|
-
March 1st, 2004, 07:24 PM
#21
a "high-level" ASM that works across all/most cellphones allowing for better manipulation of low-level functions and such, but still not specific to one phone.
That will never happen. There are currently several different OS'es that are being used on phones, symbian, palmos, windows ce, etc... Not to mention that there is not a single standard in terms of how the phone "desktop" operates. Even with Nokia phones there are 4-8 different ways of programming the phone to work depending on which model, and how old it is.
There will definitely be issues that impact one specific phone, or type of phone. But there will not be a virus/malware that will attack all phones effectively.
-
March 1st, 2004, 07:39 PM
#22
Originally posted here by mohaughn
That will never happen. There are currently several different OS'es that are being used on phones, symbian, palmos, windows ce, etc... Not to mention that there is not a single standard in terms of how the phone "desktop" operates. Even with Nokia phones there are 4-8 different ways of programming the phone to work depending on which model, and how old it is.
There will definitely be issues that impact one specific phone, or type of phone. But there will not be a virus/malware that will attack all phones effectively.
You are right about there being different platforms, but that still doesn't protect the phones from participating in dos attacks, flooding email servers with useless messages, and social engineering and identity theft.
There's lots of security one should take into account, for instance, does the phone have internet access, also, does it have bluetooth enabled. Such things can be used adversedly, for example, and this is just speaking hypothetically: An mass email get's sent to thousands or millions of phones, by using a script to just mail xxx-xxx-xxxx@sprintpcs.com . Now this email has images it's suppose to display (it's an html email) those images sit on a webserver. Upon request of the image, the webserver scans the requesting ip to determine the OS of the phone and use a known exploit (Possibly some ActiveX in a M$ phone, or some java sploit for a nokia).
This is not imagination, I think it's just more a matter of time, before virus writers, really start getting more creative with their code.
--PuRe
-
March 7th, 2004, 10:58 PM
#23
Member
Well....theres alot of factors this depends on..but I think it would be possible, I have thought of this some myself and ran into some walls...
Differing operating systems and architectures...I wouldn't see how you could get past this..unless you were either sure that certain people were on the same cell phone..maybe you have one host device..sending to poeple who are known to have that type of phone and/or config?
The only other thing, would be assuring that it actually spread. Possibly thru there phone book etc etc, or maybe even a certain list of targets..that you've coded into the malware. And quite possibly...you could use this for flooding purposes....
I could see alot of spreading, but what would happen if you sent a code from a palmos to a windowsce based device?
And the only thing I would see wrong with that phone book theory...is that they would probably see that your sending a file..doesn't totally gauruntee that they'll d/l the file and exec it.
Signature image is too tall!
-
March 7th, 2004, 11:20 PM
#24
is a self propogating worm that infects microsoft active sync through windows xp possible? both of my pda's use active sync and I am just a small part of the world. They also have wireless ethernet cards.
When death sleeps it dreams of you...
-
March 8th, 2004, 12:33 AM
#25
Makes me all the more glad that I don't have or ever will have a PDA nor do I have an internet-capable cell.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
March 8th, 2004, 02:16 AM
#26
Member
lol, i'm getting a pda in around a month or two but....geesh...these things are expensive!! o.o
And yes I think it would be possible. Just don't count on it being a "big" concern..I would think that unless you could find a way to launch this attack remotely..i.e send it and launch it....you shouldn't be in that big of a pickle. Since if they have physical access somehow then they could do worse things.
As far as I know, the virii world thru pda's is up and coming, but as there are many big differences between pda's and pc's alot of them can't be carried over. However, more ontopic..what I mean to say is that yes it is possible, but don't expect it. pda's and wireless are still "fairly" new..we still have yet to have an overall use for this on the side of worms.. I mean..how many atm's do you see running wirelessly? Or..anything with highly secure data that would prove really useful? I think, on the subject of worms, corporate wireless networks would be more of a useful attack then pda's..
Signature image is too tall!
-
March 8th, 2004, 03:06 AM
#27
Why not expect it? A simple attatchment sent to a few hundreed email accounts with a virus that sends to everyone on that persons address book and it's done. Especially if it spreads like the worm that took out SCO.
With that large of an infection it would surely spread to enough PDa's. But ohwell it's only speculation, why plan for the future. Or am I way off in thinking it's gonna happen sooner than later.
When death sleeps it dreams of you...
-
March 8th, 2004, 11:39 PM
#28
Member
I might be correct in thinking..that it's already in development as we speak.
As for the problem, it was the whole thing about people not opening the e-mail. You would have to come up with some naming convention..because these days you see a commercial every 2 or 3 hours like AOL or whatnot..that they have AV and that it scans "Attachments". The world is alot more open to that sort of thing now and distrust attachments.
But maybe..there were software(s), that update certain things....like lets say a form of windows update, that could be a possible form of infection..although harder..it could probably be done.
Signature image is too tall!
-
March 9th, 2004, 08:13 AM
#29
I think a limiting factor in cell phone and pda trojans/zombies is that for cell networks, they are running at high capacity already. It doesn't matter if you can get a DDoS type trojan onto every single cell phone in America or what not. If you initiate an attack, the cell-tower will be overloaded. Granted there would be quite a bit of bandwidth, but only maybe 5% or so of the cell phones could acturally attack since the tower would become overloaded. You have much less effective attacks due to this, although it can still be crippling. It could at least prevent anyone with a cell phone from calling 911 since the tower might not be accepting any more cell-phone traffic.
For PDAs, they usually are not connected to the Internet 100% of the time. They don't have enough power to maintain long range, high-speed connections 24/7. Their batteries last maybe 7/8 hours with the backlight off and nothing running. That number quickly drops when it is under load and with a wireless card, but I don't know by how much since my PDA doesn't have a WiFi card. Also, PDAs are fairly easy to turn off, and currently you would need a specialized virus to have it start back up and hide when you turn the PDA on/off.
PDAs could be where an attack is controlled from since they are somewhat inexpensive and easy to throw away. A simple hard-reset could eliminate pretty much all evidence, since they don't usually store stuff in permanent storage like a HDD. But as for the zombies, I think they could be a threat, though not an effecient one. I'd probably be more concerned if a virus could steal my cell-phone ID, account number, hack into the cell-companies database to get CC detials, etc., but I guess I'm lucky my cell phone doesn't work in the USA. 
-
March 9th, 2004, 09:47 AM
#30
Junior Member
I've often wondered why I haven't heard more about viruses spreading through bluetooth enabled devices. I don't know much about bluetooth standards so maybe it's to difficult to bother with or just not effective enough to bother with, but I can definitely imagine a few uses for this type of malware. Especially with the U.S. E911/GPS requirements in cell phones these days. Talk about privacy concerns; a malware author could track movements, messages, calls made, calls received, etc... I'm sure somebody will come out with a phone (if it's not out already) that has the ability to record a phone conversation - aaayyy that's a scary thought!
As for spreading from one phone to the next, it seems like the malware would only need to target the application/OS in question. After all, MS is not likely to modify Pocket PC to the manufacturer's phone specifications. I'm sure it's the other way around.
On a side note, the new Lexus LS 430 is bluetooth/wireless enabled. I'm sure this feature could be used to extract information about the vehicle at the very least. It seems the more technologically advanced our society becomes, the more disaster prone it gets.
_TOMDAQ
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote