Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Communications Worms Technology

Are Cell Viruses A Real Threat Now? 72

Posted by Zonk from the reach-out-and-cough-someone dept.
Celpha writes "According to security firm F-Secure, a Trojan virus (Cardtrap.A) attacks Symbian mobile phone operating systems, attempting to infect users' PCs if they insert the phone's memory card into their computers. From the article: 'We expect to see more of this on the mobile front,' an F-Secure chief research officer said. Trend Micro issued a media alert stating it is a 'fully functioning' mobile threat. However, Antivirus firm Sophos slams the claim of this first example of a serious mobile malware threat as just plain bonkers."
This discussion has been archived. No new comments can be posted.

Are Cell Viruses A Real Threat Now? More

Are Cell Viruses A Real Threat Now?

Comments Filter:

  • Heh (Score:4, Insightful)

    by Walkiry ( 698192 ) on Friday September 23, 2005 @09:36AM (#13628540) Homepage
    'We expect to see more of this on the mobile front,'

    I bet you do, as you are probably already hard at work to make it happen.

  • Cell Phones (Score:3, Insightful)

    by certel ( 849946 ) on Friday September 23, 2005 @09:39AM (#13628554) Homepage
    Everyone knew this was coming. Anything that has any type of software code will eventually be exploited or tried to be exploited at some point.

  • You better believe it's a threat. (Score:5, Interesting)

    by TripMaster Monkey ( 862126 ) * on Friday September 23, 2005 @09:39AM (#13628555)

    TrendMicro claims that the Symbos_Cardtrp.A trojan is a "fully functioning threat", while Sophos dissmisses the entire thing as "bonkers". I'm thinking that the truth is rather in the middle.

    The Symbos_Cardtrp.A trojan is one of the first clumsy attempts at this sort of thing, but we all know that the malware only gets more sophisticated and polished over time. People certainly should be alarmed about the appearance of this trojan...not because it itself is all that threatening, but because it clearly demonstrates the potential for mischief.

    As Raimund Genes, president of the firm's European Operations, said: "This attack is really a proof of concept and may be an indication of a new type of blended threat to come." You can bet that as cellphones become more sophisicated and more interconnected to our computers, malware authors are going to turn this into a genuine threat.

    In short, while it's rather sensationalistic to tout this as a "fully functioning threat", claiming that there is nothingto worry about disingenuous in the extreme. Sophos' claim that paying attenton to this threat distracts sysadmins from the "real threat" of attacks on Windows desktops is pure sheepdip. Imagine if we dismissed out of hand the new threat of infection via USB thumbdrives, because we were all too busy paying attention to the "real threat" of infection over the network?

    • Re:You better believe it's a threat. (Score:5, Interesting)

      by Anonymous Brave Guy ( 457657 ) on Friday September 23, 2005 @09:58AM (#13628678)
      You can bet that as cellphones become more sophisicated and more interconnected to our computers, malware authors are going to turn this into a genuine threat.

      An objective observer (which the various anti-virus people probably aren't) might ask why a mobile phone needs to become "more sophisticated" in the first place. My phone was a freebie about four years ago when I signed up, and still has way more features than I ever want or need.

      Give me a good phone book feature, voice, text messaging and some sort of answerphone if I can't take a call. I don't need it to be a low quality digital camera, hard-to-use PDA, sub-standard web browser, trivial calculator, poor-capacity MP3 player, pathetically quiet alarm clock, and all the other junk. Nor do I need it to run some super-complicated operating system that's ripe for attacking.

      • Re:You better believe it's a threat. (Score:4, Insightful)

        by black mariah ( 654971 ) on Friday September 23, 2005 @10:03AM (#13628709)
        My phone was a freebie about four years ago when
        I signed up, and still has way more features than I ever want or need.
        I highlighted the key words there for you. You may not use those features, but someone does, and probably on a very regular basis.
        I don't need it to be a low quality digital camera, hard-to-use PDA, sub-standard web browser, trivial calculator, poor-capacity MP3 player, pathetically quiet alarm clock, and all the other junk. Nor do I need it to run some super-complicated operating system that's ripe for attacking.
        So you'd rather carry around a camera, a PDA, a calculator, an MP3 player, an alarm clock, and all the other junk instead of having it all in one convenient package? I hope you have a lot of pockets...
        • Belive it or not, that's exactly what I do. While I do have several pockets, I rarely use them because I have a backpack.

        • You may not use those features, but someone does, and probably on a very regular basis.

          I very much doubt most people would miss them if they weren't there. In my whole life, surrounded by people with mobile phones, I have met one person who I've ever seen use his WAP browser. I have seen a calculator used on a mobile phone twice, and both times I'd worked out the correct answer in my head faster. You get the idea.

          I think all this stuff is a triumph of marketing over necessity. How many people would re

          • I very much doubt most people would miss them if they weren't there. In my whole life, surrounded by people with mobile phones, I have met one person who I've ever seen use his WAP browser. I have seen a calculator used on a mobile phone twice, and both times I'd worked out the correct answer in my head faster. You get the idea.

            As regards the other features mentioned, it might be just me, but I think I've seen more than one instance of someone using their camera phone.

          • I love how there are so many total fucking Luddites on a supposed tech forum.

            How many people would really miss any of these features if they weren't there?

            How many people would REALLY miss their cell phone at all? If you get into such stupid questions as "Who NEEDS that?" the answer is always "Well, nobody really NEEDS it... it's just nice to have if you have a use for it."

            There's a huge difference between having a real PDA and some token naff organiser thing on a mobile phone. A real MP3 player wou

      • Yea, thats your opinion. I have a Treo and I use the various advanced functions of it everyday, well except the camera, stupid vga camera. The address book, alarms, contacts, mobile e-mail, fairly advanced graphing and calculatory functions, a multitude of clock and timer functions, memos, encrypted memos, having important data with me on the go, editing and reviewing documents, etc. Ill admit, I don't use the camera or music playing capabilities of it, but everything else allows me to stay ahead of probl

        • OK. I'm sure there must be someone somwhere who really does find more than one or two of the gizmos useful, and perhaps you're him. Fair enough.

          Even so, I can't help noticing that your top-of-the-line phone is currently listed at around the $400 mark, give or take whatever special offer is running this week. If you'd only spent $50 on the phone, I wonder how much real computing hardware you could have bought, if you have a genuine use for the organiser and mathematical functions, and how much better at ev

      • Give me a good phone book feature, voice, text messaging and some sort of answerphone if I can't take a call. I don't need it to be a low quality digital camera, hard-to-use PDA, sub-standard web browser, trivial calculator, poor-capacity MP3 player, pathetically quiet alarm clock, and all the other junk. Nor do I need it to run some super-complicated operating system that's ripe for attacking.

        "I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longe

      • I don't need it to be a low quality digital camera, hard-to-use PDA, sub-standard web browser, trivial calculator, poor-capacity MP3 player, pathetically quiet alarm clock, and all the other junk.

        I need the digital camera, browser, calculator, and alarm clock (but like you said a bit louder). Having a camera on you at all times may actually come in handy during a car wreck or something that needs to have a picture taken at that moment like a crime in progress... Well, if you live in a place like Phildadelph
      • go to China. every single person has at least one cell phone, sometimes two or three. most of them constantly use the entire functionality of those phones. america is a little behind the game on cell phones. we still mostly use them for audio (talking, voice mail). no need to restate, as the other posters have clearly said that wether you want it or not lots of people do, and it exists, and it's only going to get more complicated, as is the nature of things, so there is no purpose in discussing any other p
      • An objective observer (which the various anti-virus people probably aren't) might ask why a mobile phone needs to become "more sophisticated" in the first place.

        Simple, it's called advertising and "Look here at what our phones can do!" type of bragging rights.



        Or, as one of my other friends put it to me a long time ago, it's "creating a false market for other services." I mean, come-on. "Let's boost our economy by making our hardware run off of software so it can be infected and boost other markets
    • we all know that the malware only gets more sophisticated and polished over time.

      Proof of this can easily be obtained by comparing Windows 3.0 to Windows XP.

  • Cell Viruses are the most common! (Score:5, Funny)

    by Anonymous Coward on Friday September 23, 2005 @09:41AM (#13628564)
    I thought the computer term virus CAME from Cell Viruses. Now we are using Cell Virus to talk about cell PHONE viruses?

    yeah, my Motorola phone caught a cold, and it passed it along to my PC.

  • Just Windows. (Score:5, Informative)

    by kihjin ( 866070 ) on Friday September 23, 2005 @09:41AM (#13628567)
    If you are going to quote some one, quote them completely.

    From TFA(emphasis mine):
    "We expect to see more of this on the mobile front," Hypponen said. "We may begin to see Windows viruses spreading to PDAs that are synched up to computers, or go from PCs to mobile phones with the memory card."
    • It's a trivial point, really. There's nothing to stop viruses for other operating systems working this way.
      • What "viruses for other operating systems"?
        • They exist, although there are few of them. I certainly had a few on my Amiga back in the day. My points are that: 1) The statement's inclusion would imply that only Windows systems are theoretically vulnerable to this sort of threat, which is untrue. 2) Its true meaning, which is at best implicit, is that the only noticable development of these viruses will be on Windows systems. This is painfully obvious anyway (as there are so few viruses in general for other systems). Ergo, it's a trivial point.

