January 23, 2006 - Disinfecting Your Phone Without Lysol?
by Jeff Moss
I suggest securing your smart phone before attending Black Hat Federal next week or any other time you go out. Sophisticated attackers are now starting to concentrate on mobile platforms. We will soon see attacks going from primitive to advanced, especially considering almost all “important” people now own a smart phone.
Jarno Niemelä focuses his latest research on the Symbian OS. He has analyzed a number of primitive malware to date, what does it look like, where is it going, and how to get rid of it, which is not always easy.
Mobile Malware
by Jarno Niemelä posted January 23, 2006
Symbian malware, can it all be blamed on stupid users installing stuff?
During the past year, there has been quite a lot of publicity about viruses and worms that can infect Symbian-based phones. Also during that time there have been quite a few public opinions, which claim that the Symbian virus problem is greatly over hyped and users are to blame as the phone asks yes/no questions several times during installation of Cabir or other Symbian worm.
But is it really so easy? Us technologists like to blame users for being stupid or ignorant. But most often that is just an easy way out of uncomfortable problem.
Yes, it is true that the phone asks questions several times before Symbian malware is installed into a phone. But these questions could be written in a much more understandable way. Plus, just opening a bluetooth message in the phone inbox should not automatically start installation of whatever arrived in the message.
One has also to remember that people, who want their worms to spread and infect as many phones as possible, create Symbian worms. Thus the worm authors try to use the Symbian features in such a manner that forces users to answer “yes” for all questions.
For example, Cabir uses the tactic of constant bluetooth file transfer requests, thus bombarding the user with endless yes/no questions, and frustrating the user until he starts answering yes all the time.
This behavior can be demonstrated in this video.
Post-Exploit Automation
I’m in. Now what? spoonm and company originally built a framework to research and automate advanced exploit techniques. Over time, they realized that the framework could go far beyond just the initial entrance vectors. At Black Hat Federal, spoonm and skape will talk about their new work advancing the state of the art in automated payload delivery. Watching them hide a VNC server inside your running text editor or the LSA service is pretty cool and scary at the same time... read more
Worm Evolution
Worms are moving to the next generation, as evidence by new research from Dave Aitel and Billy Hoffman... read more
The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules