Slashdot Mirror
First Mobile Phone Virus Nears 2nd Birthday
An anonymous reader writes "ZDNet is reporting that the first mobile phone virus is almost 2 years old. F-Secure's chief research officer Mikko Hyppönen claims that although there are now over 200 mobile phone viruses the problem is unlikely to get as bad as it has with PCs. 'The difference is that PC viruses were first found in 1986 and mobile phone viruses were found in 2004... So we are living in the equivalent of 1988 but in 1988 Microsoft or hardware manufacturers were not doing anything about viruses ... In the mobile phone world, all the mobile phone manufacturers are working on the problem as are the phone operating system manufacturers, like Symbian, Microsoft and Palm. Operators are on top of this.'"
200 mobile phone viruses the problem is unlikely to get as bad as it has with PCs.
Sorry?
I wasn't aware that PCs had a virus problem.
As far as I can tell, running a Personal Computer does not make you susceptible, running windows makes you susceptible. People running a decent O/S on their PC (OS X / openBSD / linux / etc) seem to be no more susceptible to viruses then phones are.
(Interestingly enough, this ties into my latest journal - "Why is Apple afraid of being PC")
Anway, back to the article, in addition to a platform that's more robust the windows, the network that malware will propagate on (ignoring bluetooth for the moment) is not a hostile network like the internet, but a far more controlled one & sms propagation could be stopped pretty quickly.
To go back to the windows analogy, if MS had controlled all email networks [shudder] back when Melissa / Lovebug / etc hit, it would not have been such a problem. Propagation could have been stopped by inspecting & disinfecting attachments as they passed through gateways.
Summary: -1 'Security Vendors scrambling to find new revenue, but other markets more secure then windows'
There are shills on slashdot. Apparently, I'm one of them.
I think that thinking of this in terms of "PC equiv of 1988" is BS. In 1988 people weren't even sure if the PC was going to last. The world had just gone from dozens of machines which were completely incompatible (Commodore, Apple, Timex etc) to one system emerging as an almost standard. I know that the idea viruses or worms getting to this point was certainly out of my head at that time.
:D
I also don't think anyone expected there to be so many machines attached to each other as we have now.
Basically, I don't think that a cell phone virus would have nearly the impact of even a simple PC virus due to the fact that (as the article states) people just aren't that unprepared anymore. Maybe if we all were given wide open Windows !Smart Phones? Besides - I think my carrier would probably *charge* me to run a virus
-WS
An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
I remember removing my first bluetooth virus awhile ago, and back then was thinking, pretty soon, well need to have Nortons running on our phones, which needs to be regularly updated. Think I'll just stick to my 3210. If only my phone could take a shower (Yes, aimed at you Zuma).
You have the usianTHEN.32 virus that transforms any uses of than to then to make you look illiterate.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I was surprised to see that my nokia N70 came with Norton anti virus for mobile phones installed.. And expected it was hogging my phone resource making the menus sluggish and got rid of the crap...
I don't think mobile phone virus threat is much due to the varieties in platform the phones run.. Its just another way for anti virus companies to make money
http://vil.nai.com/vil/content/v_1169.htm
Stoned
Type
Virus
SubType
Boot
Discovery Date
02/01/1988
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Most of those Mobile Viruses are on Symbian based OS and the S60 series phones seem to be the worst ones.
I think the origonal story, which stated that smartphones were unsecure, is total fud. A confirmation dialog box comes up on you screen when some one tries to connect via Bluetooth (and most people have bluetooth switched off anyways, becuase it consumes power), so really this virus would never have a chance to spread in real life and only seems to serve the purpose as a scare story
Keep Bluetooth switched off unless you're specifically using it. No avenue of transmission = no virus.
You can learn a lot about a person if you just take the time to inject them with sodium pentathol
Just because there aren't as many at this time doesn't mean it isn't likely to become a big issue in the future. What I perceive happening at some point is a rogue group creating viruses to steal contacts then selling those contacts. Imagine the market for say Pamela Anderson's phone list... Imagine one for say the phone list of the President. While doing network studies (CCDP) I thought about the dangers of a multicast worm/virus. It would work spoofing corrupt images say to MSN messenger or Yahoo messenger or any other IM client which is streaming ads... Once streamed an infected image would take over a victim machine... While the concept is theoretical it isn't that far fetched...
