February 15, 2005

Smartphone attacks - a timeline

Unlike most media articles, this one has body, in the form of a nice timeline showing the arisal and evolution of a threat. For that alone it is worth it! (Read the full story)

The following timeline gives a sense of the stepped-up pace of mobile phone attacks:

  • Spring 2004: A trojanized game called "Mosquitos" secretly sends messages to expensive toll numbers at the user's expense.
  • 15 June 2004: The Cabir worm replicates over-the-air via Bluetooth connections.
  • 16 June 2004: Cabir.B, a variation on the Cabir worm, is discovered. Cabir.B, which began spreading in the wild in autumn 2004, continues to spread today. To date, it has been detected in China, India, Turkey, the Philippines, and Finland.
  • 19 November 2004: The Skulls.A trojan replaces icons on the phone with skull images, making the phone almost useless.
  • 29 November 2004: Skulls.B is discovered.
  • 9 December 2004: Cabir.C is discovered.
  • 9 December 2004: Cabir.D is discovered.
  • 9 December 2004: Cabir.E is discovered.
  • 21 December 2004: Skulls.C is discovered.
  • 21 December 2004: Cabir.F is discovered.
  • 21 December 2004: Cabir.G is discovered.
  • 21 December 2004: The METAL Gear.a trojan encourages users to download and install it by masquerading as the popular mobile phone game Metal Gear Solid.
  • The most recent in this new wave of exploits, the trojan METAL Gear.a, targets mobile devices using the Symbian operating system. When run, it installs Skulls and Cabir variants and tries to disable antivirus and file-browsing products installed on the device - thus making the device extremely difficult for the user to repair. In addition, METAL Gear.a also makes a file called SEXXXY.sis available to any Bluetooth phones that happen to be within range; if the user of a nearby phone accepts that file, it will disable that phone's application selection button.


    Posted by iang at February 15, 2005 08:38 AM | TrackBack

    The thing about these is that they are all, from an attack/ vulnerability perspective, pretty primitive, requiring user interaction--basically you're inviting someone to download a sabotage element onto an environment where most users (compared to PCs) don't find actually downloading and running an application to be particularly intuitive.

    Basically, virus-wise this is stone age technology--while the actual platform and technical environment are new, the means required to get someone to expose themselves to risk and compromise are ancient. No doubt, someone somewhere will still be thick enough to download and run virus-infected attachments and programs, but you're nowhere near the armageddon levels of mass infection that would bring these things on the radar.

    Posted by: JMS at February 15, 2005 08:58 AM
    Post a comment

    Remember personal info?

    Hit preview to see your comment as it would be displayed.