Mobile & Wireless - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Mobile & Wireless


Latest Skulls Trojan Foretells Risky Smart-Phone Future



 By: Wayne Rash
2004-12-22
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Mobile & Wireless story.


Rate This Article:
Poor Best
The newly discovered MetalGear.A Trojan should be considered a "proof of concept" for what will eventually bring a series of attacks that could seriously damage smart phones.

A new Trojan horse disguised as a video game that appeared this week is unlikely to spread or to cause much damage, but thats not its real threat. Instead, the MetalGear.A Trojan should be considered a "proof of concept" for what will eventually bring a series of attacks that could cause serious damage to smart phones.

This weeks attack, like other recent attacks against smart phones, was aimed at devices using the Symbian operating system. The Trojan is designed to disable some forms of anti-virus protection, and to install a virus that spreads using Bluetooth. Similar attacks earlier this year were unsuccessful.

"The threat of a Bluetooth-based attack is orders of magnitudes lower than a PC-based attack," said Charles Golvin, principal analyst at Forrester Research. "Its proximity-based."

He said this means that an infected phone needs to be within a few feet from its target before it could infect another phone, and even then, the phones user would need to have Bluetooth turned on and would have to agree to install the software.

Resource Library:
"Were certainly investigating this with Nokia and our anti-virus providers," said Jerry Panagrossi, vice president of U.S. operations at Symbian. Panagrossi said the new attack is a variation of the Skulls Trojan, and that he doesnt expect it to have much impact.

One reason he thinks the spread will be limited is because Symbian has adopted a program of application signing for commercial software. He said that before the MetalGear Trojan is installed, the user must approve the installation, then approve it again after being told that its not a signed application.

He said smart phone operating systems will require that all applications be signed before installation in the very near future, which also would tend to limit the spread of viruses.

While the Trojan attacks try to disable SimWorks anti-virus, phones using competitor F-Secure are unaffected. F-Secures Travis Witteveen said that while this weeks threat means little to the user community, its still serious. "This is becoming a major issue," he said, adding that its a "warning to industry that its happening already."

If companies are proactive now, Witteveen said, they can avoid the virus battles that affected the PC industry. He noted that Nokia is the first manufacturer to include anti-virus capabilities in its phones, and that Vodafone is the first wireless carrier, but he added that a number of other companies will be adopting anti-virus techniques in the near future.

"The scary part is the proof of concept," Witteveen said. "All of a sudden, youll have copycats by the thousand."

Trend Micro offers virus scanning for smart phones. Click here to read more.

Golvin, meanwhile, noted that attacks on Symbian-based smart phones are just the beginning. "Its not just Symbian," Golvin said. "The same thing is true for Palm-based phones or Windows-based phones. The fact that you have an open operating system that can accept new software means that you have this risk."

Unfortunately, Golvin said he doesnt think the situation is due to improve. "I expect it to get worse," he said. "With all of these mobile phones out there with richer operating environments, the number of targets is increasing, which means more interest on the part of the attacker."

He also said he thinks that at least initially, some efforts by wireless companies to solve the problem will be short-lived. "Its an arms race. The attacks exploit weaknesses, the weaknesses get patched, and away we go," Golvin said.

Both Golvin and Witteveen said they think the solution lies with both the phone manufacturers and with wireless carriers. Golvin said he thinks the most successful approaches will be through the mobile phone operators, which he says have an obligation to provide a secure network.

Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.



  Reader Comments: Latest Skulls Trojan Foretells Risky Smart-Phone Future
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Mobile & Wireless Articles          >>> More By Wayne Rash
 


