Comments on: Mikko Hypponen: Average Smartphone User or Black Swan?

By: angel

angel — Sat, 26 Aug 2006 20:54:13 +0000

Maybe it’s just that Bluetooth virii are big in Portugal – try going around shopping centers with ur bluetooth turned on and don’t tell me a BT virus doesn’t try to attack you. I quit having my BT turned on in public places because virii like Cabir just keep trying to spread and send messages to your phone.

So before you call someone a liar, do your research.

By: Heikki

Heikki — Thu, 10 Aug 2006 10:04:40 +0000

Friday one of my friends asked for help with his N70, and when I looked at it I noticed it had CommWarrior. He didn’t know how he got it. I think it’s quite understandable, because he isn’t used to computers and especially S60 computers.
That made me wonder how frequent these viruses are and I remembered this post. I changed my phones bt settings so everybody could see me and yesterday I got my first carib.sis on a train from Paris to Brussels. For me it was quite funny, but I can imagine how someone else would have installed it.
S60 devices are sold as normal phones and users doen’t understand that they can do something farmful by answering yes instead of no, to a question they don’t fully understand. Most users don’t know they can install software on their phone, so those questions can look quite bizarre.

-Heikki

By: Erka

Erka — Mon, 07 Aug 2006 19:34:46 +0000

Pete, All,

I have no reason to suspect Mikko’s testimony. I personally haven’t received any bluetooth worms in my phone (as I have BT disabled most of the time). Instead, I have had the “pleasure” of cleaning other people’s mobile terminals after they have been hit by a worm in Helsinki, Finland. At least one of the cases involved BT, some were caught via MMS.

The pleasure-part had actually mostly to do with me getting a convenient excuse to pay a visit to F-Secure’s mobile virus lab to verify the infections..

CERT-FI also received reports of infections via BT during the world championship games in Helsinki last summer. Still, I suspect the heavy rain that plagued the games caused damage to more handsets than any malware could’ve at the time.

By: Giovanni Bajo

Giovanni Bajo — Sun, 06 Aug 2006 18:43:11 +0000

Hi, I’m in Italy and I have received mobile viruses on my mobile phone through bluetooth several times (I would say 4 distinct times, at least). It happened to a friend of mines too, once, in my presence.

What happens is that while you are in a busy place (a restaurant, or a shopping mall), you receive a message saying that an unknown user is trying to send you a file, whose name looks like random character (“kgrtfatsd.sis” or something). If you press “no” and holds for a while without moving around, you often receive another similar message within a couple of minutes. If you hit “yes”, the file is transferred, and then my Nokia phone asks for permission to execute it, at which point I always hit “no”.

I specifically remember that one of the times it happened to me I was in a restaurant, and I eventually had to turn off bluetooth in my mobile phone because it was getting annoyed pretty quick (my phone was being bombed with new virus messages, coming from the same device, every 2 minutes). In at least one occasion, I have tried to send a text message through bluetooth to the infected phone warning about the virus infection, but I did not receive any answer.

By: Lauri Ahonen

Lauri Ahonen — Sat, 05 Aug 2006 19:56:33 +0000

I just wanted to pop in to say that I’ve seen two mobile viruses so far – Both of them tried to infect me in pizzerias! So at least in Finland where smartphones are common and smartpeople are scarse the threat is real.

By: Rob

Rob — Sat, 05 Aug 2006 17:17:33 +0000

This discussion reinforces my view that the way to go with all embedded devices is a trusted,real-time embedded Linux system that is deny-by-default. They will just not be susceptible to worms and virii that way.

By: Salmi

Salmi — Fri, 04 Aug 2006 10:58:01 +0000

I have been hit couple of times by Commwarrior.B. First time was on the bus and it was impossible to know whether it came inside the the bus or from some car around. That happened in Helsinki, Finland.
Second time was in Island of Crete (Greece)in a hotel: bartender was sending Commwarrior.B around the bar. Guy had named his phone jorgos in greek letters so it was quit easy to find. Cleaning his phone wasn’t that easy (no cable, no computer, nothing) but I made it anyway. Last days of my vacation drinks were free in that bar
And yes, I use av for mobile phones.

By: Mark Johnson

Mark Johnson — Wed, 02 Aug 2006 20:12:38 +0000

Also be aware that these viruses spread through SMS as well so bluetooth is not the only channel for getting a mobile virus.

This isn’t hype. This is real. Better to address the issue in advance before it blows up and runs rampant.

By: Mark E.

Mark E. — Wed, 02 Aug 2006 18:48:29 +0000

sorry dont want to take it off topic but having your phone in your pocket and using a bluetooth headset protects you from bluetooth hacks as the phone will only accept one device being connected… and I havent found any deauthentication bugs yet …

By: Mark E.

Mark E. — Wed, 02 Aug 2006 18:42:28 +0000

ok Mark, got your point, indeed to implement such a solution might take some time, but again face reality. I read your post and did some quick research, check t-mobiles website, fsecure and symantec aswell as other vendors like trendmicro offer a solution for currently 6 out of 43 offered phones and by the way your mentioned blackberry is not even included. so this is like 14% of the currently available devices through their store. its only Symbian 6.1,7,8,9.1 and windows mobile devices. if I counted correctly fsecure supports like 50 devices out of how many available ones (remeber 6 of 43 at t-mobile)? For most bluetooth vulnerable devices based on symbian secured firmware does exist and nokia fixes that for 20eur or within warranty for free. this is less than any of the sulotions cost at start or even free. sure people might not do that, but when something happens dont you think they might? symbian doesnt allow installation of anything without acceptance of the user neither does windows mobile. and regarding your scenario of stopping mobile viruses what about proxy based solutions the devices are using NAT anyway what about VLAN technologies VLAN-to-proxy-internet_aaccept_any_in_out, VLAN-VLAN_deny. so you end up with bluetooth or wireless lan connections again which end up to a local firewall out_accept_any in_accept_any_if_allowed_or_established_or_related. emails scanned on the smtp servers. where is the threat? all this technology is nearly in place but not configured properly as always but if I dont get the point. neither I believe there is a need for it. and yes some operators do build images for the phones but havent you heard that most customers use some sort of service that will bring the original firmware to the phone or by it off the shelf so its the original software and not modified by any operator?

i cant believe so many believe the hype for me it is just another one saying “i have a dream” and now a business model