Mobile Phone Virus...

ToxicPaddy

ok, Ive seen a few e-mails going around warning people of a virus that can be
transmitted to your mobile phone via a phone call..

My little sister showed me some warning on one of those sites where you can
download ringtones and screensavers for your phone about viruses for mobiles..

Personally it sounds like a load of crap but who knows, its very feasible for someone
to be able to design something that could wipe a phone or even take the phone
details so that they can make calls on that persons account..

Whats the story?

Are they real or just someone trying to cause more sh*te?? :rolleyes:


Tox

Guy:Incognito

my uncle brought his 3310 back to the shop a while ago, its his company phone and they told him it was a virus, dont know how much of that was the guy in the phone shop giving him bs.

seamus

There are back doors that can be exploited by sending messages with certain code embedded, but this would necessitate someone having access to an SMS box, and the necessary know-how to send these messages.

Afaik, there are no bonafide "viruses" as we know them.

jesus_thats_gre

I can certainly see that potential for virueses in the future. Up until recently, the OS on a phone has been quite basic and very much an in house thing, but with the advent of Java enabled phone, the Symbian and MS operating systems, its just a a matter of time till a virus is developed for them, especially the MS one

The Corinthian

If you consider that a virus is a third-party application that exploits a vulnerability in a device then while the possibilities for this are presently limited, they are already present. As jesus_thats_gre correctly pointed out with the advent of operating systems and platforms, such as Symbian, CE and Java, there comes the possibility of writing a self replicating Trojan that can spread using either MMS or Bluetooth.

A likely virus that we’ll see, IMO, will be one running off Symbian, that will automatically run in the background bluejacking random passers by and offering them copies of itself. If our experience of viruses and email attachments is anything to go by, I suspect that it’ll be an effective means of propagation.

Additionally there are a number of exploits, not strictly viruses that can already (and are) be employed at present. The best known one concerned a effect in older Nokia phones that resulted in the phone crashing if it received an SMS with a malformed UDH. More frightening are exploits of the WAP WTA interface, which can access a phones voice, SMS and phonebook functionality. In theory such exploits should not be possible (trusted WTA servers, user confirmations, etc), in practice the security implementations in the devices have been pretty poor to date.

Oh, and the guy in the phone shop was talking through his ass.

BigMoose

I'd say with the advent of java games etc and as jesus says the OSs getting more complex that a virus to screw up a phone would be easy enough. However I cant see it ever being able to allow a 3rd party to make calls from another handset using the SIM details from the affected phone. The information sent over the air about the subscriber is not in my opinion possible to get hold of by a phone virus and send to a 3rd party. I guess it might be possible to for a virus to send erounious SMSs etc which would be bloody annoying, but no use to anyone else.

seamus

Originally posted by BigMoose
I'd say with the advent of java games etc and as jesus says the OSs getting more complex that a virus to screw up a phone would be easy enough. However I cant see it ever being able to allow a 3rd party to make calls from another handset using the SIM details from the affected phone. The information sent over the air about the subscriber is not in my opinion possible to get hold of by a phone virus and send to a 3rd party. I guess it might be possible to for a virus to send erounious SMSs etc which would be bloody annoying, but no use to anyone else.

What's to stop someone, similar to what Corinth says, from having some type of prog on their own phone, which bluejacks and distributes trojans to any nearby phones it finds, and then receives harvested information from these phones.

As phones become more sophisticated, and more merged with PDAs, more information is stored and therefore retrievable from mobile devices. The Nokia 8200 for example, has a "Wallet" where you can store all of the details of your credit cards. That's golddust to attackers. All they have to do is walk around busy streets or sit in a park on a nice day.

flywheel

Originally posted by ToxicPaddy
Whats the story?

Are they real or just someone trying to cause more sh*te?? :rolleyes:

for reference have a read of this thread

the potential of malicious texts and vCard that disrupt the operation of certain handsets have been reported on before...

there was an instance when a PC virus (Timofonica) targeted an SMS web tool of Telefonica's Movistar generating SMS traffic to numbers on it's network - although at the time it was reported by some members of the press as a 'phone virus' it attacked network services generating SMS messages not attacking particular handsets vulnerabilities

the most relevant to date on DoCoMo's network in Japan was a malicious e-mail than when received and opened on handsets caused them to dial the country's 110 emergency number - variants also caused random numbers to be dialled or the handset to freeze

it's been a threat mulled for a good few years in relation to portable devices since PDAs have grown in popularity - and as handsets have moved to running 'real' Operating Systems with multiple connection capability it's something that people have been waiting to happen rather than wondering if - so much so there are companies building and some releasing anti-virus technology aimed specifically at these higher end handsets e.g. F-Secure

BrianG

cerbeus

http://www.sarc.com/avcenter/venc/data/epoc.cabir.html

Looks like this might be the start of mobile phones viruses.

http://www.techworld.com/security/news/index.cfm?NewsID=1729&Page=1&pagePos=2

BattlingCheese

http://news.bbc.co.uk/2/hi/technology/3809855.stm

tman

now its only a matter of time before 'norton antivirus for mobiles' comes on the market:rolleyes:

cerbeus

It already exists for PDA's and the newer Smartphones are taking over from then so yes it's only a matter of time before all AV vendors jump on the bandwagon.

Ever think they hire people to write these things just to drum up business???

jesus_thats_gre

Well they are responsible for actively discovering weaknesses in their OSs. Considering the reason alot of hackers give for attacking Windows is that MS continuely release insecure Operating Systems. MS and its partners have a responsibilty to discover the weaknesses and address them in someway.

Fidelis

Responses from Symantec, Network Associates & F-Secure, as DubWireless mentioned. I can't find a public statement from Symbian, but they have pretty much the same to say, extremely low-level risk of spreading, only being distributed to the AV vendors for publicity.

That virus on the DoCoMo network sounds nasty!

huge

Originally posted by jesus_thats_gre
I can certainly see that potential for virueses in the future. Up until recently, the OS on a phone has been quite basic and very much an in house thing, but with the advent of Java enabled phone, the Symbian and MS operating systems, its just a a matter of time till a virus is developed for them, especially the MS one

well you cant send something to someone with bluetooth without having there pin unless you know the guy and he gave it to you

The Corinthian

Originally posted by huge
well you cant send something to someone with bluetooth without having there pin unless you know the guy and he gave it to you

If they're visible to all then you can.

They can of course refuse what you’re trying to send them, but then again people can also refuse to click on email attachments that turn out to be viruses too.

huge

good point

flywheel

a good read on The Feature today in relation to Mobile Phone Viruses: Infectious Fear

"Mobile phone virus sounds alarm in Moscow!" "World's First Mobile Virus is Not Lethal, Yet!" While the exclamation points are mine, the words are actual headlines from, respectively, The Guardian and Reuters articles published June 16. A proof-of-concept worm had been demonstrated that infects Symbian-based mobile phones with Bluetooth. The wireless public gasped. Computer security experts yawned.

"These devices aren't phones. These are computers running cell phone software. And like all computers, they're vulnerable to malicious code."

full article...

BrianG