Mabir.A Virus Targets Symbian Phones 199
adennis writes "Exploiting bluetooth and weaknesses in the OS, the Mabir.A virus, like its predecessor, targets the version of the Symbian operating system running on Nokia Series 60 handsets. Since Symbian is the dominant smartphone OS, found on phones made by Motorola, Siemens, Sony Ericsson Panasonic and Nokia, this virus could have great impact. Will mobile OS companies, like desktop OS makers, have to start an automatic update system, or will the OS creators have to start making their software secure?"
Same thing? (Score:5, Insightful)
Wouldn't an automatic update system serve to make the software more secure?
virus (Score:3, Insightful)
Remember when viruses were cool? (Score:5, Insightful)
Nowadays, viruses are so pussified that they need to ask the machine owner to install them. How sad.
Security? (Score:4, Insightful)
Ofcourse they have to be secure. (Score:4, Insightful)
Re:Ofcourse they have to be secure. (Score:4, Insightful)
Anyone that gets infected with this gets what they deserve. Hopefully at this point, you wouldn't open a strange file attachment, so why would you accept a strange file on your phone?
Well, I'm not impressed (Score:5, Insightful)
I received over 20 identical messages by Bluetooth messaging, all containing a single application-installation file: caribe.sis I had to approve the reception of the message first before I could view the contents. As I browsed the message contents, a further warning that it contained an application was issued, and I image the standard "not-signed" warning would as well if I'd try to actually install it.
That's 3 warnings I would have to ignore before the virus is installed. Surely in this day and age anyone's brains would have kicked in and wonder whether it would be a wise idea to install an unknown program sent to you by an anonymous stranger? Mobile-phone virii are all still very proof-of-concept in my book...
Elementary measures (Score:5, Insightful)
Not having every single Bluetooth service known to man switched on by default when the phone leaves the factory would be a good start. The first thing I did when I got my new PDA phone was to switch everything off except the BT Headset and File Transfer which I set to Maximum possible security since it wasn't set like that by default. Strictly speaking the FT services should only be activated on a need-to-use basis but I don't carry alot of sensitive information on my PDA phone and what there is I have encrypted on an SD card. That would incidentally be another good idea, if manufacturers were to install some sort of file-vault software as standard. I had to install the file-vault software as an optional software package from the companion CD that came with my phone.
Re:Ofcourse they have to be secure. (Score:4, Insightful)
Why? Why can you live with your computer being insecure? Why do you accept this? Especially when there are secure alternatives!
Re:Want a surefire solution?? I have the answer. (Score:5, Insightful)
What a great idea. I'm sure this will work just as effectively as the USA executing alleged murderers - brutal as it sounds, it has at least reduced the murder rate to one of the lowest in the world.
Another FUD from F-Secure (Score:5, Insightful)
No OS creator cares about security. (Score:3, Insightful)
All commercial operating systems are written to the point where the security is just good enough to sell the product and no further.
When operating systems are tied to the product or the vendor has a monopoly on their market then the point of 'just good enough' is reached long before the end user can regard the product as secure.
I predict: Software security will only become worse as consumor adoption of future devices hostile environments such as the internet increases. Within 10 years, end users will be comfortable with performing routine software maintainence on a myriad of devices they currently consider reliable over the life of the product. This will include: all communications products; vehicles; home automation and security; entertainment systems; electrical white goods and diy tools.
When the dominant multi-purpose operating system can be regarded as usuably secure out of the box for the life time of the product, then I'll reconsider.
Worms (Score:4, Insightful)
Re:Ofcourse they have to be secure. (Score:3, Insightful)
Re:Another FUD from F-Secure (Score:3, Insightful)
Simple trick, don't buy phones known for crappy security. Symbian phones have been attacked before...
Though I agree this highly bad virus that requires the users permission to install is hardly a "virus" and more of a darwinism.
tom
Re:Ofcourse they have to be secure. (Score:2, Insightful)
Re:Repeat after me... (Score:2, Insightful)
This version of the worm propagates by MMS.
Re:Same thing? (Score:5, Insightful)
On a different note, what I'd loathe to see (but may be inevitable) are goddamn antivirus programs for phones. Imagine those things updating their virus dbs, etc. every time you switch on your phone...
Re:Same thing? (Score:4, Insightful)
From TFA...this is a bluetooth virus. This is no different than all of the wireless routers broadcasting ssid with no encryption and the default admin password still on there. The only update that would save people would be one that forces you to change the password from 1234 if you have bluetooth enabled and are broadcasting your ID.