Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

First Mobile Phone Virus Nears 2nd Birthday

Zonk posted more than 8 years ago | from the buy-him-some-cake dept.

101

An anonymous reader writes "ZDNet is reporting that the first mobile phone virus is almost 2 years old. F-Secure's chief research officer Mikko Hyppönen claims that although there are now over 200 mobile phone viruses the problem is unlikely to get as bad as it has with PCs. 'The difference is that PC viruses were first found in 1986 and mobile phone viruses were found in 2004... So we are living in the equivalent of 1988 but in 1988 Microsoft or hardware manufacturers were not doing anything about viruses ... In the mobile phone world, all the mobile phone manufacturers are working on the problem as are the phone operating system manufacturers, like Symbian, Microsoft and Palm. Operators are on top of this.'"

cancel ×

101 comments

Sorry! There are no comments related to the filter you selected.

PC != Windows. (2, Insightful)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428074)

200 mobile phone viruses the problem is unlikely to get as bad as it has with PCs.

Sorry?

I wasn't aware that PCs had a virus problem.

As far as I can tell, running a Personal Computer does not make you susceptible, running windows makes you susceptible. People running a decent O/S on their PC (OS X / openBSD / linux / etc) seem to be no more susceptible to viruses then phones are.

(Interestingly enough, this ties into my latest journal - "Why is Apple afraid of being PC" [slashdot.org] )

Anway, back to the article, in addition to a platform that's more robust the windows, the network that malware will propagate on (ignoring bluetooth for the moment) is not a hostile network like the internet, but a far more controlled one & sms propagation could be stopped pretty quickly.

To go back to the windows analogy, if MS had controlled all email networks [shudder] back when Melissa / Lovebug / etc hit, it would not have been such a problem. Propagation could have been stopped by inspecting & disinfecting attachments as they passed through gateways.

Summary: -1 'Security Vendors scrambling to find new revenue, but other markets more secure then windows'

Seems you're not so immune (2, Funny)

DrSkwid (118965) | more than 8 years ago | (#15428116)

You have the usianTHEN.32 virus that transforms any uses of than to then to make you look illiterate.

Re:Seems you're not so immune (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428165)

You have the usianTHEN.32 virus that transforms any uses of than to then to make you look illiterate.

hahahaha :-)

Point taken. When I write quickly, I have trouble distinguishing between then/than (and also their/there, but I'm more concious of that).

I'm not from the US however. I presume you're from the UK - in which case you should know that there's illiterates everywhere people can read & write....

Re:Seems you're not so immune (0)

Anonymous Coward | more than 8 years ago | (#15428188)

there are illiterates, not there is....

Re:Seems you're not so immune (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428272)

You pick that up, but not my mispelling of conscious? :-)

Re:Seems you're not so immune (0)

Anonymous Coward | more than 8 years ago | (#15429136)

Concious could be a typo, but "there's illiterates" shows a misunderstanding of grammatical rules.

Re:Seems you're not so immune (0)

Anonymous Coward | more than 7 years ago | (#15429593)

or an adherence to standard modern spoken english rather than pedantic textbook english
in the vast majority of cases like this, "misunderstanding" has nothing to do with it, as the speaker/writer would almost certainly be able to say that "there are" is "more correct" if asked; it's just that it has nothing to do with linguistic reality.

Re:Seems you're not so immune (2, Insightful)

svkal (904988) | more than 8 years ago | (#15428274)

there [are] illiterates everywhere people can read & write

Frankly, I think there are more illiterates where people can't read or write.

Re:Seems you're not so immune (0, Offtopic)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428291)

Frankly, I think there are more illiterates where people can't read or write.

Illiterate in the sense the GP used - people who can write, but don't correctly use then/than.

Re:Seems you're not so immune (1)

svkal (904988) | more than 8 years ago | (#15428397)

Sorry, just an attempt at humour - the sentence looked pretty absurd to me taken out of context.

Re:Seems you're not so immune (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428433)

*woosh*

Straight over my head.... *sighs* and I accuse others of taking /. too seriously!

Thanks :-)

Re:Seems you're not so immune (1)

DrSkwid (118965) | more than 7 years ago | (#15429528)

I pegged it at usian becuase it seems to be prevelent there. I guess it is because of the way septics speak.

When I was in NYC with my friends we noticed that almost everyone there said "yuh know wha'm sayin'?" at the end of almost every sentence. For fun we started slurring "you know I'm insane?" instead, much to our amusment. We shared this bit of info with our hosts and the amusement was all round.

Glad you took it in the spirit it was intended.

Re:PC != Windows. (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15428133)

No, it's not a slow news day. It's dumbass Zonk and dumbass ScuttleWanker on duty.

Re:PC != Windows. (1)

IamTheRealMike (537420) | more than 8 years ago | (#15428239)

Phones (or rather, some phones) have an architecture and design that makes it extremely hard or impossible to write malware.

Desktop operating systems, whether that be Windows, Linux or Mac OS do not have such an architecture. They're all quite trivial to crack if you really want to.

Re:PC != Windows. (0)

Anonymous Coward | more than 8 years ago | (#15428259)

In the long run, I think virii for phones will become worse than PC, because EVERYONE has a phone, I know a lot of people who dont have a PC, but have a phone. :(

http://www.playpacman.net

Happy Birthday! (0)

Anonymous Coward | more than 8 years ago | (#15428297)

Happy Birthday to you,
Happy Birthday to you,
Happy Birthday dear Wormie,
Happy Birthday to you.

From old users and new,
Come greetings to you,
You smell like a rootkey,
and you act like one too.

i got nothing.

Re:Happy Birthday! (0)

Anonymous Coward | more than 8 years ago | (#15429365)

sweet

Re:PC != Windows. (0, Flamebait)

Hairball6494 (975716) | more than 8 years ago | (#15428325)

As far as I can tell, running a Personal Computer does not make you susceptible, running windows makes you susceptible. People running a decent O/S on their PC (OS X / openBSD / linux / etc) seem to be no more susceptible to viruses then phones are.

I'm sorry. I was under the impression that *NIX users weren't completely ignorant. The only people that have a problem with windows security are people that open email attachments without examining them, or people that still plug their machines into their cable modem (eg. my parents and girlfriend). I've been running "windows" since DOS 6.02 and windows 3.1 and i've managed to stay virus free. Funny how far a bit of education goes.

Also, you ever wonder why windows dominates the virus/exploit market for desktop software? Because windows dominates the market for desktop software. If I were going to write a virus, what OS would I write it for? 90% of the market? or 10%? really just a bit of logic. Also, would you care to explain to me how your beloved *nix servers dominated the server vulnerabilities in 2005? Oh. Again. perhaps because 85% of servers are *nix. Man those virus authors are smart!

Re:PC != Windows. (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428535)

The only people that have a problem with windows security are people that open email attachments without examining them, or people that still plug their machines into their cable modem (eg. my parents and girlfriend).

Errr right OK. Maybe you should consider the fact that you don't have to stick a *nix box behind a firewall if you don't want to (although its more sensible to do so) because you can turn services off.

Also, would you care to explain to me how your beloved *nix servers dominated the server vulnerabilities in 2005? Oh. Again. perhaps because 85% of servers are *nix. Man those virus authors are smart!

They didn't. Windows did.

The virus authors might be smart - but you're sure as hell not.

Re:PC != Windows. (1)

Hairball6494 (975716) | more than 8 years ago | (#15428713)

The virus authors might be smart - but you're sure as hell not.

Apparently you aren't either. Otherwise your orignal post wouldn't have been modded 0.

Don't you have anything better to do that sit around and reflame people that flamed your ignorant post?

Re:PC != Windows. (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428740)

Don't you have anything better to do that sit around and reflame people that flamed your ignorant post?

Considering your entry to the thread included:

that *NIX users weren't completely ignorant.

I would say that you started flamin' first.

Re:PC != Windows. (1)

plague3106 (71849) | more than 8 years ago | (#15428729)

Errr right OK. Maybe you should consider the fact that you don't have to stick a *nix box behind a firewall if you don't want to (although its more sensible to do so) because you can turn services off.

Care to name the windows services which you can't turn off? I wouldn't put any machine outside of a firewall that I didn't have to. I'm also curious if anyone repeated that experient with sticking an XP machine directly on a cable modem to see how long it took to become compromised, but with SP2.

Re:PC != Windows. (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428765)

Care to name the windows services which you can't turn off?

RPC.

Re:PC != Windows. (1)

plague3106 (71849) | more than 8 years ago | (#15428869)

Win2k3, WinXPSP2 both have network RPC disabled by default.

I guess if you want to be fair, you can't exactly turn off IPC in *nix either, can you?

Care to try again?

Re:PC != Windows. (1)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#15429481)

Win2k3, WinXPSP2 both have network RPC disabled by default.

Do you mean firewalled or disabled? There is a difference you know...

I guess if you want to be fair, you can't exactly turn off IPC in *nix either, can you?

Interprocess communication & remote procedure call are completely different things (and RPC is off by default in my version of *nix)

FWIW:

nmap ubuntu_dapper:
PORT STATE SERVICE
22/tcp open ssh
nmap xpsp2 (firewall on):
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
nmap xpsp2 (firewall off)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
The only one of the above that has been changed since the install is the linux box, where SSH was turned on.

Perhaps you want to try again?

Re:PC != Windows. (1)

murdocj (543661) | more than 7 years ago | (#15429817)

Errr right OK. Maybe you should consider the fact that you don't have to stick a *nix box behind a firewall if you don't want to (although its more sensible to do so) because you can turn services off.

