Mobile Phone Viruses
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Mobile Phone Viruses

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    5

    Mobile Phone Viruses

    Hello all, this is my first post.
    I'm currently taking an Information Assurance class and as an assignment we are to research exploits and pseudocode the steps a virus/worm would take to infect and propagate itself. Sort of to get a feel for how they work and why they do what they do.

    I thought it might be interesting to explore the mobile phone route. All of the info I've googled up goes about 50/50 that mobile phone viruses are not possible but will be in the near future to they are possible and a few exist especially now that the new generation phones support J2ME and Vstript, the scripting language of the WAP that have the ability to access the calling functions of the phone.

    My idea was a virus that is trasmitted through SMS (short message service) and then transmits the Electronic Serial Number (ESN) and the Mobile Identification Number (MIN) either by phone function or though SMS again. Thus enabling the phone to be cloned.

    Question to all is how plausible is this scenerio. Far fetched? Current or distant reality?
    I'm not considering actually doing this, mind you, however considering the newness of any actual exploit, the info on the web is lacking.

    Thanks for your time.

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    SMS will only handle a maximum of 160 characters or less (depending on your Telco) AFAIK. This is not enough to support a "virus", "trojan" or "worm", as you just cannot squeeze the propagation algorithms into that little space. We need a new generation of mobile technology, that will bring the mobile phone, palmtop and PC closer together for this to present a viable threat.

    At the moment, I believe that there are things called SMS "bombs" which may take down an individual mobile phone, but that seems to be the current limit.

    Hope that this helps
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Junior Member
    Join Date
    Oct 2002
    Posts
    5
    That shoots that theory to hell. Thanks for the info.

    I did hear about a type of mobile virus called '911' in Houston that used the SMS to send a message telling to visit a certain website. When they did a script ran that caused their phones to dial 911. Anything to this?

    Maybe a script on a website could cause a mobile phone to send out its identification numbers? and then send the same SMS message to everyone in their address books?

    Would this still be classified as a virus?

    Thanks for the help.

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    i'm not sure about 911 but the only "malicious" thing that can be done to a cell phone so far is to "SMS bomb" them with messages untill they crash. with the new javascript phones out there, I wouldn't be surprised if any viruses came up againts them.

    hope this heps

  5. #5

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    You might like to broaden your topic to something like:

    "Malicious activities involving mobile phones: the present and future"

    Might even get to sell the script to Hollywood..............Mel Gibson & Harrison Ford...no ideas for the leading lady

    Just a joke, had to write that kind of stuff when I was at college!

    The point I wanted to emphasise that the thing would have to PROPAGATE of its own accord, and infect other machines, to be classed as a virus................there just arent enough available bytes at the moment...but give it 12 to 18 months and I do believe that it will be reality.

    That is why I suggested the change in scope

    Good luck, and every success in your endeavours!

    johnno
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    We need a new generation of mobile technology, that will bring the mobile phone, palmtop and PC closer together for this to present a viable threat.
    this generation is already here in the form of the XDA (and possible others).

    The point I wanted to emphasise that the thing would have to PROPAGATE of its own accord, and infect other machines, to be classed as a virus
    propagating of its own accord through-out a network would class this as a worm. to elaborate, a piece of code that was written to propagate and not infect or in anyway "harm" the client machine would be a worm and not a virus. if this program propagated and did "damage" it would be a worm and a virus. and there are programs that are just virus. this requires logical or physical transportation of the code to be executed on a target client.

    <opositue divided by adjacent>
    it may be possible to write a "mobile phone virus" that executes on a pc and uses the internet (or even normal telecommunication network, the TAP protocol and an SMSC) to transmit something to a phone that would cause it harm. for clarity; this would not be a worm, because the program requires you to logically transmit something to a target. true, you could automate this process but it would still not be a worm because it does not re-transmit itself from the targets phone (or pc(?)). so far, i have been vague about what is being transmitted to the target. that is because, for the code to be a virus, it would have to be code. that is, something that is executed on hardware by an operating system. SMS messages are just messages, data, plain text...or, not meant to carry code that is to be interperated at the receiving end of the transmittion. however, there may be flaws in the operating system of the phone that has problems dealing with certain data sets. that is to say again, that it may have problems decapsulating information in exceptional circumstances (there may be problems in a lower level protocol that causes everything to go wrong before the message has been extrapolated from the "transmittion" and passed up a level.) but this is not a virus because the code is not executed on the target. it is executed at the source. it exploits a specific flaw in the design of a system, hence this is simply called exploit code.

    so for now, as stated above by nihil, you can not write a virus or worm of popular definition. there is not really any grey area.
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  8. #8
    Junior Member
    Join Date
    Sep 2003
    Posts
    21
    I think this type of thing will become more possible with the large number of devices that are phones/web ready/email capable/handheld organizers, especially the ones that have an OS like Palm or WinCE.

  9. #9
    Yes mobile viruses are a reality.But they do not spread on SMS,i think.They are on java & email enabled sets.
    Well if u havent heard Microsoft has introduced new phones with Windows OS in it,I guess that should be enough to say that mobile vieuses are no more a weird fantasy.

  10. #10
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    Just to expand on the subject a bit, with the increasing connectivity of electronic devices viruses, worms, etc., are a growing problem. The average cell phone is internet capable, along with XBox, PS2, etc. Laptops, PDA's, and other such things too. (I'm a little drunk so bare with me...) The next couple of years sould be interesting. As was mentioned earlier, Cell phones are not too vulnerable right now for technical reasons, but who knows what the next few years will bring. Are we really coming into a world in which your phone needs powerfull firewalls and AV software? Is this what Alexander Graham Bell imagined when he created this?

    My first cell phone weighed 14 lbs and had a corded handset, my current one has a digital camera built into it. What the hell happened?

    I'm going to log off and sober up now.
    Real security doesn't come with an installer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides