Slashdot Mirror
'Metal Gear' Symbian OS Trojan Disables Anti-Virus
Omniscientist writes "Just when you thought your Series 60 smartphones were safe, a trojan has surfaced with a two-pronged attack that also in turn disables any anti-virus protection available. Infosyncworld has news about a trojan masquerading itself as a port for the Metal Gear game that disables all anti-virus software on the phone and other necessary utilities like file managers. Also, it affects other phones nearby it via Bluetooth. This trojan has been dubbed 'Metal Gear.a,' quite aptly."
So now I need tin foil for my cell phone, too.
Well, I don't really have a cell phone, but if I did..I'd need tin foil for it.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
I just want an unstoppable cell-phone virus that permanently disables ringing... then I could cope with the things being about.
..when the purple-stuffed webworm in the flap jaw space with the tuning fork does a RAW BLINK on hairi kairi ROCK!!!
I NEED SCISSORS!
61!!!
HAHAAHAHAHAHAHAHAHAHA
... so how do they justify the hike? Oh they add in Java, cameras, ring tones, etc... You want a toy? Buy a gameboy. A phone should be phone.
This is what you get for making a phone "more than a phone".
Well that and price gouging. For example, a "quad-band GSM" phone often cells for $300 more than the average dual-band. However, going quad-band is mostly a small change in terms of the radio/hardware as it's just off by 50Mhz [e.g. the SWR won't be that high].
Hahahahahahaha
Tom
Someday, I'll have a real sig.
there are some other worms too... i guess one of them puts the picture of skulls in place of all your icons. can any slashdotter put up a link to all the known mobile worms and viruses, plz...
I use a v66 dumbphone. It makes phone calls It stores phone numbers. It does voice dialing But I haven't figured that part out yet.
So don't panic too much about the Bluetooth infection method. When something truly independent like Code Red can spread via Bluetooth, that's when people will start leaving their mobiles at home. Hang on, there's an idea...maybe I can sell it to rail passengers and restaurant customers and make $$$$?
When I am king, you will be first against the wall.
But this isn't one of them.
People laughed at me when Bluetooth was first announced. I said I didn't want my cell phone or PDA being frisked by other units as I walked around.
I still refuse to carry any Bluetooth equipment. Who's laughing now?
And, more importantly, how long until a crooked cop uses such a vulnerability to plant evidence on your PDA?
There's going to be a day when all cell phones are running servers over wireless for p2p communications. When that day comes, walking past the wrong person will hose your phone.
Burn Hollywood Burn
Gah! The thought boggles the mind.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
"Oh look a Metal Gear Port.. horray downloading..."
"Dude you're cell.. it's dying I think..."
"Snake? SNAKE?! SSSSSNNNNAAAAAKKKKEEEEEE!!!!!!"
Just a boy doing unproffesional IT work that's way above his head.
Does anyone ever think of hitting the off button on there bluetooth?
I fell asleep last night with the comfort of knowing that all Series 60 phone users were safe. In fact, I said a little prayer giving thanks for that. Tonight, I doubt I sleep at all, what with all the worrying I will do for those poor, poor series 60 phone owners.
You can install a program on your computer that does bad things. Also on your Symbian mobile phone if you really really want to and decide to discard multiple warning messages.
Any real fan of the series would be expecting a set-up, anyway.
What if someone were to find an exploit in a few cell phone OSes? Then find an exploit in the routing software/hardware of cell towers?
Infect their own phone, that infects every cell tower it cells to, and that tower infects every cell phone it can see, etc.
I'd make the payload somthing to either disable the ringer, or play some annoying loud-ass tone for hours.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Symbian OS is nothing to do with Microsoft or Windows.
I spent ages trying to think of sig, but never did
"People laughed at me when Bluetooth was first announced"
I choose to steer clear of it due to its really idiotic name, anyway. It does not sound like high tech. It sounds like something you find in someone's mouth in the front row of a Willie Nelson concert.
Embedded MS crap... I guess this is a troll. Regardless, Series 60 phones don't have any "MS crap" to my knowledge. The OS is Symbian, which has been putting out a good mobile OS for years (I had a Diamond Mako--rebranded Psion Revo Plus--PDA thing that I loved until the nonreplaceable battery crapped out far sooner than it should have). Sun's Java is also installed on Series 60 phones. Unless Bluetooth is somehow MS-related, you're either completely misinformed or trolling. The AC status of the post indicates the latter, I guess.
