or convergence. If you had a portable game thingy (not connected to any network) to play 'Mosquitoes', you wouldn't have to worry about this!
With the first link, the chain is forged.
Does allowing an application to send a text message strike people as being a pretty bad design decision?
Phone applications/games should not be able to access any function that might cost the user money. Or if they do, then the OS itself should intercept and ask the user if they wish to allow the application to send the SMS / phone call / data call. "PsychoSolitaire wishes to send a message to +XX.YYYYYYYYY. This will cost £x. Yes/No/Never"
That is just sensible and obvious design.
How about the malicious code writer that actually caused your problem. I agree that good OS software should be implimented no matter what device it is running, but let's not let the REAL cuprit slide on this one.
Your mammas flamebait.
How droll. As a former AV employee, I wonder just how the hell you are supposed to run AV on something meant for phone calls? This stupidity will never end. Next,, you will need that really cool 3D screen and a better graphics card, and then a patch for that virus, and then a controller, and a patch for that virus....
Just yesterday I saw an article that said Open Source wasn't ready for Antivirus software. Well - duh! It isn't all that necessary - yet. Most viruses are ineffective on Linux/Unix/BSD/OS/X because of FHS standards, rights and permissions.
Cell phones that play games are about as useful as the teats on a boar hog (and that is a colloquialism). It's the same old game - sell them a useless but "neat" feature that violates sensible security and then sell them a patch to correct that stupidity that they have to buy and buy and buy.
If you spend your money that way - it's your choice really, now isn't it?
All Ad hominem replies happily ignored as the sender shall be deemed to lack the faculties to comprehend the equation.
You can't sue anybody. This is a trojan inside a pirated game. The only way it spreads is for you to deliberately install it. There's no way to differentiate it from a piece of legitimate software that sends text messages.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
I know, I was like talking to a friend the other day, and he said he saw a computer with "CD-ROM" device attached to it. What's the point in that? Who'd ever need to play music on a computer? All you need is to be able to print letters. Floppy disks ought to be big enough for everyones storage needs.
/sarcasm (circa 1992)
The problem is that marketers, in league with the propeller heads, keep finding more and more features that we don't need while ignoring the one feature that we all demand: reliable voice coverage.
Just because we can do something does not mean that we must or should do it. This is yet another example of a solution searching desperately for a problem; a feature (of J2ME) which is rushed to market in the hopes that everyone will go ga-ga over it, while the basic cellular service problems go ignored.
slashdot: A failed experiment.
They should never allow user software to access the dialing functions. Maybe there needs to be a user/OS partition in the phone so that untrusted software has to run in a small sandbox. The last thing we need is some malware disguised as a cute toy DOSing 911 numbers on a specific day.
It would be simple to have a popup dialog that would ask the user if they want to allow the app to dial a number.
Guru Meditation #6d416769.21610a21
A good feature for Symbian OS would be a sort of "mobile firewall" for user-installed applications, that notifies you before allowing random programs to do things like place calls, send messages or connect to the net (things that cost you money). If the program you're using is legitimate and you're aware of this, a simple OK would authorize the program to do that particular action (say, send an SMS). If the user said no, then the program's request would fail at the API level, no harm done.
It would prevent this sort of unfortunate situation from happening, because, who knows, the next piece of malware like this might install itsself to run all the time and pump out calls or messages, disable uninstallation or wreak any other sort of havoc.
Of course, in the end it all boils down to the end user's stupidity in installing and running untrusted programs, but a safety measure like this would be a good "last chance" before any actual monetary damage is done.
keep finding more and more features that we don't need while ignoring the one feature that we all demand: reliable voice coverage.
Why does everybody think cell phone manufacturer's are the ones who are installing cell sites? I can make a simple voice phone if I want to, but it's not going to do anything at all to the number of cells in the field. Cell manufacturers take the radio performance of their handsets very seriously -- but that means precisely jack when there's no signal to pick up, or your carrier doesn't have a roaming agreement with any of the networks your phone can see