Oh, now isn't that just *special*...
Aug. 10th, 2004 05:02 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jducoeurAccording to reports from our company's security officer (SKA TS Michael of York), the first true security exploits are starting to hit cellphones. Great.
The first one is a classic for-profit Trojan. Someone has hacked a popular cellphone game (Mosquito); the cracked version has an autodialer built into it, which secretly dials a 1-900 for-pay number. This is really a rather nice scam -- done properly, someone could make a lot of money, all the while protesting his innocence.
The second is a proper virus. It's just a proof-of-concept, but the leap from that to a working virus isn't huge. It affects Symbian phones running Bluetooth, and fortunately requires the victims to actively accept the payload, so it isn't completely automatic. Still, the history of the Internet suggests that it won't be long before someone creates a genuinely malicious mutant strain of this virus, and there has never been a shortage of people dumb enough to open attachments from unknown senders.
*Sigh*. I wish I could even be surprised by this, but I'm not at all. Everyone thinks their own product isn't going to be a malware vector, until the virii start to fly. (This is one of those moments when I really am glad to be working where I am -- all of our lead developers are both creative and paranoid about security. That doesn't make us immune to hacks, but we aren't going to make it easy...)
The first one is a classic for-profit Trojan. Someone has hacked a popular cellphone game (Mosquito); the cracked version has an autodialer built into it, which secretly dials a 1-900 for-pay number. This is really a rather nice scam -- done properly, someone could make a lot of money, all the while protesting his innocence.
The second is a proper virus. It's just a proof-of-concept, but the leap from that to a working virus isn't huge. It affects Symbian phones running Bluetooth, and fortunately requires the victims to actively accept the payload, so it isn't completely automatic. Still, the history of the Internet suggests that it won't be long before someone creates a genuinely malicious mutant strain of this virus, and there has never been a shortage of people dumb enough to open attachments from unknown senders.
*Sigh*. I wish I could even be surprised by this, but I'm not at all. Everyone thinks their own product isn't going to be a malware vector, until the virii start to fly. (This is one of those moments when I really am glad to be working where I am -- all of our lead developers are both creative and paranoid about security. That doesn't make us immune to hacks, but we aren't going to make it easy...)
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2004-08-10 05:09 pm (UTC)Another reason I don't like "promiscuous" technology that I can't see the source of. Ah, well.
(no subject)
Date: 2004-08-10 05:59 pm (UTC)(no subject)
Date: 2004-08-10 06:04 pm (UTC)Really? That *is* interesting. If that goes anywhere, I'm sure I'll be embroiled in the middle of it fairly quickly...
(no subject)
Date: 2004-08-11 01:22 pm (UTC)The Symbian one is more realistic - again, it is a proof of concept done by researchers, also requires active approval before installing.
Things aren't as bad as the first reports made them appear.