Viruses Find A New Host: Cell Phones

An anonymous reader writes "A NYTimes article (free reg) describes the dangers posed by viruses as 3G and text-messaging become more common, inluding an incident in '01 where numerous phones in Japan began calling 110 (equivalent to 911 in the U.S.). Wired mentions 13M vulnerable phones in Japan alone." (And that was a few years ago.)

nothing is safe..

[r00tw0rm]

nothing is safe in this world anymore!

Re:nothing is safe..

[pvt_medic]

Oh its much much worse than that. With the growing trend of electronics being networked and intigrated into a bigger system think of the fun a virus could have.

• Your fridge goes crazy and starts attacking you with ice cubes.
  
• Your coffee machine makes something tasting like crap.
  
• Your garage door shuts on the car as it backs out.
  
• And the laundry machine fills the house with soap suds.
  

Oh what a virus writers dream. A whole house on the fritz.

Re:nothing is safe..

[murphyslawyer]

• Your coffee machine makes something tasting like crap.

Even worse, your Nutri-matic drink dispenser could start producing beverages that are almost, but not quite, entirely unlike tea.

Re:nothing is safe..

[NattyDread]

Your fridge goes crazy and starts attacking you with ice cubes.

Your coffee machine makes something tasting like crap.

Your garage door shuts on the car as it backs out.

And the laundry machine fills the house with soap suds.

You don't need to wait for a virus. children are more than capable of all of these activities!

Oh, wait ....

Re:nothing is safe..

[jd_esguerra]

Your coffee machine makes something tasting like crap

Too late.

Virus HAH!!!!

[Prince Vegeta SSJ4]

have you seen the quality of new homes these days, mine does this all by itself.

Welcome your new cellphone overlords

[t0ny]

I was reading an article (maybe a year ago) from a guy working with Nokia doing the cellphone OS. He basically said they are really buggy, since the company just wants to get the phone out, and not give them time to make a solid (and secure!) OS.

Since newer generations of phones, with new features, are just being made with upgrades to the old OS, that means new bugs and security holes are just being layered on top of older ones...

Anyway, it will probably be for the best when 'standard' phone OS's become ma

This is only going to get worse

[Pingular]

as mobile phone technology advances. Mobile phone manafacturers need to remember security, and possibly send out fixes for vunerabilities that are free to download.

Re:This is only going to get worse

[JediTrainer]

send out fixes for vunerabilities that are free to download

The fixes, or the vulnerabilities?

Re:This is only going to get worse

[lanswitch]

Since more and more phones are running some kind of windows, I expect both.

Re:This is only going to get worse

[robogun]

Verizon (the one US provider I am familiar with) already does this, but you have to initiate the install (*861 or something as I recall). However, after the last update, all of a sudden I couldn't get the reception I used to, and I had to punt that phone for Cingular. As I remember, Verizon was having a real problem with text spam.

Re:This is only going to get worse

[Pingular]

punt that phone for Cingular
A play on words?

Re:This is only going to get worse

[robogun]

You didn't just register today? heh

Re:This is only going to get worse

[Blue Stone]

It might not end up being too much of a problem:

There is no fooling them now.... Youth look to basic functions first.

96% of all 15-24 year olds now own a mobile phone. It is so central to the lives of young people that technology companies wishing to market new devices with added functionality must ensure that new "improved" models still operate smoothly as a phone. Whilst SMS text messaging has been a huge success with this particular age group there is huge frustration with technological updates that do not give optimum performance such as 3G, MMS and WAP technology.

Young people have grown up with high functioning phones. They are simply not prepared to replace them until something equally functional is available.
22 year old Greg explains; "My Nokia has a stand by time of about 2 weeks. This (3G phone) barely lasts two minutes."
Is it perhaps for this reason that 3G as a service and 3 as a brand has not completely captured the imagination of the youth market?
One 19 year old explains: "There is some quite interesting stuff on there - the goals, the video clips and calls - but there's no way I'd get one until they sort the phone side of it out."

Young people do not want to risk investing in technology which might not deliver.
Liz studying at Art College explains; "It's pointless launching a phone that doesn't work as a phone - you'd have to carry two handsets with you, have two contracts."

Findings published by the ROAR consortium based on extensive qualitative research including placement and deprivation exercises, in-depth interviews and focus groups as well as interviews with 1063 nationally representative 15-24 year olds show young people would rather wait until new technology can be guaranteed to deliver on its promises before they will invest in them. Many are adopting a "wait and see" policy when it comes to 3G.

79% of 15-24 year olds neither own nor intend to own a 3G phone within the next 12 months

Video calling and messaging mean that youth will have to learn a new vernacular and at present find it slightly uncomfortable.
24 year old Joanna said; "My brother in law has 3 already, so I was video calling him, and it is funny we get on really well normally, but those calls felt a bit awkward."

Most 15-24 year olds feel that the ability to use the visual aspect of the video calling and messaging can be both unnecessary and unwelcome. They feel more pressurised to tell the truth and worry about their appearance.

During a two week trial period of 3G handsets the ROAR consortium found that although most 15-24 year olds were initially impressed by some of the media content found on 3 they tended to be less enamoured by the end of the trial.

One male respondent said: "You did think wow premiership goals - and it was quite cool being able to get them first of all but even though it was free I wasn't bothering to do it that much."

When there are faster and easier means of accessing the content currently provided on a 3G handset can 3 really compete against this climate of media saturation?
The research highlighted a way forward for 3G technology. While there are obvious issues with the basic functionality of the phone, there are also lessons to be learned from other areas of technology. Young people want to be able to share the media content they download and 3G doesn't allow them to trade movie clips with each other, making the experience more solitary. Similarly, it gives young people no options for customisation: they can not make it their own.
Similarly, 3 could learn from the likes of Sony, Nokia and Apple companies which have earned the trust and respect of many 15-24 year olds creating products that are easy to use and fit well in their lives. These brands have been innovators and are known for producing products that operate effectively. Young people aspire to own these brands. Toby from Milton Keynes said; "I'd buy a Sony minidisk, cos they invented them, they know what

Virus as surveillance ware

[Wardish]

After the recent use's of in vehicle mounted cell phones for surveillance I would how long it will be before they (they being anyone legal or not who has a reason to listen) infect your cell phone with snoop and control software.

*chuckle* The next couple of decades are going to be interesting.

They already do surveilance on mobile phones...

[Von Helmet]

There's been a couple of murderers and rapists and the like in the UK lately who have been caught based on mobile phone records. A murder trial - two young girls, very nasty - that's currently taking place involves the evidence that one of the victim's mobile phones was switched off outside the suspect's house the evening that the girls went missing.

It's all fairly simple stuff at this stage, though it's kinda the stuff we've been seeing in films for years and scoffing at on the basis that it's "so unreali

Reg Free NYT Link

[Anonymous Coward]

New York Times Article Registration Free [nytimes.com]

They are not Viruses

[phunster]

They are Virii

Re:They are not Viruses

[Aliencow]

And we're both genii !

Re:They are not Viruses

[YouHaveSnail]

No, no. You're thinking of the plural of virius. As far as I know, virius is not a word in either English or Latin. But if it were, it's plural would be virii, just as the plural of radius is radii.

Now, virus did start life as a Latin word (meaning 'slime,' or 'poison,' or 'bitter taste'), so I think it's fine to use the Latin plural viri. But as it's used in English, virus has a meaning different from that of the Latin word, so I think it's also fine to use the English plural viruses. If you do go with th

Re:They are not Viruses

[YouHaveSnail]

Actually, my dictionary ("The Classic Latin Dictionary," Follett Publishing Co., Chicago 1957) gives it like this:

virus -i n. I. a slimy liquid, slime, Verg. ...

The "-i" means that the plural is in fact viri. The "n." means that it's neuter, which is weird since -us (singular) and -i (plural) are second declension masculine endings. If it's neuter, it ought to look like "virum" in the singular and "vira" in the plural. Perhaps it's a misprint in the dictionary and virus is in fact masculine, or perhaps t

This is an opportunity to get it right

[Lupulack]

The internet wasn't designed with security in mind , but these new 3G/4G phones can be.
Isn't this a chance to do things right , rather than repeat the design oversights of the past?

Re:No, the internet was designed /w security in mi

[Lupulack]

The internet was designed with reliability in mind , it's meant to route around disasters ( read : nuclear attack ) to keep communication lines up.

If it were designed with security in mind we wouldn't have to bolt - on such additions as SSL or certificates. These are meant to work around the problems that we face now.

Admittedly these wouldn't be such a problem on a purely military network , where every machine has a static IP and a known owner. But that's not the world we live in , is it ?

reliability and redundancy

[quinkin]

"Popular opinion once held that the ARPANET was built in direct response to nuclear threat. This is not true. It's design was built around reliability and redundancy so as to allow communication to continue between major nodes in the case of an attack, but was not originally designed under the threat of nuclear war."

Ref: UTexas [utexas.edu]

Q.

API

[the uNF cola]

There should NEVER be an api to mess with the phone numbers and dialing.

keep them seperate from your applications. otherwise you have these silly problems.

Re:API

[bloodrose]

Silly problems will arise whether or not an API is present or not. Murphy's Law and all.
The only thing one prevents by locking out developers is a steady pace of progress.

Re:API

[wfberg]

There should NEVER be an api to mess with the phone numbers and dialing.


So, no third party addressbooks/PIMs, no handy apps that prepend special *# network codes for roaming purposes (as used in some SIM toolkit applications for international roaming w/ prepaid phones), no apps that encrypt your phone conversation end-to-end using normal (not VOIP) connections so you don't need to use a data stream, etc..

Actually, that's exactly what the networks want! No third-party messing with calls, complete network services lock-in! So no worries there, then.

Re:API

[the uNF cola]

nope. no special third party addressbooks/pims. no handy apps t prepend special #'s, like 911 pause pause pause..

I'd imagine encryption to be hardware based, since software ones would take up more cycles and power. and it has nothing to do with lockin. It doesn't prevent another company from transfering your # from one phone to the next, or hooking up some hardware to switch your current phone from one thing to the next.

Re:API

[BuckaBooBob]

Ever see a Phone book on a cell phone that didn't dial the number when your pressed 1 button or used voice recignition?

The use is allready there and expected to be there.. removing this feature for the most part would defeat the usability of your cell phones phone book. no-one wants to jot the number down so you could dial it when its allready in your cellphone.. The public wouldn't accept that feature disapearing.

Re:API

[the uNF cola]

Er? nononono.. not the thing that attaches a button to a cursor to a phone number. i'm talking about the connection from the OS to your phone book. Make sure the OS has no way of communicating w/ the phone book.

Re:API

[BuckaBooBob]

But the phone book is a intrgral part of the OS.. Seperating the Phone book from the OS would drastically cripple the OS and stifle innovation..

Oops! I guess that only applies to Phones using a MS OS with "PhoneBook Explorer"

Re:API

[the uNF cola]

Good! Great! I wish they would do that so my cell wouldn't get someone's stupid virus.

Imagine if they didn't tie IE to the OS. It'd be a lot harder to get those stupid activex viruses, eh?

Re:API

[ron_ivi]

" There should NEVER be an api to mess with the phone numbers and dialing."

You have got to be kidding. That's _ALL_ I want my phone to do.

Just let me control the software that deals with those APIs by explicitly installing it; instead of having the instant-message-chatroom-client that i never wanted install junk for me.

Re:API

[the uNF cola]

The big problem is, humans make mistakes. Not that humans never can perform a task w/o a mistake, but it's always possible. Implementing an API to access the phone book and dialing mechanisms, can lead to a new virus platform, phones, which in turn, can lead to a lot of headache.

costs

[Anonymous Coward]

Japan should charge the phone company for each fake call to recover costs.

If companies are held financially liable it will force them to do a better job of programming and testing software.

Re:costs

[whiteranger99x]

Japan should charge the phone company for each fake call to recover costs.

Oh yeah, THAT'S a real good idea, all the phone companies have to do is suck up the charges to save face and then pass the bill onto their customers as a anti-spoofing tax or something like that.

If companies are held financially liable it will force them to do a better job of programming and testing software.

*Chortles* Right... [microsoft.com]

Re:costs

[pvt_medic]

just like how all the software companies should be held liable for thier faults. The only thing is no matter how good a programing job one does there is always a way around it.

Re:costs

[whiteranger99x]

just like how all the software companies should be held liable for thier faults. The only thing is no matter how good a programing job one does there is always a way around it.

I couldn't agree more, there will always be someone around to circumvent or exploit exisiting code for their own purposes, be it good or evil. While I don't like playing the blame game with software companies and software, they should be liable for any damage their software (intentional or otherwise), especially if it interferes with emergency or mission critical systems. Of course, maybe I'm being too idealistic, or Polyanna as it were...

Re:costs

[neonstz]

Oh yeah, THAT'S a real good idea, all the phone companies have to do is suck up the charges to save face and then pass the bill onto their customers as a anti-spoofing tax or something like that.

Well, in the end the average guy have to pay anyway, either by taxes or by the phone bill.

Re:costs

[kavau]

If companies are held financially liable it will force them to do a better job of programming and testing software.

*Chortles* Right... [microsoft.com]

When has Microsoft ever been held financially responsible for the damage its product caused?

Liability of the software maker is certainly a double-edged sword (think of Open Source contributors...). But don't you think if Microsoft were forced to pay some multi-billion dollar amounts for the damages caused by Blaster & Co., they would really start taking the wh

Re:costs

[murphyslawyer]

• If companies are held financially liable it will force them to do a better job of programming and testing software.

I realize I'm sort of feeding a troll here, but everytime this sort of "Company A wrote buggy code" thing comes up, somebody starts harping for the company to have to be responsible for their code. Say Microsoft has to be financially responsible for the problems generated from their code - they'll just change the EULA to say "If this software kills your system or eats your children, it's no

Re:costs

[NanoGator]

"Do you really want to be responsible for all the code you write for all time?"

Not if I didn't write the virus.

Re:costs

[BuckaBooBob]

Software companies should be held liable for bad/poor practices. Most exploits are based off a few concepts which are a result of poor programming practices....

Every Student in a univeristy that takes any sort of programming (Well any learning institution for that matter) should be taught Proper programming practices. That would include Exploits and how to write "Trustworthy" code.

When you look at the trend, Buffer/Stack overflows make up a massive majority of exploits. But since it is a well known prob

should be easy to fix

[SemperUbi]

I don't see why the protocol for text messaging can't be set so that only ASCII text is sent and received, making any kind of embedded script pointless. Then again, I don't know that much about cellphone protocols to begin with. It just seems as if it SHOULD be easy to prevent.

Re:should be easy to fix

[An Economist]

IIRC, something was done 1-2 years ago demonstrating a buffer overflow when the header of a text message was augmented.... rather than the message itself, but I think it only affected a single model of phone and froze them... IIRC.

Sorry no links, just remember it! Tried Google but nothing other than noise (for my purpose anyway). Would welcome anyone posting a link they may have had bookmarked so I can refresh my memory.

Re:should be easy to fix

[wik]

Perhaps you're thinking of the Siemens buffer overflow:

http://seclists.org/lists/bugtraq/2003/May/0076.ht ml [seclists.org]

The phone would lockup when sent a percent sign in the right part of an SMS message.

Re:should be easy to fix

[Anonymous Coward]

Japanese #1: "My phone has a strange message, what does it say?"
Japanese #2: "I do not know. I don't read ASCII either."

Re:should be easy to fix

[LiquidCoooled]

VBScript is ASCII only, that doesnt stop the virus - the problem is the software on the phone is able to perform (or can be overflowed to produce) actions based on the input recieved.

This problem will get worse if the sandbox around the gaming/user run utilties is weak or unsecure.

It is also something that because devices are already out there would be difficult to prevent or fix. Perhaps requiring the Service provider automatically screening ALL txt messages with known exploits (This is also something the PC ISP's as a whole should do anyway, but thats a different subject).

More gadgets = more complication

[NineNine]

This is inevitable. As people buy more and more stupid gadgets, their lives become geometrically more complicated. Personally, I have a cell phone and I use it for... making telephone calls! No stupid wireless web, messaging, taking pictures, or whatever in the hell people are doing with phones these days. You want the stupid gadgets? You're going to pay for it up front in cash, you're going to pay in time to figure everything out, and you're going to pay in headaches. Rarely are new technologies worth the trouble. A computer is good in it's most basic uses, and a phone is good. All of those stupid ipods/pdas/superphones/etc aren't worth it.

Re:More gadgets = more complication

[bloodrose]

You know, I really disagree with that blanket assessment. Technology isn?t necessarily a complication to life. Depends on the lifestyle and the technology as to whether it is worth it or not. In alot of cases the trouble that comes along with technology is the need for maintenance... etc., which in and of itself can be annoying, but again that is a lifestyle choice, to have an iPod or something doesn't necessarily complicate someone?s life by having it, and sometimes having it may become simpler. For exampl

Re:More gadgets = more complication

[whiteranger99x]

Personally, I have a cell phone and I use it for... making telephone calls! No stupid wireless web, messaging, taking pictures, or whatever in the hell people are doing with phones these days.

I agree, I dont need a fucking phone that has everything, including the kitchen sink (although games are a plus :) I'm hesitant to upgrade my phone for that very reason, granted I'm not all that attached to my current phone and provider. I never could father how one could use a typical cell phone for instant messagi

Re:More gadgets = more complication

[Anonymous Coward]

As people buy more and more stupid software, their lives become geometrically more complicated. Personally, I have a computer and I use it for...computing! No stupid web, messaging, taking pictures or whatever the hell people are doing with computers these days. Etc..

You're just scared of technology you're not used to. Get over it.

today's dilbert addresses this issue

[civilengineer]

Antivirus software makers did this [dilbert.com]

spam / calls / address book

[Dreadlord]

After thinking for a while I guess that phone viruses can be as dangerous as computer viruses, imagine a virus that sends itself to every phone in the address book, calls expensive/international numbers, spams a number till it can't be used any more...
And I think phone viruses are becoming more and more possible through out the advances in phone technology.

Re:spam / calls / address book

[Detritus]

Better yet, a virus that overwrites the flash memory with random garbage and turns the phone into an expensive paperweight.

Bound to happen

[maharito]

As cell phones became more powerful (and more like PDA's and computers) this was bound to happen. Unfortunately, with the adoption of GSM in the United States, that means the virus in question can be spread to US phones with the same vulnerability, as 911 is equivalent to 110 and 08 on most GSM carriers.

This is also a small part of the reason that the push was made for Java enabled phones, as there is less of a security risk (albeit still a small one) in running Java apps due to the construction of the language.

There is a somewhat heartening end to this story though. Sprint and other wireless carriers provision signed updates to phone firmware all the time over the air. Most times these updates include communications updates for new versions of software running in the MTSO or in the towers, but this sets a welcome precedent: Security updates can be pushed out to all phones of a particular model when they are first released. This way, a carrier will have no customers lingering months or years behind on updates (a la Windows XP and Windows Update) because the customers do not have to have the presence of mind to update manually, nor do they get to pick and choose what updates they want and what updates they don't.

Re:Bound to happen

[Animats]

Security updates can be pushed out to all phones

And how secure is that backdoor?

Re:Bound to happen

[RzUpAnmsCwrds]

If the phone only accepts updates signed with the manufacturer's private key, and if that private key is kept private, then it is very secure.

My phone (Danger Hiptop) can recieve automatic over-the-air updates (it has already recieved two), but it is still secure as it only accepts signed code.

Re:Bound to happen

[sl0ppy]

My phone (Danger Hiptop) can recieve automatic over-the-air updates (it has already recieved two), but it is still secure as it only accepts signed code.

and the Microsoft XBox only accepts signed executables as well. too bad that some application saved-game code allowed full bypass of this.

the point is, even with DRM, there are going to be holes that can be exploited, whether it accepts only signed code or not.

Re:Bound to happen

[RzUpAnmsCwrds]

This isn't DRM. This is a system that only accepts signed code. Of course there can be holes in the signed code, but that's why the software update mechanism exists - so you can patch them.

How long before they start calling premium-rate?

[eet23]

If a virus can make a phone dial the emergency services, it can presumably also make the phone call the premium-rate phone number the virus writer set up in a foreign country. This could get nasty.

Re:How long before they start calling premium-rate

[whiteranger99x]

Absolutely. It's not a matter of if they can do it, but when they will do it.

Hell, people have had their dial-up sessions hijacked because they were fooled into clicking something that disconnects them from their ISP and redials to an offshore number silently.

Re:How long before they start calling premium-rate

[rock_climbing_guy]

This has already been done. I saw a computer get infected with a virus that did exactly that. It made calls to a computer in Vanitua, I believe.

Re:How long before they start calling premium-rate

[DaneelGiskard]

Dialers [google.at] are already a big problem for conventional computers (in Germany for example). Users connecting through any sort of dial up connection get infected and the computer secretly dials a premium number. Once the phone bills arrives the user is in for a big surprise.

Monocultures

[heironymouscoward]

Modern IT works like a natural system.

As soon as there is a host that can be infected, in quantities of relative interest, viruses will evolve that can parasite it.

Mobile phones are safe only so long as they are too stupid to act as carries for self-reproducing code.

A good reason IMHO to spurn "smart" phones.

Re:Monocultures

[iggymanz]

I read a very simplified, dumbed-down explanation of how digital cellular telephony works, and even that was quite complicated - there's no such thing as a "dumb" digital cellphone, they have to have quite a bit of computing power to make them go (more than NASA used to get to moon).

Re:Monocultures

[heironymouscoward]

This is true, but the intelligence is kept almost entirely segregated. The SIM card is not accessible except via a restricted interface; the user interface is not programmable except by eprom; the network cannot be accessed by any user-loadable code.

Yes, a 2G mobile phone (especially GSMs) is very sophisticated, but it is not programmable in the way needed to propagate a virus. With a GSM, for instance, the worst you can do is send malformed SMS messages that smash the eprom. You cannot take control, in

Re:Monocultures

[iggymanz]

I wonder how segregated things really are - I received a notice from my carrier to dial a number and perform certain keystrokes to "upgrade" my phone.......and it's a very basic Motorola phone. Couldn't something naughty be done this way?

Re:Monocultures

[heironymouscoward]

When it comes to 2G networks, the answer is "very segregated", mainly because the networks themselves are incredibly insecure and allowing open access to the SIM card and communications channels would mean lots of "phreaking". The GSM networks (I don't know about cell networks in the US) are mainly operated on trust.

71% of e-mails sent to cell phones is spam

[killbill!]

DoCoMo blocks about 55 percent of the one billion text messages that reach its servers each day because of suspicious return addresses or attachments. Another 26 percent of those messages are blocked by DoCoMo users who have programmed their handsets to turn back unwanted mail or spam.

Looks like the state of the cell phone is getting close to the dire state of the net in Japan.
And the 3G revolution is now coming our way.

Be afraid. Be very afraid. Especially those with a pay-for-incoming-SMS/e-mails (or pay-for-received-data) scheme.

Re:71% of e-mails sent to cell phones is spam

[pvt_medic]

yes but watch how quickly if spam starts to spreading to cell phones their will be a quick outcry of people on this. It is illegal for telemarketers to call cell phones so sending unsolicited text messages in theory would fall under the same guidelines.

Re:71% of e-mails sent to cell phones is spam

[killbill!]

nggh make that 81% /cry

However we might have to really start worrying about this if a standardization of cell phones similar to the standardization of desktop computers happens.
As long as the standards remain different, cell phones aren't likely to be as affected as computers.

Why on earth would you pay for incoming calls?

[Moderation abuser]

After all, it's the other person who wants to talk to you...

Viruses?

[Malc]

Shouldn't that be viri or virii, or something like that?

Re:Viruses?

[SlashdotLemming]

Shouldn't that be viri or virii, or something like that?

No [reference.com]

The article is in English, not Latin ;)

Re:Viruses?

[Malc]

Oh dear. Sense of humour failure. But thank you for setting me straight ;)

I guess you missed the story from the other day with "virii" in the title... it turned in to a big silly discussion about the word and not the story. I guess the person who moderated me redundant missed it too. Or just saw my humour for the pathetic-ness it is (which should fit in fine here on /.)!

Re:Viruses?

[SlashdotLemming]

I guess you missed the story from the other day with "virii" in the title

Yeah, sorry, I did miss it.

But this is /., how can you reasonably expect someone to express an opinion based on more than half the story, or even a moderator to have knowledge of past articles? ;)

Re:Viruses?

[Malc]

That's the enigma of /.!!! Why do you think we get so many duplicate stories, and so many people commenting on it when it happens? Heh: you can't please all of the people all of the time.

Re:Viruses?

[Wardish]

*chuckle* Since this is a rapidly evolving area of the language it's likely that there are multiple right answers with some depending on the audience.

The function of language is however to allow communication so if you understood what it meant then that function was successfully achieved.

Welcome to reality.

Now, correct me if I'm wrong but...

[Anonymous Coward]

if I buy a cell phone then shouldn't it be just that? A cell phone..?

The 3G phones are pretty much going to become the Windows of the cell phone world - Everyone is going to want one because it's pretty and does lots of things... but at a price.

How did they get this virus?

[ifwm]

What kind of signs should we be looking for, like when you tell someone not to open .exe's. I wouldn't even know where to begin. Also, isn't all of the traffic on cell phones documented? Shouldn't the companies be able to find the culprit fairly easily?

Good news for Hollywood

[Anonymous Coward]

Well, on the bright side, this may be just the shot in the arm Hollywood needs for its horror movies. Now instead of saying "drat, the batteries are dead" when the screenwriters need to get rid of the cell phone for dramatic purposes, they can instead say "drat, my cell phone has a virus!"

Great, Goatse on my cell phone?

[Anonymous Coward]

I can just see the next slashdot.org article now:

Security flaw with MMS discovered - hackers can send you images anonymously and crash your phone!

My phone's gonna crash and the last thing that's going to happen is that I'm going to be Goatse'ed?!

Just Great!

[Herkum01]

Now we will get virus's that will imitate commercials and everywhere you go there will cell phones saying, "Can you hear me now?" Of course the consumer will not have the know-how to remove a virus and their cell phone is to useful to drop in the trash can.

This also brings up...


"Can you hear me now? GOOD! *CLICK*

All I want...

[Anonymous Coward]

...is a phone to make calls!

WTF does this have to do with a virus problem?

Oh, I know it. That lame ass crap I never used on my stupid phone... like games and worse crap they build into phones these days... are the reason.

Maybe if there wouldn't be the *STUPID* need for a fucking OPERATING SYSTEM that can play games and CRAP in your phone you wouldn't have problems with viruses?

As long asd we like to bloat simple things with shit, such stuff keeps happen!

Re:All I want...

[Wardish]

he hehe.

On the one hand I'm so tempted to agree. Simplicity is a wonderful dream.

But we forget that what is simple for you isn't for me and for a third is downright annoying.

For instance:
You want a phone that just makes calls. Your in luck, those are available.
I have a phone/pda combination. It has many many features I don't need or want. However it does keep good track of my schedule and remind me when I need to do things, meetings, calls, appointments, medication. For all practical purposes th

Re:All I want...

[jquirke]

*sighs*

Get out of the US and go visit Japan, UK, Australia, etc and get a clue. Why was this modded Insightful anyway?

Obviously people want phones like this. The manufacturers are not telling people what they want - they are responding to what people want. In general, people are quite open to new technology. You just have to accept the fact the USA is the minority in the world mobile market and always has been, always will be.

Even the oldest of GSM phones have fairly complex multitasking operating system

Never got one

[finelinebob]

Cell phone viruses? Text-message spam? Never seen on- ... hold on, my phone just beeped ... looks like I've got 53 new text messages...

No, make that 67....

Bluetooth phones

[Anonymous Coward]

We actually some research at my university with bluetooth devices. It seems that if you send a bluetooth enabled cell phone a packet of data that it does not recognize (picture, text file, anything), it will crash the phone and force a hard reboot. We stumbled onto this while doing security tests on the actual bluetooth signal using a test kit.

Re:Bluetooth phones

[TwistedGreen]

Now that's quality software. o_0

This was predicted several years ago

[Moderation abuser]

I used to work for one of the manufacturers, they knew several years ago that the same problems which affect PCs would eventually make their way down to the phones they produce as they added features and ended up with general purpose operating systems on the phones. The problem is that fixing phones is far more difficult than a PC.

It looks like they've decided it'll be cheaper not to bother making them secure. Now, if there was a case for secure computing anywhere, it'd be phones.

This is a larger threat than it might first appear

[Raindance]

If we take a look at DDOS attacks, we see that any computer or network connected to insecure hosts can be made a target of a massive DDOS; they don't have to be vulnerable to any exploit to be hit.

Fast forward to cell phones and viruses; if an infectious DDOS sleeper trojan that targets cell phones appears, *Anything* which interoperates with the cell phone network can be hit. The article mentions 911 / 110 numbers, but it could be other cell phones, landlines, even sattelites.