Hmmm... if you are under the impression that you can't turn services off in Windows, you are mistaken. Quite easy to do.

Re:PC != Windows. (1)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#15430166)

Please post detailed instructions on how to stop the msrpc service.

(Not firewall, stop)

Re:PC != Windows. (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15428626)

>The only people that have a problem with windows security are people that open email attachments without examining them, or people that still plug their machines into their cable modem

Don't get a falso sense of security if you have a firewall and a sensible approach to email attachments. Surfing the web is a major infection vector for Windows machines. A Windows security policy has to include something like running Firefox with the Noscript extension, and picking up Internet Explorer with tongs and putting it in a sealed container for transport to the hazmat dump.

Re:PC != Windows. (0, Troll)

GMOZ (977872) | more than 8 years ago | (#15428338)

If we listen to you, there are no virii on other OSes than Microsoft Windows... right...
Is this self-persuation or lack of knowledge ?

The only real thing that makes YOU susceptible to get a virus is YOU.
When you get a .vbs file or an unknown incoming bluetooth file transfer, it's your personal knowlege that is gonna be the key factor.

BTW, what do you mean by a "decent O/S" ?
Like OpenBSD is the greatest OS for running games...

Re:PC != Windows. (1)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15428416)

The only real thing that makes YOU susceptible to get a virus is YOU.
When you get a .vbs file or an unknown incoming bluetooth file transfer, it's your personal knowlege that is gonna be the key factor.


While I agree that user interaction is responsible for many problems, what if your OS picked up & executed executable attachments without user interaction? (see, the OS is important)!

BTW, what do you mean by a "decent O/S" ?

* One with good privilige seperation?
* One where you don't run as superuser by default?
* One where you can do most useful tasks (run an office suit, use usb devices) without being the superuser?
* One which doesn't artificially seperate into a "Home" and "professional" editions - of which, the home edition has missing security features [techtarget.com]

Like OpenBSD is the greatest OS for running games...

If you want to play semantics, then it depends what you mean by "games" - openBSD is far more capable of running old dos games under emulation then windows XP...

Re:PC != Windows. (1)

bibi-pov (819943) | more than 8 years ago | (#15428562)

While I agree that user interaction is responsible for many problems, what if your OS picked up & executed executable attachments without user interaction? (see, the OS is important)!

Wrong ! The mail client is important !
Use of a stupid mail client under Linux could doom you just as well as doing so under Windows, provided the virus has enough privileges to cripple the machine and/or is smart enough to escalate to a higher running level (stupid root password for instance).

Still the OS is not the cause of all the problems, it's also the platform (I'm ignoring the User on purpose here). For instance, leave a USB key with a boot virus in a PC runing which ever OS you want, the virus is still able to format the HD. I'm not sure there is the same kind of problems on a Phone...

If you want to play semantics, then it depends what you mean by "games" - openBSD is far more capable of running old dos games under emulation then windows XP...

You too got the usianTHEN.32 virus ? ;)

Re:PC != Windows. (2, Insightful)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15428512)

>To go back to the windows analogy, if MS had controlled all email networks [shudder] back when Melissa / Lovebug / etc hit, it would not have been such a problem.

I know some people who were working at Microsoft when "I LOVE YOU" hit, and it propagated through the internal corporate network just fine.

Any network is hostile if it lets endpoints talk to endpoints and if the endpoints aren't trustworthy.

PC == Personal Computer (2, Informative)

Jawbreaker4Fs (974108) | more than 8 years ago | (#15428553)

PC stands for Personal Computer, so we can extend the definition to include Macs, Commodore 64s... and why not toasters (ones that have embedded computers, of course).
This misnomer always bothered me.

I disagree (2, Insightful)

WinterSolstice (223271) | more than 8 years ago | (#15428103)

I think that thinking of this in terms of "PC equiv of 1988" is BS. In 1988 people weren't even sure if the PC was going to last. The world had just gone from dozens of machines which were completely incompatible (Commodore, Apple, Timex etc) to one system emerging as an almost standard. I know that the idea viruses or worms getting to this point was certainly out of my head at that time.

I also don't think anyone expected there to be so many machines attached to each other as we have now.

Basically, I don't think that a cell phone virus would have nearly the impact of even a simple PC virus due to the fact that (as the article states) people just aren't that unprepared anymore. Maybe if we all were given wide open Windows !Smart Phones? Besides - I think my carrier would probably *charge* me to run a virus :D

-WS

Disagree all you like, doesn't make it true (2, Interesting)

DrSkwid (118965) | more than 8 years ago | (#15428131)


http://vil.nai.com/vil/content/v_1169.htm [nai.com]

Stoned

Type
        Virus
SubType
        Boot
Discovery Date
        02/01/1988

Re:Disagree all you like, doesn't make it true (1)

shawn(at)fsu (447153) | more than 8 years ago | (#15428161)

Whoa, blast from the past. That was the first virus that ever infected one of my machines.

The "Your PC is now stoned" message brings back so many memories. Thanks...... I think.

Re:Disagree all you like, doesn't make it true (1)

WinterSolstice (223271) | more than 8 years ago | (#15428288)

What exactly is your point?

What I was saying is that the AV companies are trumping this up as "Oh noes! We're at the beginning of a massive onslaught of viruses for cell phones!". I disagree that we are seeing any such thing.

In 1988 things like Stoned came out (as you point out). However, the early viruses propagated mainly via shared files and boot disks. Cell phones by and large share only SMS messages, which go through a centrally controlled server (not a random ad-hoc network like email). SMS is very intolerant of long messages - you would have to create a payload in 254 Unicode characters.

Buffer overflows are no longer "rare". Code written in this day and age should be designed more carefully. I know mine certainly is. Little issues that I wouldn't have even considered in the 80's or early 90's are very much a part of my design and testing now.

Also - *documents* are not stored on phones as we know them. You have an address book? So? It could easily be wiped and re-done. Phone acting weird? You reset it or take it back.

Nothing about phones matches the usage or environment patterns of computers. There are no home-builds. There are no wild-west style networks. The sharing of pictures and like data via Bluetooth and MMS is still very unusual (and many providers charge for it or lock it down). An MMS virus comes out? Easily squashed at the central server.

Bluetooth virus? Bluetooth can be locked down or disabled entirely with no real consequence.

Add to this all that most phones aren't even compatible with other models from the same vendor, let alone other vendors. Add to it the fact that J2ME and the like are tightly locked down on the phones where it is even supported. This isn't 1988 - people are wary now.

So let me sum this up one more time -
Different tool, different purpose, different rules. Viruses will exist, but they will be a totally different sort of beast from that which lives on windows.

-WS

Re:Disagree all you like, doesn't make it true (1)

dieman (4814) | more than 8 years ago | (#15428312)

Bzzzt. Most phones can handle MMS now, which allows for absoultely huge 'messages' consisting of multimedia content.

Plus, imagine if someone figured out a worm for something popular, like a razr, and promuglated it over bluetooth. :) BT might not be turned-on-by-default for many phones now, but some day it might.

Re:Disagree all you like, doesn't make it true (1)

digitalchinky (650880) | more than 7 years ago | (#15431289)

I'm in the Philippines, the problem is pretty big here. It's restricted to bluetooth in so far as I've had any experience with it. Little more than a trivial annoyance, and pretty much exclusively limited to the Nokia brand (running symbian), maybe a few sonyericsson models in the P series. (I'm ignoring phones or PDA's that run Microsoft or Linux, since I don't own any)

If I switch on bluetooth (SE K750i) and wander out on the balcony, usually in less than a minute or two I'll start receiving virus files. I say it's a trivial problem since the vast majority of phones newer than about 3 years require user interaction before they will save the file, let alone execute it.

Most phones have a restriction on the size of an MMS, the networks (here anyway) also have a limit, somewhere around 300 kilobytes. Big enough for a virus, though I should think if any holes were present, they'd have been exploited fairly early on.

Re:Disagree all you like, doesn't make it true (1)

plague3106 (71849) | more than 8 years ago | (#15428800)

Phone acting weird? You reset it or take it back.

heh, if only it was that easy. I tried to download and install IM software to my phone; to finish the installation, the phone had to reset. It did, but it never again go past the first verizon screen. It instead reset itself again and again.

Verizon couldn't fix it (actually they blamed me), so the phone is now trash.

Re:Disagree all you like, doesn't make it true (1)

Brian360 (210854) | more than 7 years ago | (#15429595)

I guess it depends on where you take the phone and the mood of the person who helps you, unfortunately. I had a Nokia 3589i that I tried changing some setting on (don't remember) via the USB cable and some PC software (MobiMB). A few days later, when I rebooted the phone for other reasons, it got to the Verizon logo and rebooted... infinite reboot cycle. Took it to the nearest Verizon store and 20 minutes later they had fixed it and returned it to me, no questions asked.

(Note that I am in no way recommending Verizon in the first place. They cripple way to many features on their phones that caused people like me to try this "unsupported" stuff in the first place.)

Re:Disagree all you like, doesn't make it true (1)

DrSkwid (118965) | more than 7 years ago | (#15429477)

My point is you're talking crap that you know fuck all about.

> I also don't think anyone expected there to be so many machines attached to each other as we have now.

In 1988 Fidonet had already been running for 4 years.

Compuserve had POPs all over Europe.

I first encountered Cabir in King's Cross train station in London, I'd left my Bluetooth on after toothing on the train.

If you think people are unprepared, walk into a pub and search for Bluetooth handsets. And if you think that Joe Average has the slightest fucking clue about Bluetooth security you are deluded.