Infiltrated dot Net
Even if today the thread is quite small as most blue tooth are off, once 3th generation phones will become popular and people will have services running on their phone and stay mostly always connected (imagine a messenger services on phones, sure some kids will love that) the thread will grow increasingly.
That's why it's important too take in account those potential threads when designing today the phones of tomorrow. We have a long experience with Os's and viruses, much major mistakes can still be avoided...
I love deadlines. I like the whooshing sound they make as they fly by.
The summary.... is so confusing but i only read it once and it gave me a headache.... so i wonder if the people at zdnet passed grade school grammar... in the interweb world, all the article writers are making run-on sentences with no punctuation as are the submitters on digg, youtube, myspace, and slashdot. My migraine is on top of this one.
Yeah, maybe theyre (I know I missed an apostrophe in that word, but for some insane reason FF keeps popping up the search (as in ctrl-f) box when I hit apostrophe but wont print it. wtf?) working on it, but not many virus -writers- are. If more people were focusing on writing viruses for cell phones and PDAs, you can bet your ass viruses would be all over. Theres an entire industry for stopping viruses, not to mention public and government pressure on OS makers like MS, and look how much good thats done.
Unpleasantries.
by that I suppose they mean locking out the phone o/s to those who pay for certificates to sign their software with.
nobody will be able to crack that
There were some proof of concept exploits that were very hard to reproduce and unportable. Since mobile phones are so diverse you just can't technically write normal code that will run on 3 percent of them let alone write a virus that will do the same!
Bluetooth prompts for confirmation, thats not a virus thats a trojan.
The really bad news will come when vira will be available for:
- iPod(tm) through infected MP3s
- bluetooth earpieces through special whistles
- digital wrist whatches through vired organic batteries
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Happy Birthday to you,
Happy Birthday to you,
Happy Birthday dear Wormie,
Happy Birthday to you.
From old users and new,
Come greetings to you,
You smell like a rootkey,
and you act like one too.
i got nothing.
Happy birthday to you.
Happy brithday to you.
Happy birthday, dear first cell phone viruuuuuuus.
Happy birthday to you.
Makes me glad that I never upgraded my reliable Nokia POS. Monochrome screen, no blue tooth, no browsers, no camera, no nothing. Just a phone, that's all.
Those who believe the Internet is private,
find their privates are on the Internet.
Are we supposed to celebrate a virus's bithday? should we invite it to a party in our phones? It might want presents some of us can't afford.
the first mobile phone virus is almost 2 years old.
Do not buy as mobile phone that was build after 2003.
Im sitting right here chuckling at your post with my 3G UMTS phone with.. guess what.. an MSN client installed. I even remember Orange launching a campaign specifically pointing out the built in MSN client (yeah they charge for SMS so I don't know why they wanna hype that feature). Anyway I don't use my phone all that much, especially not for MSN. But I have a SSH client as well which can be quite useful. Nothing like updating your ubuntu box while being at a friends house etc. I use the builtin browser for reading /. when im bored.
;)
Sorry for showing off
Next virus targets: the iPod, your car
Oh My God!! My car? I just know that Norton won't make an antivirus for my 1967 Chevelle. I'm doomed!
I know Mac and Amiga had tons of viruses before 1986, and I'd be willing to bet PC's did, too.. just that PC's weren't quite so much for game use, so there wasn't nearly as much pirating going around then...
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
PC stands for Personal Computer, so we can extend the definition to include Macs, Commodore 64s... and why not toasters (ones that have embedded computers, of course).
This misnomer always bothered me.
F-Secure (whom I usually like) says that OS makers are prepared for the malware threat and that malware will fall on stonier ground that it did in the desktop PC world.
The phone OSes, oblivious to every lesson from the desktop world, are allowing software downloaded from a hostile network to do things that cost the user money and to propagate itself. If the OS makers were "prepared" they'd all be running that code in sandboxes, or virtualized, or at the very least with egress filtering ("Do you want to send your contact list to the National Enquirer? Yes/No").