Honor Among Slackers. A veri
You're right, why carry around a compact device that can take pictures, play games, sync with my calender and e-mails and allow me to make calls, connect to the internet and now stream videos when I can carry around a Gameboy, a phone, a pda and a camera and a laptop!!
I spent ages trying to think of sig, but never did
I guess I should expect to see people staring at their phones going "Snake? SSSSNNNNAAAAAAKKKKEEEEEE!!!!"
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
Funny, I do want those features, just because you don't doesn't mean no phone should have them. You can still buy phones that do pretty much nothing useful other than being a phone, I reccommend you buy one of them; I'll buy one with a calender and games (since that's what I want).
I spent ages trying to think of sig, but never did
go ngage! go ngage!
The war with islam is a war on the beast
The war on terror is a war for peace
Actually, I'm laughing pretty hard at the thought people don't know you can disable bluetooth on phones.
I only turn mine on when I'm synching with something or using it as a data connection with my laptop.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I'm getting around these problems, as I have done all I can to make my mobile phone very secure. You can see a photo of the modifications so far.
Don't blame Durga. I voted for Centauri.
I am the shotgunner! Nobody has ever gotten me off their cell phone!
...and now the phone have started to vibrate...
It would be cool if it didn't suck.
For those with broadband.
That's awesome, but I wish these guys would put their brainpower and idle time towards something more productive, like OSS software development.
The problem is that much of what needs to be done is boring and/or unchallenging. Some folks program because they like to solve problems, the "journey", not because they have a strong commitment to a project, the "destination". In the OSS world there are lots of people who would like to work on the interesting things and if they cannot they are more likely to not contribute than go work on the boring parts. Commercial software has an advantage here, do the drudgery, collect a paycheck. The solution: more donations, less "free beer", that fund programmers to work on the boring stuff.
Well, kinda off topic... An InfoSec Christmas Carol - Tw4z t3h N1t3 B3f0r3 Xm4z #end shameless self-plugging #note: at least I'm honest
Makes me think that a Metal Gear Solid game would be a good idea for a phone, and the best part is that your service provider could bill you for each codec call you initiae to Meryl. And Revolver Ocelot could torture you by making you type an inane text message as quickly as possible using all capital letters and the words LOL and L8R.
And of course let's not forget being able to sit on a bus and make every other passenger listen to Liquid scream "SNAAAAAKE! PREPARE TO DIE, MY BROTHEEEERRR!!!!"
Yup...
Shuddering in anticipation of the "Naked Raiden" virus...
Metal Gear: Worm Eater
God spoke to me.
Uh, why would you need ANY of those things?
On second thought, I will give you the laptop.. I am a consultant. I feel naked unless I am carrying my laptop.
If you don't like it, don't fucking buy it!
Well, I'm not a fan of fancy phones. But if they include that picture as one of the features, they just sold me.
Well, I need a phone of course, I want a PDA for work, e-mail calender etc (work related) I also like to listen to music (my phone works great as an mp3 player), Games are nice (solitaire on your phone!)
I spent ages trying to think of sig, but never did
Nokia, IBM, Ericsson, Intel, and Toshiba were the founding members in 1998. Today there are thousands of members, but note that on the board of directors section of the webpage, Jeff Kosar is the Product Unit Manager and he is from Microsoft Corp. However I'm not going to blame Microsoft automatically for the problem if there are 2000 or more companies contributing to the technology.
Nonsense, very poor analogy. The basic phone is a ubiquitous device that everyone knows how to use, that should not need an instruction manual. The cellphone should be the highly portable incarnation. "Grownup" models, forsakes the "kiddie" crap and make it smaller or enlarges the battery, are needed too.
I'm dreading the day when my four year old Motorola StarTAC dies.
I'm sorry I don't require the same level of standard from my devices as you do. I use the camera on my phone for fun, I'm not a professional photographer, I just want snap shots of me and my friends having fun and the 1.3 megapixel camera on my phone does a damn good job of it. The internet on my phone (Motorola A1000) is perfectly useable (mostly thanks to Opera's SSR technology and the large screen), and I find that most the websites I visit even have small screen friendly versions (such as news.bbc.co.uk). Streaming video is equally enjoyable due to the large, high resolution screen.
If I wanted to spend 4 hours doing reasearch on the internet or If I wanted to take hi quality photos at a special event then I'd proabably use a more appropriate device, but since 99% of the time my phone will surfice for what I need I am happy with it.
I wouldn't consider the functions on a modern phone "sub-par".
I spent ages trying to think of sig, but never did
i read this page just to find the first one of these. Hello :) Glad it's not just me that gets confused.....
You don't have to use the adjective 'crooked' in front of cop anymore. The word cop says that itself these days. If you need to denote a cop who is not crooked, you HAVE to say 'Honest' cop however. Otherwise it is assumed that they are crooked.
That's why if I were to actually go about writing a virus, it would not actually disable any existing antivirus software at all, but would make suitable patches to the most common ones so that my virus would simply not be detected by it, thereby convincing most people into naively believing that their antivirus software is running as expected during what is actually the virus's dormancy period.
Why nobody else has tried this is beyond me.
Does the fact that I would even think of something like this make me a bad person?
File under 'M' for 'Manic ranting'
I agree on some level, but my sidekick II helps out a lot when I needed to lookup a review of a game that I never heard of. saved me tons of money
,a gameboy and ipod for that.
But the games, camera and mp3? I have a digi cam
Just wait until people are bugging all your conversations by using your own cell phone right there in your pocket. Companies will need to ban cell phones from conference rooms because people can't trust them.
You think Windows is riddled with problems? Just wait until you see what script kiddie Bluetooth "hackers" do to people who don't even know their phones HAVE Bluetooth, let alone what to do with it.
[insert sig file here]
Thats assuming you would need to actually carry around that much junk all the time...
Who the hell needs a swiss army knife of all that junk anyways...
Isn't that kind of like asking who needs a Swiss Army knife?
Honor Among Slackers. A veri
So who has more free time on their hands - the people who play online games on their phones or the people who write viruses for people who play online games on their phones.
I swear it's slackers like you that will lead to more ridiculous regulations.
" Nokia 5190 pwnz joo."
Yes, but its word suggestions suck.
I have to disagree. My cell phone is more than my phone. It is a device that I carry with me for many purposes. Sure I get calls on it, but that isn't the most important thing I use it for.
My main use for it turns out to be a clock that isn't uncomfortable to wear (I hate things on my wrist).
It also has some simple games good for keeping me entertained while waiting for the waiter to bring my order. (this is slashdot, of course I don't know any girls to eat with)
It is a handy kitchen timer that I can hear even when I'm at the other end of the house. The phone is on me, not the stove.
There is a useful calender that reminds me when important events come up. (A pain to enter them)
There is a calculator for times when I need to deal with more digits than I can remember at one time. I wish it has hex and graphics functions, but it works.
There is a camera attachment. Sure the pictures are poor, but it works, and I'm more likely to have this with me than a fancy camera.
All this, rolled into one tiny 1.5x4x.75 (inch) device.
Help! My phone slash mp3 player slash radio slash camera slash calculator slash agenda slash gaming device slash clock got a virus!
Actually I was in an channel some weeks ago and this dude was really upset on Noka for
1. Trying to sqeese the developers to pay for some "extended" "PRO" program,which you'd have to join (pay money) to get some API's (crypto etc),Documents and support.
2. Not releasing CodeWarrior mobile for free (They bought it), instead they are trying to squeese the developers for their last dime.
3.Not releasing the emulators for Linux (You have the J2ME ones...), even though they have been kind enough to provide you with an old gcc (crosscompile) on their site.
Well he went on (I prob missed a few things here) and said that someone ought to make some bad malware to "Phuck em up". I am seriously!! That was what he said (hackerish eh?...).
Was it this dude or was it someone else doin it for some other reason??
Just when you thought your Series 60 smartphones were safe, a trojan has surfaced ... that disables all anti-virus software...
If the things need anti-virus software, they were never safe to begin with.
Edith Keeler Must Die
Don't be such a luddite. Just because you see an example of stupidity and ineffectual use doesn't mean the rest of us can't figure out how to use our technology in an efficient way.
My phone is hooked up via bluetooth to my headset, pda, and laptop. Depending on where I am at any one time, incoming calls are routed to the headset (if I want), show up on the screen with the matching profile plucked from the laptop's address book (if I want), or SMS's are sent back and forth between the PDA or laptop (if I want), and email arrivals are announced from various IMAP servers as well as downloaded if neccessary (if I want).
Did you catch the magic phrase in that previous paragraph? Let me iterate if it's not clear: IF I WANT. The option is there. It isn't always on, because sometimes, it's completely useless. Other times, it's completely invaluable... and the ease at switching between working modes is literally one button. Oh wait, if I have to interface it with my PDA or laptop, I have to lift up the laptop cover or turn on the PDA.
It still acts very well as a phone. None of the features interfere with the added options (and if they did, I'd sure as hell return the phone right away). Find a phone that does the basic well. If you want more, seek those options out. If those further options diminish the quality of the basic functions, you made a bad choice. How hard is that for you folks to understand?
Gee, phones with after-the-fact anti-virus software. Java. Custom games. Trojans posing as games. All because Symbian's the most popular OS for phones.
:-)
I don't suppose there's a Limited User mode for a phone, is there?
Use Evolution instead of Outlook? Bewa
At first glance I thought the article title was "Metal Gear Sybian". Whoa! Sounds painful.
For a bunch of self defined "nerds" people here sure have a problem with high tech phones. I guess they have never wanted to look something up on google in the car, or connect their laptop to the internet wirelessly, check their email, or take a picture of something funny or important.
My nokia 6600 is awesome, gets great battery life, and reminds me when i am supposed to be places. Bluetooth lets me transfer information from my laptop to it, such as contact and calendar events.
It has revolutionized the way I use my cell phone,
If all you want to do is talk on the phone, thats fine, but as a bunch of nerds you must see how the smart cell phone is the future. Oh yeah, it never drops calls either.
What, if anything, does this story have to do with adding/decreasing the credence of the "security through obscurity" myth/theory?
Is there something really valuable to be gained by hacking Symbian phones? Some financial motive that gets people motivated to hack. Or is it just an insecure OS easily hacked?
Don't be such a luddite. Just because you see an example of stupidity and ineffectual use doesn't mean the rest of us can't figure out how to use our technology in an efficient way.
The problem is, it's not an example of stupidity, it's lots of them. People as an aggregate are stupid (MyDoom required user intervention to spread, no holes were taken advantage of)
I find my Sprint phone's browser handy for controlling the lights on my house. I have a web page set up (in the same vein as the guy with the X-10 Christmas lights) that looks good on the screen and is easy to use with the phone's interface. Since Sprint doesn't chage per byte or whatever, I can use the browser as much as I want. Although I don't really use it much, it's great for turning on the front door and driveway lights as I'm pulling up at night.
Text messaging is good because I like to avoid bothering people around me whenever possible. And the camera phone was great for the time I saw someone in an SUV drive around the "road closed" construction barricades and right into a big hole they had cut into the street. Only the back end of the vehicle was visible above street level. Priceless.
this is my sig
Where's my mobile firewall? 3G TCP/IP, BlueTooth, IR, serial... my "MiniMe" is wide open to any attacker who comes around.
--
make install -not war
Metal Gear Solid Worm? Like as opposed to a solid snake.
And is there a Liquid Worm out there, lurking?
(and no I am not a fanboy; those games *SUCK* big balls: I always though the solid and liquid snake names were some obscure Japanese fecal-matter reference).
In the free world the media isn't government run; the government is media run.
You hit on an intersting idea, the phone as a universal remote. Maybe they could stick an infrared transmitter on the end of it and put in a library of electronic control codes (TVs, stereos, etc). The phone could become a real "swiss army knife" electronic device.
Plus you could use the infrared device for transfering info between phones (contact info) but Bluetooth obviously can do that also.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
It is obvious that this is part of a conspiracy by the Patriots to cause an "apparent malfunction" within GW.
FISSION MAILED.
Waht the hell is a LEO? The generally accepted defination of LEO is Low Earth Orbit. What the heck are you noting?
"BitPim is a program that allows you to view and manipulate data on LG VX4400/VX6000 and many Sanyo Sprint cell phones. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based phones."
http://bitpim.sourceforge.net/
I've been using this with my LG vx6000 phone so I can use it as calendar and update from my work or home computer. Works for me...
Hmm.. Apparently nobody here has seen the movie Cellular ..
