proof-of-concept worm
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: proof-of-concept worm

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    proof-of-concept worm

    There has been discussion about this in the past, but here it is, a proof-of-concept worm that targets Nokia Series 60 phones or any Bluetooth-enabled device.

    EPOC.Cabir is a proof-of-concept worm that replicates on Nokia Series 60 phones. It repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device (ie even a Bluetooth-enabled printer will be attacked if it is within range).

    The worm spreads as a .SIS file, which is automatically installed into the "APPS" directory when the receiver accepts the transmission. Upon execution, it will display a message then copy itself to a directory that is not visible by default. The worm runs from this directory whenever the phone is rebooted, so it continues to work even if the files are deleted from the APPS directory.

    Once the worm is running, it will constantly search for Bluetooth-enabled devices, and send itself to the first device that it finds. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
    Full Write-up

    Cheers:
    DjM

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Damn. What's next? Firewalls and anti-virus for your mobile?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Originally posted here by SirDice
    Damn. What's next? Firewalls and anti-virus for your mobile?
    A couple of years ago people said the same about PC's..
    Firewalls are only for large corporations etc..

    So, I'd bet on it and will invest in the first person to make an AV for mobiles
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4

    Talking

    Originally posted here by the_JinX
    A couple of years ago people said the same about PC's..
    Firewalls are only for large corporations etc..

    So, I'd bet on it and will invest in the first person to make an AV for mobiles
    Or maybe we'll have people start pulling their heads out of thier asses and using cell phones as phones not as walking PCs, stereos, organizers, and ass scratchers... I personally am sick of people with cell phones.

    But that virus sounds cool despite what I just said, using Bluetooth to spread over cell phones is an awesome concept IMO.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by the_JinX
    A couple of years ago people said the same about PC's..
    Firewalls are only for large corporations etc..

    So, I'd bet on it and will invest in the first person to make an AV for mobiles
    You'd think they learned from their mistakes

    Just in case, I'm gonna buy a sh*tload of shares from the first company that makes a mobile AV
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    There is already antivirus available for some mobile devices.

    There is no automatic update though. You have to manually do it by loading the updated database. I have bitdefender on my palmpilot which is also bluetooth enabled. I have it configured so you can't discover it nor connect to it. Even with those settings, I'm able to remotely surf the internet or sync via bluetooth. Trusted devices are allowed to access it, but I have to manuall add them by "pairing" the two devices. (initiate pairing and use the same passcode on both devices)

    I kind of figured that we would see this type of worm/virus sooner or later.

    It is just the next step...

    With more and more devices having wireless (802.1x or bluetooth), I'd expect to see more of this.

    Despite the risks... I'd still buy phones and devices that function as all in one devices. My palm pilot (T3) is something that I rely on daily. Can I live without it? Sure... Do I want to? No way!

    SirDice: There are a couple of companies that provide "mobile av"...
    http://www.bitdefender.com/bd/site/d...php?menu_id=21

    Bitdefender has free av for both the Windows CE and Palm Pilot platforms.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by phishphreek80
    SirDice: There are a couple of companies that provide "mobile av"...
    http://www.bitdefender.com/bd/site/d...php?menu_id=21

    Bitdefender has free av for both the Windows CE and Palm Pilot platforms.
    I don't own a PDA (yet) so I haven't looked at it but thanks for the link

    Do you know of AVs for mobile phones? These seem to have more and more capabilities so I guess it's just a matter of time (this POC proved it already)
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Not that I'm aware of... unless they are running the Windows CE or Palm platform...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    blue tooth has a very limited range, and my 2 devices beep when something tries to connect. It then has to have my pin number in order to be copied or I have to over ride the security. This proof of concept is the basis of how blue tooth works. Any device on the market will do the same thing? The key word in the article is the reciever must "accept" the connection. The thing that makes this different I guess, is the file repeatedly tries to find other bluetooth devices. And copy itself. Which would play havac on printers, as they are always turned on. In reality though, no one walks around with their blue tooth transmitter turned on. Your cell phone and PDA wouldn't last very long. Unless you are playing around for some signals. In addition, your own device can be made "undiscoverable" meaning it won't respond to connection requests. Even if a phone is left on, every product I have seen times out after a period of no activity, because it sucks batt. power. The phone is basically running two transmitters and recievers at the same time. Just adding what I know, I understand this is a proof of concept and I also believe there will eventually be some kind of firwall device on the phone. Right now though bluetooth is exciting to learn.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #10
    Heh heh, I haven't had a cell phone for a few months now because of trying to cut down on bills. And you know what? My life has somehow managed to go on without a hitch!

    Seriously though, this is very interesting stuff. What's next?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •