• HOME
• Writing
• About Mike
• Articles
• Photography
• Email Me

Ann Arbor Area Business Monthly
Small Business and the Internet

Cell Phone Viruses

November 2006

By Mike Gould

By now you've hopefully absorbed all the warnings and panic attacks regarding viruses on your computer. You've installed anti-virus software, updated it automatically, and installed all the latest patches, updates, spit, and baling wire that Microsoft has sent you to keep your Windows box un-hacked for the moment. Or you've said to heck with all the above and switched to Macintosh. Think you're safe now? Nope; now you have to start worrying about a new vector for digital disaster: your cell phone.

When Bad Things Converge
We are entering the era of convergence; all your appliances and doodads talk to each other and swap information back and forth (often behind your back, the sneaky bastards). Your smart phone downloads updated address lists from your computer, and shares them with your Palm thingie or other PDA (Personal Digital Annoyance). Or maybe your smart phone is your PDA, and also plays music, text messages, and downloaded episodes of Desperate Houseplants (this is the latest from Sesame Street - I'm not making this up).

And as we all know, once you start swapping data around, you open the door to whatever mal du jour is out there. Enter the dragons: Cabir, Commwarrior, RedBrowser, and other new-fangled viruses that attack smart phones.

The good news is that the current batch of viruses only attack one flavor of smart phones: those running the Symbian operating system. There is no one monopolistic maker of phone software, so virus makers have a variety of targets at which to aim. Contrast this to the computer world, where the Microsoft monoculture has made it easy for hackers to do their thing. The bad news is that Symbian runs about 70% of smart phones out there, including those made by Nokia, Samsung, Sony Ericsson and Motorola. But there are a few viruses infecting the other 30%: Microsoft's PocketPC, Palm's Treo or BlackBerry devices.

Most of the viruses have hit Europe and Southeast Asia, where Symbian predominates. But it is only a matter of time before things approach the fan here.

Dr. Evil is on Line 1
First of all, these evils only affect smart phones; those that can move data around and have Bluetooth capabilities, and can carry on a conversation without you (kidding). If you have a dopey old phone that just sits there, used only for sending and receiving phone calls, you are OK. But since do-all phones are what people are buying these days, danger is just a data dump away.

A phone virus acts the same way a Windows virus does; an unwanted executable file installs itself on your phone and spreads itself by sending it to other devices. Then it does Something Bad to you, such as locking up your phone or repeatedly sending expensive messages to Russia, which show up on your next phone bill.

Cabir.A was the first reported cell-phone virus, hitting in 2004. It didn't have a malicious payload, and seemed to be mostly a proof-of-concept. Here is how howstuffoworks.com describes Cabir:

"Cabir is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform. Cabir replicates over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and starts looking for new devices to infect over bluetooth. When Cabir worm finds another bluetooth device it will start sending infected SIS files to it, and lock to that phone so that it won't look other phones even when the target moves out of range. Please note that Cabir worm can reach only mobile phones that support bluetooth, and are in discoverable mode."

That's Three Ringy-Dingys of Doom
There are currently three ways to get a phone bug: Internet downloads via a computer, Bluetooth wireless connection, and Multimedia Messaging Service (MMS). The Internet connection is the one people are the most familiar with; you download a fun-sounding game from a website, upload it to your phone, and the funny business begins.

The MMS route is similar - someone sends you an instant message with an attached file. You open the file and the magic starts to happen. Expect to see a lot of kids with infected phones caused by unprotected text messaging.

Bluetooth and Nail
The Bluetooth route is the scariest of all: you can catch a virus just by walking down the street. If you leave your phone in Bluetooth-discoverable mode, you can pick something up just by being within range of an infected phone. This is sort of like getting a cold by being in the vicinity of someone sneezing. The upside is that you still have to give the phone permission to open the infected file, sometimes twice, much like current computer safeguards. But an insistent infection can lock up your phone until you say yes or move out of range of the infected device. Scary stuff.

Who Ya Gonna Call?
Now that I've terrified you all a bit, it's time to get tight and get protected. The usual suspects provide protective software: the same crew who protect your computer. Help is available from McAfee, Symantec, Trend Micro and F-Secure.

To keep yourself safe for the moment, do this:

Turn off Bluetooth discoverable mode - set your phone to "hidden" so an infected phone can't find and infect you. You can do this via some menu buried in the controls for your phone.

Never open a file on your phone unless you have verified who sent it and why. And even then be paranoid. It's also useful to check out some of the more common filenames for virus payloads; these are available at the sites below. If you get a file called caribe.sis, for instance, be afraid, be very afraid.

Install some security software on your phone.

For more information:
http://electronics.howstuffworks.com/cell-phone-virus1.htm
http://www.f-secure.com/weblog/archives/archive-052005.html#00000562

Vendors:
http://www.symantec.com/
http://www.mcafee.com/
http://www.trendmicro.com/
http://www.f-secure.com/

Mike Gould, is a part-time mouse wrangler for the U of M, runs the MondoDyne Web Works/Macintosh Consulting/Digital Photography mega-mall, is a member of Factotem.com, and welcomes comments addressed to mgould@mondodyne.com.