  • Cell phone viruses??? I'm immune! (Score:1, Interesting)

    by Anonymous Coward
    Since my phone is so old!

    Still works fine though. My cell phone company (Telus, a canadian CDMA company) calls me occasionally to try and sell me a new phone. I keep saying the same thing, "I'd love to buy a new phone. Do you have any phones with infrared?"

    The sales rep says, "No."

    I say, "Why not? All your competitors sell phones with infrared."

    The sales rep says, "I don't know. We have phones with bluetooth though."

    I say, "Well, I have a laptop with infrared, and a PDA with infrared, and as soon as Telus s
    • Telus (as in Telecommunications US || Tell us how much we owe you now) is not a Canadian company. BC Tel, AGT, and Sasktel were Canadian companies. Offtopic I know but I've always been disappointed in my western canadian provinces for selling out our telecoms to american interests.

  • Focus you energy. (Score:5, Funny)

    by OctoberSky ( 888619 ) on Friday September 23, 2005 @09:48AM (#13628620)
    I am calling on all hackers and script kiddies to stop writing malicious code for cell phones and start writing codes that allow me to get a connection (place a call) without my carrier knowing.

    $39.99+ is far too much to pay per month. I want free calling. And I am not talking about cloning, I am talking about getting on Verizons antenna and placing calls from my phone without them seeing it, or seeing who owns the phone.
    • I use Verizon as well. I don't think the price is unreasonable. However, I do think the customer service is horrible. The sad thing is that Verizon probably has the best customer service of the cell phone companies (at least here in the US). When I moved and wanted to change my cell phone number and plan I had to wait over an hour at the local Verizon store for someone to help me. Could anybody write a virus that causes so called "customer service" representatives to actually provide customer service? That
    • If you had any idea how half assed the goings on at VZW were, behind the scenes, you'd be wondering how it is they actually manage to charge you for the service you get. Having witnessed some of it through a previous job, I was stunned. Of course, they're still better than T-Mobile. With them, it's a miracle your device works at all.
      • I don't actually use Verizon, in fact I don't have a cell phone, haven't in over 6 months. Its quite nice not being found by my friends who just want to talk because... A. Thier bored B. They can make a call I just said Verizon because they are so well known. When I do get another phone, which is quite soon, I will be getting Nextel because they have the best signal where I go (work, house, hunting). Thats all that really matters to me now.

  • Simplicity is the key to beating this easily... (Score:4, Insightful)

    by Anonymous Coward on Friday September 23, 2005 @09:51AM (#13628639)
    Just buy a damn PHONE. You know. Those things that used to just go ring-ring, and you pick it up and talk on it and maybe keep an address book on? I still use a Motorola V60 flip phone. No windows/PalmOS/WinOS/WinCE/PocketPC/2003 crap to worry about. Ring tones? No thanks. I'm not 13 anymore, trying to make some sort of 17-second "statement" to the crowd around my ringing phone. Sometimes simplicity is the key. K.I.S.S. metheodology is still around for a reason.
    • Yes, but another thing is to just use an old type cell phone.
      I mean, what's the point of having a color cellphone anyways? And with web capabilities?
      Web browsers on phones were just asking for trouble. And the worst part is no one can make an antivirus for phones, so if your phone gets infected, your provider will probably charge you an arm, a leg, and your first born to repair it instead of trying to fix the holes in the first place.
    • Yes, you are a Luddite, we know. Some of us actually like to have a phone with all the bells and whistles because it saves hauling around a dozen other devices like an mp3 player, a camera and pda. Need internet? I'll whip out my phone and can connect to any Wifi, UMTS or GPRS network. I even use Skype to save on long distance calls.

      But I suppose you drive around a horse and carriage too...
    • I loved my V60c, and when the screen went I couldn't find anything to replace it that didn't come with a million other features sucking up battery life. So I ditched it, glad to be rid of its stupid break-off antenna (I replaced it nearly a dozen times in its two-year life span).

      But when the new phone had to go in for repairs, I briefly re-activated the V60. That was a pleasure.
    • the trouble is that cell phones use digital signal processing to do their thing. They contain enormously powerful processors to encode and decode voice and even some radio functions are now done directly in firmware. Therefore, the user functions are really just a trivial add-on to the phone.

      The days of a carbon microphone and battery at the end of a long wire are long gone...
    • (blink)

      I use ring tones so I know it's my phone that's ringing.

      We used to have it where almost everyone had the same ring tone. It sucked. Pay attention.

  • Got paid to develop Trojans (Score:5, Interesting)

    by Anonymous Coward on Friday September 23, 2005 @10:00AM (#13628692)
    I got paid by a major company in the mobile field to develop Trojan horses for Java, Symbian, PalmOS and Windows Smartphone.