Bluetooth has an insecure history

http://www.infoworld.com/article/05/06/06/HNblueto othvulnerable_1.html [infoworld.com]

June 06, 2005

Two security researchers say they have discovered a technique for taking control of Bluetooth-enabled mobile phones, even when the handsets have security features switched on.

http://www.thebunker.net/security/bluetooth.htm [thebunker.net]

  In November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there are serious flaws in the authentication and/or data transfer mechanisms on some bluetooth enabled devices. Specifically, three vulnerabilities have been found:

Firstly, confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar, and the phone's IMEI.

> Buffer overflows are no longer "rare".

That would be rare not "rare".

When have buffer overflows ever been rare ?

You *almost* sound like you know what you are talking about.

Re:I disagree (1)

misleb (129952) | more than 8 years ago | (#15428368)

Basically, I don't think that a cell phone virus would have nearly the impact of even a simple PC virus due to the fact that (as the article states) people just aren't that unprepared anymore. Maybe if we all were given wide open Windows !Smart Phones? Besides - I think my carrier would probably *charge* me to run a virus :D

So what does it matter if people are prepared for it? How has being prepared stopped Windows viruses and worms? And even if preparedness could stop viruses on the whole, it isn't like users can go out and install anti-virus software on their cell phone (last I checked, I could be wrong). I think we really are in times roughly equipvilent to 1988 in PC years. Currently, the easiest way to propagate a phone virus is via bluetooth. Which is kinda like floppies in 1988. Soon enough, phones will be connected peer to peer.

-matthew

Re:I disagree (1)

truthsearch (249536) | more than 8 years ago | (#15428638)

In the 80s I was discussing viruses which were spread on floppies with my friends. Some the BBS's I used scanned uploaded files for viruses. Many thousands of computers were already hooked up to Compuserve. People were definitely expecting millions of machines to be attached to each other in the near future. Viruses were already actively being researched.

The reason personal computers will always be susceptible is because they're general purpose computers. A phone which only serves as a phone can not get a virus. But a phone which runs small applications like downloadable games can easily get a virus. It has nothing to do with the user being prepared. If a platform vendor chooses to allow apps they haven't written to run, then they need to proactively fight viruses. Either that or face a lot of annoyed customers.

Yes, it's mostly bullshit (0)

Anonymous Coward | more than 8 years ago | (#15428861)

Hyppönen and F-Secure just want to whip up the "mobile virus" scare to haul F-Secure stock price up. This is not to say that those mobile worms are not annoying, they are very annoying, but to install it you really have to be damn stupid.

There is no way the "mobile virus" people will get enough fuel for their pathetic attempts at creating a fire. The simple reason is that there just isn't that much potential, if you really know how those devices work.

So, mostly these stories are F-Secure PR bombardment.

Cellphone viruses (1)

SIInudeity (822415) | more than 8 years ago | (#15428104)

I remember removing my first bluetooth virus awhile ago, and back then was thinking, pretty soon, well need to have Nortons running on our phones, which needs to be regularly updated. Think I'll just stick to my 3210. If only my phone could take a shower (Yes, aimed at you Zuma).

Re:Cellphone viruses (0)

Anonymous Coward | more than 8 years ago | (#15428378)

My Nokia N70 came with "Symantec Security", although it's not "installed", it just has the installer pre-loaded. Norton won't be far behind I'm sure.
Shudder to think what that resource hog would do to a phone...

Re:Cellphone viruses (0)

Anonymous Coward | more than 7 years ago | (#15430378)

If only my phone could take a shower

Roll a condom over your phone and tie off the end. Problem solved.

My N70 had norton (4, Insightful)

vasanth (908280) | more than 8 years ago | (#15428125)

I was surprised to see that my nokia N70 came with Norton anti virus for mobile phones installed.. And expected it was hogging my phone resource making the menus sluggish and got rid of the crap...

I don't think mobile phone virus threat is much due to the varieties in platform the phones run.. Its just another way for anti virus companies to make money

Re:My N70 had norton (1)

lon3st4r (973469) | more than 8 years ago | (#15436105)

Did it pop up a window every so often and say, "What you are trying to do isn't allowed! Quarantined, deleted, formatted and terminated. Resitance is futile. You will be owned!"

mine does. ;)

* lon3st4r *

Was at F-Secure event today (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15428138)

Most of those Mobile Viruses are on Symbian based OS and the S60 series phones seem to be the worst ones.

Re:Was at F-Secure event today (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15428162)

"Would you like to install this application?"

Yes

"Are you sure? It's not signed"

Yes

"Are you positive, it could have come from anywhere!"

Yes

"Ok"

Damn phone!! why can't it just make phone calls! boohoo

Re:Was at F-Secure event today (0)

Anonymous Coward | more than 8 years ago | (#15434994)

Don't forget the network bandwidth is coming near broadband speeds. 384 kbit possible with GPRS/EDGE although not implemented yet. That is only 2.5 G , imagine 3G speeds.

