?

Log in

No account? Create an account

Previous Entry | Next Entry

Well, it was bound to happen...

The first-ever cell phone virus has been reported by antivirus research firm Kaspersky Labs.

It's still quite primitive, infects only Symbian phones, carries no payload, and spreads via Bluetooth. As such, it's a proof-of-concept, not a dangerous virus. Unquestionably, however, cell-phone viruses have been demonstrated to be technically possible and feasible...pretty scary, when you consider that Microsoft, makers of notoriously insecure operating systems and Web server software (IIS is so well-known for its security holes that a lot of people call it "Inherently insecure Server") is getting into the cell-phone operating system business.


Comments

( 5 comments — Leave a comment )
sinboy
Jun. 16th, 2004 11:28 am (UTC)
I figured on this the moment people started writing OS's for phones that ran actual programs. I've yet to see a palm OS based virus, but I'm sure one could be written if it hasn't already.
tacit
Jun. 16th, 2004 12:19 pm (UTC)
Palms seem to be a poor vector for viruses, because they're not networked in the same way that cell phones and PCs are. Is it even possible for one Palm device to discover another and send a file to it without operator intervention?
sinboy
Jun. 16th, 2004 06:05 pm (UTC)
My guess would be that it'd require some sort of acess to the IR hardware interface. I'm not sure if you can turn off the "accept this file" querry they Palm OS asks if it gets a request from a nearby PAlm IR output.
alchmst
Jun. 16th, 2004 05:12 pm (UTC)
Just a note...

My McAfree Virus Scan Professional Edition scans my PPC every time I synch and has caught two questionable code sequences already. Since it uploads its own updates everyday, I feel fairly secure.

Funny how we talk about computer viruses as though they were autonomous...

"guns don't kill people, people kill people"
roadknight
Jun. 17th, 2004 11:25 pm (UTC)
Palms aready have bluetooth...
...have for a couple years now. There may be, somewhere in the depths of the PalmOS API, a way to turn off the "Do you want to accept this?" dialog, but I don't know of one.
My new snappy Tungsten T3 has Bluetooth built in and my M505 uses an
SDIO card.

Microsoft, while still a threat, has so far been getting their ass handed to them in the smartphone market. They got booted of the UK Orange network because their phones were costing them money in internal cust. support $$ above and beyond the airtime revenue they were getting from the customers using the M$ phone.

Bluetooth by itself is pretty darn secure. I've had a look at the Bluetooth spec and it looks like they gave security at least a few seconds thought as opposed to say, WEP. The biggest problem with Bluetooth is that it relies on the user to choose a PIN, which is used as a seed to an otherwise fairly secure encryption mechanism.
I know people with Bluetooth phones and their PIN is the usual braindead stuff like "1234" or "0000".
( 5 comments — Leave a comment )