Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cell Phones Responsible For Next Internet Worm?

Posted by ryuzaki0 on from the i-guess-they're-tasty dept.

nitsudima writes "The mobile devices you know and love are great for productivity, but they have completely changed the vulnerability state of our networks. Norm Laudermilch tells you why you should be afraid, very afraid." From the article: "The new and largely unexplored propagation vector for malicious code distribution is mobile devices. With 802.11, Bluetooth, WiFI, WiMAX, MMS, Infrared, and cellular data capabilities on almost all new models, these devices provide a wealth of opportunity for the transmission of data. With no notion of user access levels in the compact mobile operating systems, a lack of effective authentication, and no data encryption, these environments are prime targets for the incubation of malicious code."

8 of 109 comments (clear)

  1. I want a refrigerator by yagu · · Score: 5, Interesting

    No, seriously, what aren't they thinking of using cell phones for these days, except maybe making reliable, clear, and simple phone calls? Seems like the piling on of more non-cell-phone features on cell phones is not very well thought out. Couple the lack of security design in these added networking features with the possibility/probability more mobile phones are moving to embedded Windows (at least that's what I've read), potential for network compromise and disaster increases non-linearly (upward).

    What I find annoying and intrusive about this is I'm sitting here in my (our) internet universe working hard to make it reasonably sound, and these entrepreneurs trump that work with their one-off, disposable technology. So, I (we) eventually take the big hit for their irresponsibility. Sheesh, in every major park I've visited there's a requirement for pet owners to clean up after their pets, it'd be nice to see similar structure here.

    When they're designing these phones, and these networks, and what and how the phones work, does anyone in the room bring up the notion these phones first and foremost should be phones?

    In haste to be the first with the new features it seems the ramifications of what and how they add are considered little, if at all. It's money grabbing, and let the chips fall where they may, as long as the manufacturer is first and fastest with the latest new features. Sick.

    I find it ironic, paradoxical(?), one of the features so darling and network centric is text messaging. I've referenced this before the T-Mobile Sidekick got written into an episode of Gilmore Girls where Rory carried on a "conversation" with Daddy about arrangements to attend a function. I'm waiting for the next great headlines where someone discovered the newest and fastest way to communicate with one of these devices -- you can actually dial a number and talk to the other person!!!

    As for the "The mobile devices you know and love are great for productivity" statement, give me a break. Firstly I don't "love" them, and if by "great for productivity" you mean: great for interrupting the social flow of interaction; great for rude behavior; great for ignoring real world, then, okay, great! Not.

    (And, for those who feel they must beat me with their clue sticks, no thanks on advice about how to get phones that are just phones -- been there, done that... I know how to get around the system, I just don't think I should have to.)

    1. Re:I want a refrigerator by dnaumov · · Score: 5, Informative
      "In defence of text messaging, in most markets/countries, it's a hell of a lot cheaper, or even free, versus the cost of making a one minute phone call, so it's a highly cost-efficient (not to mention more private) way of communicating."

      Cost isn't even the issue for me, in my case 1 SMS message costs EXACTLY as much as a 1 minute phone call. It's all about the convinience. You can reply WHEN you want and you have time to think about WHAT you actually want to reply. Where I live (Finland), it's not uncommon for the youth to keep their phones on "silent mode" and communicate via SMS.
  2. Like All Other Hype... by MudButt · · Score: 4, Funny

    I remember how SARS almost killed of the human race too. And remember Y2K? I'm glad I had a bunker for that one! Oh, and West Nile! And remember how sick we all got from Mad Cow Disease? I'm just glad I have my duct tape and plastic bags.

  3. Bollocks! by Troed · · Score: 5, Informative

    With no notion of user access levels in the compact mobile operating systems, a lack of effective authentication, and no data encryption

    Absolute bollocks. The extreme majority of cell phones are running closed operating systems, and the only exposed APIs are Java (Java ME, MIDP). They are a lot MORE secure than anything else we're currently using - even on our PCs. They contain access levels (only signed applications can access certain APIs without needing to prompt the user), and they store their data encrypted if it's on an exchangable memory card or else it's stored in the phone's own secure flash.

    The extreme _miniority_ of phones so far running less secure operating systems are rapidly shifting in the same direction - look at the latest Symbian version as an example.

    Nothing to see here - move along.

    --
    it's in my head
  4. Afraid by kevin_conaway · · Score: 4, Insightful

    Norm Laudermilch tells you why you should be afraid, very afraid.

    I realize the submitter was probably joking, but has anyone else noticed that the same sentiment is exactly what comprises 90% (number pulled out of thin air) of media stories these days?

  5. ZOMGWTF by IamTheRealMike · · Score: 5, Interesting
    The native security features of today's mobile devices are not capable of protecting against attacks like this, so it would be trivial to infect, say, an entire coffee shop full of Bluetooth phones in just a few minutes.

    Says somebody who has clearly never programmed a mobile phone.

    The vast, vast majority of consumer phones are not the so-called "smartphones" that run traditional operating systems like Symbian or Windows, they run proprietary operating systems that have no publically known names and do not export any APIs, except for J2ME or possibly BREW.

    As an aside, J2ME consumer phones are often just as "smart" as larger, more powerful phone/PDA hybrids ... my own does calendaring, web access, has an IMAP client built in, is themable, plays music and videos, and has a 500mb flash storage facility amongst other capabilities. Yet by the standard definition it is not "smart".

    Anyway, J2ME has many flaws, but security is not one of them. If somebody finds a programmatic way to compromise a J2ME phone in the next 5 years then I will be very surprised. These things have no concept of processes or users, which is great, because this sort of security confuses the crap out of pretty much anybody who isn't steeped in UNIX security lore. Instead they rely on constructing (with a bit of help) a mathematical proof that the Java programs they're running don't compromise type safety, and then either interpret them or on Jazelle-based phones run them direct on the chip. This is safe and allows for a very flexible and intuitive form of security.

    The absolute best you can do on these things is social engineering or exploiting piss-poor UI (which is what Cabir does). To claim you could "infect a cafe full of phones" is ludicrous: most people don't even have Bluetooth switched on as many phones disable it by default.

  6. More productive? by Anonymous+Brave+Guy · · Score: 4, Funny
    The mobile devices you know and love are great for productivity

    Assumption failure at line 1.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  7. Oh my, what amazing FUD. by Andy+Dodd · · Score: 5, Informative

    So what if phones do more?

    One of the biggest problems in the PC world with respect to virus propagation has been the homgenous nature of desktop PCs. 90%+ of the desktops in the world (and a decent percentage of servers, especailly a very high percentage of servers in small businesses) are running one software architecture (Win32) on one hardware architecture (x86). This means that viruses don't encounter compatibility problems when trying to propagate.

    In the mobile phone market, this is not the case. There are at least three major smartphone software architectures (PocketPC/Windows Mobile, Symbian, PalmOS) each of which run on multiple hardware architectures. (PalmOS is only on ARM machines unless you count old m68k PalmOS smartphones, but I'm positive PPC/Windows Mobile supports at least 2-3 different CPU architectures and I believe Symbian does too.) Let's not forget the huge variety of "dumb" phones out there, where every manufacturer has their own custom OS and chances are that even compatibility of malware between a manufacturer's phones isn't guaranteed.

    Yes there are hardware/software abstraction layers such as J2ME and (to some degree) BREW which allow an application to run on multiple manufacturer's phones, but both have varying degrees of sandboxing for those abstracted applications, and in the case of J2ME, compatibility STILL can't be guaranteed. (Look at the sites that offer Java games for mobile phones - Many of them have a slightly different download for every phone!)

    Even if the phones didn't have ANY security features built into them at all, the heterogenous software/hardware environment that phone malware would have to live in presents large barriers to malware propagation.

    --
    retrorocket.o not found, launch anyway?