Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mabir.A Virus Targets Symbian Phones

Posted by timothy on from the what's-a-good-synonym-for-malice dept.

adennis writes "Exploiting bluetooth and weaknesses in the OS, the Mabir.A virus, like its predecessor, targets the version of the Symbian operating system running on Nokia Series 60 handsets. Since Symbian is the dominant smartphone OS, found on phones made by Motorola, Siemens, Sony Ericsson Panasonic and Nokia, this virus could have great impact. Will mobile OS companies, like desktop OS makers, have to start an automatic update system, or will the OS creators have to start making their software secure?"

19 of 199 comments (clear)

  1. Same thing? by soniCron88 · · Score: 5, Insightful

    Will mobile OS companies, like desktop OS makers, have to start an automatic update system, or will the OS creators have to start making their software secure?

    Wouldn't an automatic update system serve to make the software more secure?

    --
    Digital Sailor
    1. Re:Same thing? by ManikSurtani · · Score: 5, Insightful

      Yep, pretty much, except that I believe the author meant that s/ware should be written with security in mind from the outset.

      On a different note, what I'd loathe to see (but may be inevitable) are goddamn antivirus programs for phones. Imagine those things updating their virus dbs, etc. every time you switch on your phone...

      --
      -- Manik Surtani
    2. Re:Same thing? by Cat_Byte · · Score: 3, Insightful
      Wouldn't an automatic update system serve to make the software more secure?

      From TFA...this is a bluetooth virus. This is no different than all of the wireless routers broadcasting ssid with no encryption and the default admin password still on there. The only update that would save people would be one that forces you to change the password from 1234 if you have bluetooth enabled and are broadcasting your ID.

      --
      Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
  2. virus by theseeria · · Score: 3, Insightful

    again?....whats the point of viruses in the first place.. evil teens with no life

  3. Remember when viruses were cool? by Dancin_Santa · · Score: 5, Insightful

    There was a time when a virus could install itself just be latching onto a 3.5" disk boot sector and infect tons of machines without anyone having the slightest clue as to its existence.

    Nowadays, viruses are so pussified that they need to ask the machine owner to install them. How sad.

  4. Security? by Morlark · · Score: 4, Insightful

    I'd say they'll be wanting to make these phones secure, and be sharp about it. Fair enough, these phones with sophisticated OSes are fairly new, and you might expect them to get hit by viruses to start with, but now that the first few viruses have struck the phone companies are going to want to get these phones as secure as possible, so that they can't get attacked so easily in future. Obviously, there's going to be a need to continued updates, as viruses continue to develop and evolve, but more basic levels of protection need to be introduced first.

    --
    Santa's suicide mission go!
  5. Ofcourse they have to be secure. by flubbergust · · Score: 4, Insightful

    Why shouldnt the creators make the system more secure? Its their responsibility to make it more secure. What if you have to dial 112 (911 for people in other parts of the world) and you cant? Phones have to be secure. I can live with my Windows box isnt but damned if my phone isnt secure.

    1. Re:Ofcourse they have to be secure. by jcostom · · Score: 3, Insightful
      You know, in fairness, that even if you're foolish enough to leave your bluetooth device set to be discoverable, you still have to accept the file being sent to you, unless it's coming from an already trusted device - something you've paired with.

      Anyone that gets infected with this gets what they deserve. Hopefully at this point, you wouldn't open a strange file attachment, so why would you accept a strange file on your phone?

      --

      The unsig!
    2. Re:Ofcourse they have to be secure. by hc00jw · · Score: 3, Insightful
      I can live with my Windows box isnt but damned if my phone isnt secure.

      Why? Why can you live with your computer being insecure? Why do you accept this? Especially when there are secure alternatives!

    3. Re:Ofcourse they have to be secure. by ceeam · · Score: 2, Insightful

      Because most computers are nothing more than media center + game console. And secure alternatives are only as secure as their "root"s are. And if you can manage a "secure alternative" than there are good bets that you can manage your Windows box secure. And there are far fewer games for "alternatives". Yes, an email + browser pre-set Linux box for grannies is generally (slightly) more secure than the same box running Windows.

