Slashdot Mirror
Are Cell Viruses A Real Threat Now?
Celpha writes "According to security firm F-Secure, a Trojan virus (Cardtrap.A)
attacks Symbian mobile phone operating systems, attempting to infect users' PCs if they insert the phone's memory card into their computers. From the article: 'We expect to see more of this on the mobile front,' an F-Secure chief research officer said. Trend Micro issued a media alert stating it is a 'fully functioning' mobile threat. However, Antivirus firm Sophos slams the claim of this first example of a serious mobile malware threat as just plain bonkers."
'We expect to see more of this on the mobile front,'
I bet you do, as you are probably already hard at work to make it happen.
---- Take the Space Quiz!
Everyone knew this was coming. Anything that has any type of software code will eventually be exploited or tried to be exploited at some point.
[%] Cingular Ringtones
TrendMicro claims that the Symbos_Cardtrp.A trojan is a "fully functioning threat", while Sophos dissmisses the entire thing as "bonkers". I'm thinking that the truth is rather in the middle.
The Symbos_Cardtrp.A trojan is one of the first clumsy attempts at this sort of thing, but we all know that the malware only gets more sophisticated and polished over time. People certainly should be alarmed about the appearance of this trojan...not because it itself is all that threatening, but because it clearly demonstrates the potential for mischief.
As Raimund Genes, president of the firm's European Operations, said: "This attack is really a proof of concept and may be an indication of a new type of blended threat to come." You can bet that as cellphones become more sophisicated and more interconnected to our computers, malware authors are going to turn this into a genuine threat.
In short, while it's rather sensationalistic to tout this as a "fully functioning threat", claiming that there is nothingto worry about disingenuous in the extreme. Sophos' claim that paying attenton to this threat distracts sysadmins from the "real threat" of attacks on Windows desktops is pure sheepdip. Imagine if we dismissed out of hand the new threat of infection via USB thumbdrives, because we were all too busy paying attention to the "real threat" of infection over the network?
____
~ |rip/\/\aster /\/\onkey
yeah, my Motorola phone caught a cold, and it passed it along to my PC.
If you are going to quote some one, quote them completely.
From TFA(emphasis mine):
"We expect to see more of this on the mobile front," Hypponen said. "We may begin to see Windows viruses spreading to PDAs that are synched up to computers, or go from PCs to mobile phones with the memory card."
This slashdot-related signature is a stub. You can help kihjin by expanding it.
I am calling on all hackers and script kiddies to stop writing malicious code for cell phones and start writing codes that allow me to get a connection (place a call) without my carrier knowing.
$39.99+ is far too much to pay per month. I want free calling. And I am not talking about cloning, I am talking about getting on Verizons antenna and placing calls from my phone without them seeing it, or seeing who owns the phone.
No, I came here for a good argument..
Just buy a damn PHONE. You know. Those things that used to just go ring-ring, and you pick it up and talk on it and maybe keep an address book on? I still use a Motorola V60 flip phone. No windows/PalmOS/WinOS/WinCE/PocketPC/2003 crap to worry about. Ring tones? No thanks. I'm not 13 anymore, trying to make some sort of 17-second "statement" to the crowd around my ringing phone. Sometimes simplicity is the key. K.I.S.S. metheodology is still around for a reason.
I got paid by a major company in the mobile field to develop Trojan horses for Java, Symbian, PalmOS and Windows Smartphone.
The goal was not to release "in the wild" but to showcase the need for funding for mobile phone security.
Nevertheless, pretty much nothing has been done even though modern smartphone OSes are incredibly close to allowing excellent OS security (MMU enables kernel / user separation).
It's pretty easy to do fancy stuff once you get in the mindset of an attacker. Like waking up the phone at midnight to place calls to a premium number. One doesn't even need to stack-smash to have fun (that is harder on ARM platforms bc you have to develop your own shellcode anyway).
The problem is especially important for wireless operators because people pay with their mobile phone. While that is the basis of revenue, it also enables major fraud (very much akin to what the "dialer kits" do to modem owners by silently ringing 900 numbers).
Examples:
* There's a WAP (wireless browsing) service where you can download ringtones for $2. What if a program on your phone starts downloading those silently?
* In some countries SMS are charged with a premium. What if a program are sending premium SMS without your knowing?
Of course it's also important for users ("what if a Trojan posts my phone book to some website", "what if a Trojan gets my location from the network and gives it to my wife". It's also important for security that the phone not be transformed into a jammer by changes in the radio firmware / software, but that's harder to do.
Hopefully the players involved will wake up before we find a nasty one in the wild.
It irritates me when trojans are lumped with the virus crowd. This requires a user to ACCEPT and INSTALL the application before it becomes an issue, it is useless without that user interaction.
An Eye for an Eye will make the whole world blind - Gandhi
Cell companies would make cell phones that didn't rely upon such an exploitable OS.
Granted Symbian is nice, looks pretty, but everyone I know with a cell phone running Symbian also complains that the phone is so slow to respond.
All the old Nokia phones were extremely fast, responsive (no 3-4 second lag waiting to go back a screen just to look at one freaking phone number) and best of all, didn't require such an exploitable OS because at the time, it was all hardware logic-control.
I don't know what the OS is on my Kyocera Phantom phone, but even it's slow to respond to keystrokes, and it doesn't have all those little capabilities that most phones nowdays have.
Simply put, as long as phone companies use software instead of hardware to control a phone, there will always be a threat of software infection.
Just an opinion...
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
What? Phone viruses?
Damn, we shouldn't have sent all those telephone cleaners off in the B ark!