It's true. Viruses can bloom on the battlefield, Snake.
"We need to get over this notion, that, for Apple to win... Microsoft must lose." - Steve Jobs, 1997
Why couldn't they have taken the cool path and named it "FOXDIE"?
ADVENTURERS! - ANTIHERO FOR HIRE - CARDMASTER CONFLICT
Exactly. Why should my cargo pants go to waste? I have a phone, a calculator, a Neuros, a multimeter, a soldering iron, wire, solder, wire clippers/strippers, cat5 cable, cat5 terminators, cat5 crimper, and sometimes more, ALL IN MY POCKETS! What's in my pockets Gollum?
Not a sentence!
They already have an IR tranceiver on them, it was the precursor to Bluetooth. All you need is the right bit of software to turn it into a universal remote.
l eItem&ida=152
http://www.psiloc.com/index.html?action=ShowArtic
"Taligent is still pure vapor. Maybe they'll be the last who jumps up on Openstep... "
I'm not directing this at you, I'm directing this at the "community" at large. Your post just reminded me of this other problem.
**We** should be contributing to various organizations. As I said in the other post, less "free beer", consider it tipping the waitress/bartender. I guess this is the other OSS shortcoming, too many people expect others (government, companies) to pay. Few people donate their own time or money (buy CDs from org rather than download ISO, etc.) but they have lots of suggestions on how others should spend money or time.
I agree that some more personal donations would help. But I'm just pointing out that many companies and governments, which aren't in the business of selling software, would probably save money in the long run by financing OSS projects which they need instead of continually paying some overpriced vendor. The example of the German government commissioning Kolab I think is a good one; it probably cost them far less to pay some contractors to build this for them than it would have to pay per-seat Exchange2000 licensing to Microsoft every year (plus, that money stays in the country, which is always good). If lots of companies, and even better, governments, did this, OSS would really explode, even without individuals contributing any money. A lot of high-profit software companies would be in trouble with their shareholders, but that's their problem.
The problem is that governments are not really interested is saving money or OSS. In reality it is "local" politics. The German decision may be viewed as a jobs program, or possibly seeding a domestic software industry.
It is not government's role to take down high profit companies, and it is not only the company shareholders that would be in trouble, it is the employees who would be in trouble. The executives and such have their golden parachutes, the little guys get screwed. Things are far more complicatd than you suggest.
Up Up Down Down Left Right Left Right 1 2 #
It is not government's role to take down high profit companies, and it is not only the company shareholders that would be in trouble, it is the employees who would be in trouble.
You're missing something: the world has countries other than the USA, and it's not the job of other countries' governments to enrich companies in the USA.
If I were a taxpayer in Latvia, I would absolutely want my government to seed a domestic software industry rather than send money to some big corporation in the USA. The German government's decision here was absolutely the right one.
The problem is that governments are not really interested is saving money or OSS. In reality it is "local" politics.
Huh? Since when is it not the job of government to wisely spend its citizens' money? Again, you're viewing the world through USA-tinted glasses. Here in the USA, the government is indeed corrupt and does everything it can to give handouts to the rich and doesn't bother saving money or supporting local industries. However, not all countries' governments are this way, nor should they be. Luckily for the Germans, the German government appears to have domestic interests at heart and doesn't freely send their money overseas.
You're missing something: the world has countries other than the USA, and it's not the job of other countries' governments to enrich companies in the USA.
I have missed nothing. You are restating my opening comment: "The German decision may be viewed as a jobs program, or possibly seeding a domestic software industry."
Here in the USA, the government is indeed corrupt and does everything it can to give handouts to the rich and doesn't bother saving money or supporting local industries. However, not all countries' governments are this way, nor should they be. Luckily for the Germans, the German government appears to have domestic interests at heart and doesn't freely send their money overseas.
That is naive. Government corruption and waste is not USA-specific. There is no shortage of it in Europe. Also, the USA protects and promotes its companies as well as a means to protect jobs, tax revenue, etc. It has no need to promote OSS because the dominant companies are US based. In areas where the US is not dominant there have been similar activities. Things are far more similar on both sides of the Atlantic than you suggest.
Heh, good one. And I guess the removal tools would be labeled 'Foxdie' by the community...
- White Knight of the Order of Mihoshi Enthusiasts