The problem of Symbian comes from their security license model. Whatever you are, OSS coder, Free software coder, you can't get "security license" without money and you have to tell people "It will display security alert, Accept to continue".

So people get used to accepting/ignoring security alerts. You know what happened with "I agree" and "Next" buttons with Windows. ;)

FUD (4, Insightful)

edxwelch (600979) | more than 8 years ago | (#15428143)

I think the origonal story, which stated that smartphones were unsecure, is total fud. A confirmation dialog box comes up on you screen when some one tries to connect via Bluetooth (and most people have bluetooth switched off anyways, becuase it consumes power), so really this virus would never have a chance to spread in real life and only seems to serve the purpose as a scare story

Re:FUD (1)

packetmon (977047) | more than 8 years ago | (#15428348)

Most laypeople don't even understand what Bluetooth is let alone turning it off. This was a huge mistake assuming people understand why a port was open on a PC (135, 139) which gave way to massive worms and viruses. Even if you have Bluetooth turned off, that isn't the only avenue to spread a virus via cellular. Most phones nowadays have the capability to connect online somehow, so who's to say that someone couldn't craft in JSCRIPT or so.

Re:FUD (1)

elodan (601886) | more than 8 years ago | (#15428749)

The point is that some 'phones have a vulnerability which allows virii to spread without the confirmation dialog.

Re:FUD (1)

geo.georgi (809888) | more than 8 years ago | (#15429389)

Can you point to at least one phone with such vulnerability and working expoit?
Because I think there is no one.

Easy way to prevent viruses (4, Insightful)

Alicat1194 (970019) | more than 8 years ago | (#15428154)

Keep Bluetooth switched off unless you're specifically using it. No avenue of transmission = no virus.

Re:Easy way to prevent viruses (0)

Anonymous Coward | more than 8 years ago | (#15428302)

...and that bluetooth headset is sticking in your ear! Eeeeewwww gross!
 
/* reaches for alcohol

*glug*

Re:Easy way to prevent viruses (2, Interesting)

sparr0w (902739) | more than 8 years ago | (#15428306)

that'll work for BT transmitted viruses... but more and more cellphones are starting to use internet-esque transmissions methods over broadband cellular networks.... I equate BT transmitted viruses to floppy boot-sector viruses you'd be warned about in school. When was the last time you infected your Windows box by putting a rouge floppy in? How about from the Internet?

I think we need to take a more serious look at this problem. In the 70's and 80's, people laughed off the possibility of threats like these. Now, we spend millions of dollars trying to keep control over these growing problems. Hopefully we can take what we've learned with past threats and how they've evolved to help stop the flow across this new frontier... or at least slow them down. However, since many of these "smart" phones are already running versions of Windows, are we already doomed...?

Re:Easy way to prevent viruses (0)

Anonymous Coward | more than 8 years ago | (#15428568)

It'll add hours to your battery life too

Ground control to Major Tom (3, Interesting)

packetmon (977047) | more than 8 years ago | (#15428212)

Just because there aren't as many at this time doesn't mean it isn't likely to become a big issue in the future. What I perceive happening at some point is a rogue group creating viruses to steal contacts then selling those contacts. Imagine the market for say Pamela Anderson's phone list... Imagine one for say the phone list of the President. While doing network studies (CCDP) I thought about the dangers of a multicast worm/virus. It would work spoofing corrupt images say to MSN messenger or Yahoo messenger or any other IM client which is streaming ads... Once streamed an infected image would take over a victim machine... While the concept is theoretical it isn't that far fetched...

Re:Ground control to Major Tom (1)

Frankie70 (803801) | more than 8 years ago | (#15429120)


What I perceive happening at some point is a rogue group creating viruses to steal contacts then selling those contacts. Imagine the market for say Pamela Anderson's phone list... Imagine one for say the phone list of the President.


I assume these rogue groups aren't interested in Pamela Anderson's email contact list
or the President's email contact list but only in their phone lists for some reason.

Re:Ground control to Major Tom (1)

chawly (750383) | more than 8 years ago | (#15435399)

Can't, sorry

"Imagine the market for say Pamela Anderson's phone list..." pictures yes, 'phone list no.

I refuse to believe that this exists

"the phone list of the President" Name one president in office who knows how to use the 'phone ! Majority of them can't find the way to the toilet without help.

Danger everywhere! (-1)

Anonymous Coward | more than 8 years ago | (#15428241)

Woah! Quick, buy McAfee software for your Mobile Phone! Those who don't are in big trouble. There is a huge risk out there!!!!!!! Those who think they're safe are FOOLS!

Next virus targets: the iPod, your car, your bluetooth headset.

Re:Danger everywhere! (0)

Anonymous Coward | more than 8 years ago | (#15428469)

Next virus targets: the iPod, your car

Oh My God!! My car? I just know that Norton won't make an antivirus for my 1967 Chevelle. I'm doomed!

Today FUD, but tomorrow ...Umts,etc.... (1)

happyrabit (942015) | more than 8 years ago | (#15428246)

Even if today the thread is quite small as most blue tooth are off, once 3th generation phones will become popular and people will have services running on their phone and stay mostly always connected (imagine a messenger services on phones, sure some kids will love that) the thread will grow increasingly.
That's why it's important too take in account those potential threads when designing today the phones of tomorrow. We have a long experience with Os's and viruses, much major mistakes can still be avoided...

Wake up and smell the zeroes dude ;) (1)

biscon (942763) | more than 8 years ago | (#15428431)

Im sitting right here chuckling at your post with my 3G UMTS phone with.. guess what.. an MSN client installed. I even remember Orange launching a campaign specifically pointing out the built in MSN client (yeah they charge for SMS so I don't know why they wanna hype that feature). Anyway I don't use my phone all that much, especially not for MSN. But I have a SSH client as well which can be quite useful. Nothing like updating your ubuntu box while being at a friends house etc. I use the builtin browser for reading /. when im bored.

Sorry for showing off ;)

Re:Wake up and smell the zeroes dude ;) (1)

happyrabit (942015) | more than 8 years ago | (#15428592)

I know it's possible today, but today's market adoption of 3G is slow... and far from being mainstream. That's not a propice environment for virusses... still once everybody will have a 3G mobile (and your laptop will also be 3G) more and more community services will show up, and people will be connected for longer times, the virusses will point their nose.

The summary.... (0, Offtopic)

MustardMan (52102) | more than 8 years ago | (#15428263)

The summary.... is so confusing but i only read it once and it gave me a headache.... so i wonder if the people at zdnet passed grade school grammar... in the interweb world, all the article writers are making run-on sentences with no punctuation as are the submitters on digg, youtube, myspace, and slashdot. My migraine is on top of this one.

Oh, BS (1)

Odin_Tiger (585113) | more than 8 years ago | (#15428267)

Yeah, maybe theyre (I know I missed an apostrophe in that word, but for some insane reason FF keeps popping up the search (as in ctrl-f) box when I hit apostrophe but wont print it. wtf?) working on it, but not many virus -writers- are. If more people were focusing on writing viruses for cell phones and PDAs, you can bet your ass viruses would be all over. Theres an entire industry for stopping viruses, not to mention public and government pressure on OS makers like MS, and look how much good thats done.

Re:Oh, BS (0)

Anonymous Coward | more than 8 years ago | (#15428589)

theyre (I know I missed an apostrophe in that word, but for some insane reason FF keeps popping up the search (as in ctrl-f) box when I hit apostrophe but wont print it. wtf?)

A CTRL key has crud in it. Bang them both hard a few times.

That'll be $8.

yeah, "on top of the problem" (2, Insightful)

bobamu (943639) | more than 8 years ago | (#15428269)

by that I suppose they mean locking out the phone o/s to those who pay for certificates to sign their software with.

nobody will be able to crack that

This is fud there are no mobile phone viruses (0)

Anonymous Coward | more than 8 years ago | (#15428286)

There were some proof of concept exploits that were very hard to reproduce and unportable. Since mobile phones are so diverse you just can't technically write normal code that will run on 3 percent of them let alone write a virus that will do the same!
Bluetooth prompts for confirmation, thats not a virus thats a trojan.

Re:This is fud there are no mobile phone viruses (0)

Anonymous Coward | more than 8 years ago | (#15433568)

Ever hear of java?

Vira (1)

VincenzoRomano (881055) | more than 8 years ago | (#15428287)

The really bad news will come when vira will be available for:
- iPod(tm) through infected MP3s
- bluetooth earpieces through special whistles
- digital wrist whatches through vired organic batteries

Re:Vira (0)

Anonymous Coward | more than 8 years ago | (#15428668)

What on Earth is "vira" supposed to be?

The plural of virus is viruses.

http://en.wikipedia.org/wiki/Plural_of_virus [wikipedia.org]

Re:Vira (1)

chawly (750383) | more than 8 years ago | (#15435255)

Virii was the way old Julius said it . He has the patent.

Let me be the first to sing (0)

Anonymous Coward | more than 8 years ago | (#15428310)

Happy birthday to you.
Happy brithday to you.
Happy birthday, dear first cell phone viruuuuuuus.
Happy birthday to you.

Makes me glad... (1)

oahazmatt (868057) | more than 8 years ago | (#15428331)

Makes me glad that I never upgraded my reliable Nokia POS. Monochrome screen, no blue tooth, no browsers, no camera, no nothing. Just a phone, that's all.

Am i confused? (1)

RavenChild (854835) | more than 8 years ago | (#15428358)

Are we supposed to celebrate a virus's bithday? should we invite it to a party in our phones? It might want presents some of us can't afford.

Viral birthdays (1)

meringuoid (568297) | more than 7 years ago | (#15431319)

Are we supposed to celebrate a virus's bithday?

Only on January 5th. Happy birthday Joshi [nai.com] .

HOWTO avoid Mobile Phone virii... (0)

Anonymous Coward | more than 8 years ago | (#15428411)

the first mobile phone virus is almost 2 years old.

Do not buy as mobile phone that was build after 2003.

1986? (2, Interesting)

XO (250276) | more than 8 years ago | (#15428474)

I know Mac and Amiga had tons of viruses before 1986, and I'd be willing to bet PC's did, too.. just that PC's weren't quite so much for game use, so there wasn't nearly as much pirating going around then...

Re:1986? (1)

WWWWolf (2428) | more than 8 years ago | (#15428821)

Well, they specifically said "first PC virus". The first virus on PC was Brain [wikipedia.org] , which was in 1986.

Re:1986? (0)

Anonymous Coward | more than 7 years ago | (#15431404)

and yet, in the text, it says

...Ashar is an older version of Brain...

Obviously, it can't be the first computer virus if there is an older version, now can it?

Problem with the entire premise (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15428575)

F-Secure (whom I usually like) says that OS makers are prepared for the malware threat and that malware will fall on stonier ground that it did in the desktop PC world.

The phone OSes, oblivious to every lesson from the desktop world, are allowing software downloaded from a hostile network to do things that cost the user money and to propagate itself. If the OS makers were "prepared" they'd all be running that code in sandboxes, or virtualized, or at the very least with egress filtering ("Do you want to send your contact list to the National Enquirer? Yes/No").

Less of problem because.... (1)

mikesd81 (518581) | more than 8 years ago | (#15428905)

Couldn't it be because they just don't hook their phones up to a pc really? Even when downloading material, 90+% of subscribers will d/l from their provider. But in reality, most people won't download anything due to the fact it's just so damn expensive and has these insane license agreements. Plus people aren't really jumping on the whole "computer phone" idea like manufactures thought.

OS designers only need to do one thing (1)

sco08y (615665) | more than 8 years ago | (#15428925)

The problem we have on PCs is that the OS lets anything execute and then we run AV software that tries to stop a list of things running. What we need to do is have the OS whitelist good software, not blacklist all the bad.

Mobile phone OS designers have made the exact same mistake and in an environment that is far more conducive to viruses.

Re:OS designers only need to do one thing (1)

Joe The Dragon (967727) | more than 8 years ago | (#15428992)

Great so now I have to play more for games / apps because poser mobile only lets you buy / apps from there own store where they cost $15.00 or more and you can't use the games /apps makers own store when they cost $7.99.

third, not second. Don't skip zero. (0)

Anonymous Coward | more than 8 years ago | (#15429344)

Two years old is the /third/ birthday. Birth day = day zero.

It's the second anniversary of the birth day, though.

- chad

I Don't Think So (1)

Nom du Keyboard (633989) | more than 7 years ago | (#15429639)

now over 200 mobile phone viruses...Operators are on top of this.

To quote Roger Rabbit: "I don't think so."

If anyone was on top of this, there wouldn't be over 200 mobile phone viruses out in the wild. There would be none.

Saw this happen (1)

kadathseeker (937789) | more than 7 years ago | (#15430189)

Actually, my school was slammed by a phone virus that jumped onto the pc network after someone connected their phone to a pc over xmas break. They had to reimage the entire school. I thought it was hilarious because they take such a unnecessarily draconian stance on certain aspects of security but leave gaping holes like this. Serves them right, I'm glad I graduated and am moving on.

Happy birthday, dear virus (1)

AriaStar (964558) | more than 7 years ago | (#15430607)

Yes, you, you darned virus. We have had such a love-hate relationship the past two years. You love me, I hate you. Or at least you love me for my phone. Is that all I'm good for? Huh? Is it?! Fine, then I hope you have a craptacular birthday because you make people miserable. Viruses suck! That's it, I'm going to become a wormer. And yes, that cake is flavored with cyanide. Jackass.

Symbian (0)

Anonymous Coward | more than 7 years ago | (#15431278)

Any of you guys remember when Howard Stern had Jenna Jameson was in the studio and she got on the Symbian. That was hot. Not sure what it will do to prevent a mobile virus, though. Seems more likely to spread them.

new viruses (1)

john_uy (187459) | more than 8 years ago | (#15434743)

new viruses don't need to be complex. actually, much like the "i love you" virus, i don't remember the name but a new one reads the contact list and sends an mms message to them. (bummer for the person who will see his bill shoot up.) of course the receiving person will highly likely open the attachment since it came from someone they know and not from anonymous and unverifiable sources such as e-mail. they will open it and they spread some more.

my point is, i believe it is easier to prey on human weaknesses than to actually find exploits in underlying os functions such as bluetooth and ip.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>