Hyppönen and F-Secure just want to whip up the "mobile virus" scare to haul F-Secure stock price up. This is not to say that those mobile worms are not annoying, they are very annoying, but to install it you really have to be damn stupid.
There is no way the "mobile virus" people will get enough fuel for their pathetic attempts at creating a fire. The simple reason is that there just isn't that much potential, if you really know how those devices work.
So, mostly these stories are F-Secure PR bombardment.
Couldn't it be because they just don't hook their phones up to a pc really? Even when downloading material, 90+% of subscribers will d/l from their provider. But in reality, most people won't download anything due to the fact it's just so damn expensive and has these insane license agreements. Plus people aren't really jumping on the whole "computer phone" idea like manufactures thought.
That which does not kill me only postpones the inevitable.
The problem we have on PCs is that the OS lets anything execute and then we run AV software that tries to stop a list of things running. What we need to do is have the OS whitelist good software, not blacklist all the bad.
Mobile phone OS designers have made the exact same mistake and in an environment that is far more conducive to viruses.
Two years old is the /third/ birthday. Birth day = day zero.
It's the second anniversary of the birth day, though.
- chad
You may want to read this article: http://www.newlc.com/The-Most-Important-Aspects-of .html
It is a very good summary of the known viruses and prevention mechanisms for Symbian phones.
http://forums.mozillazine.org/viewtopic.php?t=3890 71&
(T>t && O(n)--) == sqrt(666)
To quote Roger Rabbit: "I don't think so."
If anyone was on top of this, there wouldn't be over 200 mobile phone viruses out in the wild. There would be none.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Actually, my school was slammed by a phone virus that jumped onto the pc network after someone connected their phone to a pc over xmas break. They had to reimage the entire school. I thought it was hilarious because they take such a unnecessarily draconian stance on certain aspects of security but leave gaping holes like this. Serves them right, I'm glad I graduated and am moving on.
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
Yes, you, you darned virus. We have had such a love-hate relationship the past two years. You love me, I hate you. Or at least you love me for my phone. Is that all I'm good for? Huh? Is it?! Fine, then I hope you have a craptacular birthday because you make people miserable. Viruses suck! That's it, I'm going to become a wormer. And yes, that cake is flavored with cyanide. Jackass.
It's a girl!
Any of you guys remember when Howard Stern had Jenna Jameson was in the studio and she got on the Symbian. That was hot. Not sure what it will do to prevent a mobile virus, though. Seems more likely to spread them.
Only on January 5th. Happy birthday Joshi.
Real Daleks don't climb stairs - they level the building.
There was an imode virus in Japan in 2000, that caused phones to dial emergency services:
. html
http://specials.ft.com/telecoms/sep00/FT3R3BJ29DC
new viruses don't need to be complex. actually, much like the "i love you" virus, i don't remember the name but a new one reads the contact list and sends an mms message to them. (bummer for the person who will see his bill shoot up.) of course the receiving person will highly likely open the attachment since it came from someone they know and not from anonymous and unverifiable sources such as e-mail. they will open it and they spread some more.
my point is, i believe it is easier to prey on human weaknesses than to actually find exploits in underlying os functions such as bluetooth and ip.
Live your life each day as if it was your last.
The way I see it, outside of techies who just love gadgets, there would be two groups who would use smartphones:
1. Business persons using them in a PDA style application.
and
2. Silly boys/girls with rich parents who think they're better people because their phones are more expensive.
Now I find it unlikely that a business person would accept a bluetooth transfer if they didn't know what it was, assuming they weren't in a rush at the time. Even if they WERE in a rush, they'd probably walk out of transfer range (or snipe area with the bluetooth gun) before the transfer was complete.
We gadget-loving geeks wouldn't accept it either, obviously.
So that leaves the one susceptable group: the rich kids. Whoop-de-freaking doo! So now the question is: Why do we care?
If these people screw up their little toys why should we give so much as a passing glance? If they ran their convertables into a stop sign or if they dropped their iPods in the gutter would we care? No!
In its current form mobile phone virii aren't going to affect people who have a critical use for their phone. All it will do is break a few toys.