I'd hate to see a directed,

In the Future...

[hao2lian]

What's next? A firewall for cell phones?

Text messages? They're not the problem...

[Von Helmet]

The article isn't very clear about what is actually behind this problem. Over in the UK we've had text messaging (SMS, whatever you want to call it) for as long as I can remember - I was actually shocked to hear that most American mobile phone companies didn't use it. Anyway...

Point is, I don't think text messages are really the problem here. I've never heard of anything like this happening in text messages. A text message is a text message - a bunch of text. The cleverest thing I've ever seen done with text is being able to send messages that appear in flashing text, and even that only works on Nokia handsets. The only other remotely clever thing you can do with text messages is ASCII art, and we all know how clever that is.

I can imagine it being more of a problem when you get on to the idea of sending more sophisticated stuff, like video or more complex data. Hence I'm not surprised this has already been happening in Japan, as they are miles ahead of everyone on the mobile phone front.

The way I figure it, is there should be no means for a message to do anything remotely clever to your phone. In the same way that a properly set up mail client won't execute any old attachment, but merely present it to the user, a phone should present data or messages and have some means to keep them away from more sensitive parts of the phones software.

The way I see it, mobile phones have got too complicated for their own good. If you want a phone to make calls (remember the days when that was what a phone did?), then buy a phone. If you want to pick up your e-mail, send files to people, or surf the web, buy a PDA for pity's sake. At least the software for PDAs (Windows CE and it's more recent brethren) has been written with a decent knowledge of OS security in mind.

I knew it!

[KC7GR]

Now why am I not surprised this happened?

[rant]

When you take a device that was originally designed to perform ONE function -- in this context, to be a good portable communications tool -- and you start loading it up with all kinds of useless bloat that is completely UNRELATED to being a communications tool, this is exactly the kind of crap you're going to run into.

Contrary to popular belief, not everyone thinks highly of downloadable ring tones, color screens, web access, gaming capability, or text messaging. I know, because I'm one of them. I would be perfectly happy with a simple, rugged, and RELIABLE mobile phone that was exactly that: A mobile phone, perhaps with the voice-activated calling feature, a good-sized speed dial directory, and the ability to snap into a fixed-mount handsfree cradle in the car.

The last thing I need is a ton of "features" that I don't want, don't need, and DON'T want to have to pay extra for just because they're present. Don't even get me started on the insane "Smaller is Better!" craze. It has served only to give us keypads that are so small that Tinkerbell would have problems with them.

[/rant]

Re:I knew it!

[Feztaa]

Hmmm, ok.

Well, I mostly agree with you, but I'm not as extreme in my beliefs.

I want my cell phone to make calls. Anything more is fluff...

On the other hand, having a unique ringtone makes it easier to tell who's phone is ringing (imagine being in a room full of people who own cellphones with the same ringtone, one person's phone rings, everybody has to check if it's their phone that's ringing).

I also like having games on my cell phone, because sometimes you're just stuck somewhere waiting for something

Spam Farmers

[Doc Ruby]

AT&T is launching its mMode service [attwireless.com], turning mobile phones into a sophisticated wireless services platform. Their pitch to developers [attwireless.com] is "XHTML as the mark-up language of choice, more viral marketing tools and better public exposure." (free registration/questionnaire required). Geeks can debate the supremacy of XHTML, and only a prude is against better public exposure. But which marketdroid is pushing "viral marketing" from the technology source to the users? Which developer will publish the innoculatio

Just one thing

[i0wnzj005uck4]

In Japan, it's not 110 for emergencies -- it's 119. Since I'm living in Tokyo right now (actually Saitama, but most people don't know where that is), and I have a page on my wall with a picture of people calling for a fire or a medical emergency, I think I can be trusted.

Or not. My mainboard doesn't have a DRM chip...

Re:Just one thing

[MidnightBrewer]

I second that. Seems that Wired got their own wires crossed.

Just remember, in the Far East, *everything* is opposite, even if the reason seems to be "just because we can."

Re:...AV conspiracy

[Anonymous Coward]

Reminds me of today's Dilbert:
http://www.dilbert.com/comics/dilbert/archive/imag es/dilbert2003111108929.gif [dilbert.com]