    4. Re:Ofcourse they have to be secure. by Morlark · · Score: 2, Insightful

      The sad thing is that people do open strange file attatchments. I don't really expect this behavious to significantly change on phones. People who make software, whether for PC or mobile phone just have to account for the fact that users are stupid.

      --
      Santa's suicide mission go!
  6. Well, I'm not impressed by KonijnenBunny · · Score: 5, Insightful

    I own a Nokia 60-series phone and much to my surprise I encountered the above mentioned predecessor (Caribe/Cabir) in the wild. (Yep, my bluetooth's always on)
    I received over 20 identical messages by Bluetooth messaging, all containing a single application-installation file: caribe.sis I had to approve the reception of the message first before I could view the contents. As I browsed the message contents, a further warning that it contained an application was issued, and I image the standard "not-signed" warning would as well if I'd try to actually install it.

    That's 3 warnings I would have to ignore before the virus is installed. Surely in this day and age anyone's brains would have kicked in and wonder whether it would be a wise idea to install an unknown program sent to you by an anonymous stranger? Mobile-phone virii are all still very proof-of-concept in my book...

  7. Elementary measures by Savage-Rabbit · · Score: 4, Insightful

    Will mobile OS companies, like desktop OS makers, have to start an automatic update system, or will the OS creators have to start making their software secure?"

    Not having every single Bluetooth service known to man switched on by default when the phone leaves the factory would be a good start. The first thing I did when I got my new PDA phone was to switch everything off except the BT Headset and File Transfer which I set to Maximum possible security since it wasn't set like that by default. Strictly speaking the FT services should only be activated on a need-to-use basis but I don't carry alot of sensitive information on my PDA phone and what there is I have encrypted on an SD card. That would incidentally be another good idea, if manufacturers were to install some sort of file-vault software as standard. I had to install the file-vault software as an optional software package from the companion CD that came with my phone.

    --
    Only to idiots, are orders laws.
    -- Henning von Tresckow
  8. Re:Want a surefire solution?? I have the answer. by imipak · · Score: 5, Insightful
    Want a surefire solution?? I have the answer. [...] And it ain't pretty. Death penalty for virus writers.

    What a great idea. I'm sure this will work just as effectively as the USA executing alleged murderers - brutal as it sounds, it has at least reduced the murder rate to one of the lowest in the world.

  9. Another FUD from F-Secure by S3D · · Score: 5, Insightful

    This theme is beat to death. So called "virus" require answer "Yes" three times to be installed. The most vocal reporter of these viruses is F-Secure, manufacturer of anti-virus software for symbian phones. Their CEO speaking on one of the previous virus: "somehow, I'm not sure exactly how this virus get installed on my phone" He did't remember answering "Yes" three times ?

  10. No OS creator cares about security. by akadruid · · Score: 2, Insightful

    will the OS creators have to start making their software secure?

    All commercial operating systems are written to the point where the security is just good enough to sell the product and no further.

    When operating systems are tied to the product or the vendor has a monopoly on their market then the point of 'just good enough' is reached long before the end user can regard the product as secure.

    I predict: Software security will only become worse as consumor adoption of future devices hostile environments such as the internet increases. Within 10 years, end users will be comfortable with performing routine software maintainence on a myriad of devices they currently consider reliable over the life of the product. This will include: all communications products; vehicles; home automation and security; entertainment systems; electrical white goods and diy tools.

    When the dominant multi-purpose operating system can be regarded as usuably secure out of the box for the life time of the product, then I'll reconsider.

    --
    "Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
  11. Worms by nmg196 · · Score: 3, Insightful

    Why is Slashdot's icon (top right) for the "worms" section a picture of a caterpillar, which is in no way related to a worm?

  12. Re:Another FUD from F-Secure by tomstdenis · · Score: 2, Insightful

    You're assuming they're not the ones who wrote the virus in the first place...

    Simple trick, don't buy phones known for crappy security. Symbian phones have been attacked before...

    Though I agree this highly bad virus that requires the users permission to install is hardly a "virus" and more of a darwinism.

    tom

    --
    Someday, I'll have a real sig.
  13. Re:Repeat after me... by hgavin · · Score: 2, Insightful

    > I will turn off bluetooth or set my phone's visibility to off.

    This version of the worm propagates by MMS.