    The goal was not to release "in the wild" but to showcase the need for funding for mobile phone security.

    Nevertheless, pretty much nothing has been done even though modern smartphone OSes are incredibly close to allowing excellent OS security (MMU enables kernel / user separation).

    It's pretty easy to do fancy stuff once you get in the mindset of an attacker. Like waking up the phone at midnight to place calls to a premium number. One doesn't even need to stack-smash to have fun (that is harder on ARM platforms bc you have to develop your own shellcode anyway).

    The problem is especially important for wireless operators because people pay with their mobile phone. While that is the basis of revenue, it also enables major fraud (very much akin to what the "dialer kits" do to modem owners by silently ringing 900 numbers).

    Examples:

      * There's a WAP (wireless browsing) service where you can download ringtones for $2. What if a program on your phone starts downloading those silently?

      * In some countries SMS are charged with a premium. What if a program are sending premium SMS without your knowing?

    Of course it's also important for users ("what if a Trojan posts my phone book to some website", "what if a Trojan gets my location from the network and gives it to my wife". It's also important for security that the phone not be transformed into a jammer by changes in the radio firmware / software, but that's harder to do.

    Hopefully the players involved will wake up before we find a nasty one in the wild.

  • Still just a trojan... (Score:4, Informative)

    by MosesJones ( 55544 ) on Friday September 23, 2005 @10:03AM (#13628712) Homepage

    It irritates me when trojans are lumped with the virus crowd. This requires a user to ACCEPT and INSTALL the application before it becomes an issue, it is useless without that user interaction.

    • However, the average phone user is not so virus savvy as the average computer user. To wit, a semi-quoted example from an article from earlier - may have been slashdot, probably wired magazine or similar though.

      User gets notification on phone. Accept or reject? Reject.
      User gets notification on phone again. Accept or reject? Reject.
      Repeat line above a few times. A virus doesn't care about the user rejecting it, and will keep trying to give it. User (hooray for the general public, sigh) eventually presses acc
  • Oh, cell "phones" . . . . . whew!

  • Cell viruses? (Score:2, Funny)

    by ftoomch ( 700184 )
    I've always been threatened by cell viruses, in fact I have a bad cold at the moment.

    Surely it's cellphone viruses the article refers to guys.

  • Cell Phone Viruses would pose no threat if.... (Score:4, Informative)

    by Khyber ( 864651 ) <techkitsune@gmail.com> on Friday September 23, 2005 @10:55AM (#13629040) Homepage Journal
    Cell companies would make cell phones that didn't rely upon such an exploitable OS.

    Granted Symbian is nice, looks pretty, but everyone I know with a cell phone running Symbian also complains that the phone is so slow to respond.

    All the old Nokia phones were extremely fast, responsive (no 3-4 second lag waiting to go back a screen just to look at one freaking phone number) and best of all, didn't require such an exploitable OS because at the time, it was all hardware logic-control.

    I don't know what the OS is on my Kyocera Phantom phone, but even it's slow to respond to keystrokes, and it doesn't have all those little capabilities that most phones nowdays have.

    Simply put, as long as phone companies use software instead of hardware to control a phone, there will always be a threat of software infection.

    Just an opinion...

  • Dirty telephone (Score:4, Funny)

    by Aerion ( 705544 ) on Friday September 23, 2005 @11:21AM (#13629242)
    What? Phone viruses?

    Damn, we shouldn't have sent all those telephone cleaners off in the B ark!

  • Don't blame the user, they are human. (Score:3, Interesting)

    by BillGodfrey ( 127667 ) on Friday September 23, 2005 @11:44AM (#13629423) Homepage
    (Full article at http://billpg.me.uk/2005/09/barbarians-at-mobile-p hone.html [billpg.me.uk] )

    Selected extract...

    A good model to follow could be something similar to Flash files. Commonly seen used in animations, a program inside a flash file can do a lot. Here's a jigsaw puzzle. Here's a simple arcade game. Here's a collaborative document editing system.

    Flash implements a full program language, but the program's wings are clipped. Unlike regular executables, a flash program can't interfere with other programs and it can't mess with files it doesn't own. Add a way allowing programs to interact with other components (including the file system) with a strict and manageable protocol, and there's no big need for any program to run unrestricted. (Except the operating system and the occasional device driver, that is.)

  • No Interface (Score:1, Redundant)

    by Gates82 ( 706573 )
    I'm glad my cell phone only interfaces with the cell tower, a power adapter and me. I hate new cell phones, I just want to orally communicate, nothing else. That is what my laptop is for.

    --
    So who is hotter? Ali or Ali's sister?

Slashdot Top Deals

"No matter where you go, there you are..." -- Buckaroo Banzai

Close