x}ks8q8cYۑdK-ēԭҡHH"$eG3wro7%?8["h4Iȹ3&9)ٝ O,zIjÛPBezAUM JԶO7RM3ة /47vGlJ~x#AT{j xL5uƚI]ٚc7h2)Xm$(krZC'AjZw$6(GJ|$ZB;$?+B43 \2HTߦuB){Te膡;? C+X^DP~FDM:ǎ-4~qwF?<3τPcw Ҵdh-vu=yͨ*{ /B1r!f-{4Tݱ[ L=iLVC;%0ýtf?Dk> NRY ZSˆ辥{$)5< \g4QL1H6}~8IZ QE%$7 .mq_-0/<mCɤ:ZdQ}9e, f4öۢCCٰo4\>jrTW#W}rL>-g©;֨o}+Uw9*C[wn5-uP\tNi\v? 9NHw&LT-jR*ML@aBjLx:~Xs|\㍒~wnF`)ڑVR]jGF[V@a`%pfQU>'sK߾ڤ>9;O}3fPUM~ 3he+2hZuܜn9n:MvIs!+|tg>!5M0\̱¬:֪o~9c߮CSQ?&:aZ+jI-S{x&޺z|9!IoJ'ogs`HםBm۲ܾ,BZKEk3ReQ So,nHˤd8&r* ߰n^S@7'zppf-Mn #dLi|]Yw p3Z&T23}MH5ņ])!exJSiK _^HB--\D7h+Ԝﲢٛ"O;zL^"ʥcp 3d{.ӰirqZoV͉*]X]uUjZlE?t_wθqn_[wսuEkmǫ$шf",$긦U++e_;ڇU9=zQnʼnl :2X jXR7HaQϿ utSO#|>5և㤞F!|Бdmxq=Z.3+ԍEXn`Nt&h Qx٭lE%_¤< ) zA;=H:}mP`~5$ǎ@ Ls'08 ɝ5E0ݻCi`y1&=զA{ Tgg ,zC lmNl}h`1 >5g%G@i0xz[ dSJJds 4.gH)AH =[h ]99 ŊI~ݑvZO[2'9\t{B#\\G;7 {TKh!+K@fsfd(4{~6 cbB|#'fXr`Y \d+|h)lb ը6؛ʑTj鈦 2,XCtH{!4ӇiЈ4XĽǦ笳5SN`cܒn̜07ÚL ~D'詅m>`T4fs)wdmrn)s77UBsNHB/W2 \_&VAB5 6d:ɤPl';oWf\![_!y瀡rf>G) z7HhТ0T]2akRhjMMaf(0q |0b=9ߟ{8[=z,.K i{y]ؕ.R\dFd>n 'L[QHz{=cTfha8lX|7:HycI_)+%UMH?O~1:2.eX \kOa3IQ7Ϗ9(gd%d)GHZ+jՄ*Zj7;z&͂)V3G qF'|}>M_oũ1ztQ9Joom^J39X>>y: '012& z@j9ajv6<~0(rE=4!݅rI6San0-ѽUT&KV{=ibGHoe,]r@ XQ`0p4J 922f`KPs h_7`wk*Q :@{!G:0[,(Y)Yhp^u/eۏSOkX@Aܚ:z,,HT0N=1Ȩk 05-tq]Uʾ_ٳN+^> (&Lt0Ȑ%=WlTj1՞l$R*C01^*== 7S_)-ʖ~gɲ׆'QyϤ͋h|5 |b3HNqGL+ s0RSIl x@̬} w6N1L Ma}^D ϣ1W5 d,fqN'0cp&vN{֡,)3?tTkkt?x{Wz&[wuvɭ,WE8&ORB7PUL xg4sDcC6VNMvpTm"z'"#N)x~ZsaS)+J LH+' 3FYˡYF 3_5^y" ς24A̘5% =EЋvcSLJ.]ITY) jq g@Vf2UݯT+EzXz,)5rd&RrME7uȋ­7P'#I(U?}Pud*WKUyUrm4rOk,ش,6"h -z[ ezrP-,sK"hJgԋ_r[rn)ty4ņ5ѣ(4CFyp0 +o3{Kql'OK{&@u?3RlʪV;P%봚j%I=NM=1h+QcKBuṚ{{kC4÷,;L)q39Ȕ:)xT״}m\~ܑJ\X 8ZJZ#OY\' *Z:]q.g$ ,$e,zǃx]!6ps^ar0qq8(-E<91=qhZavOT+*_3 cSWWwvן(5@E1vk_% ?S-l8-F:w~ݕDwɟ;?tZCR>i/6/: ?Nٿ:N00vY?0.5.e!)X{{}ْ:ͷm~61zˁNIM$(Xq_,I!s^>ju.Jm}ڏ"8-odF4zw/ΥI{͏e[J:^9"!5;o/YF^99o7M1k0fhRbQ1fF<$FD/!B2.V3 N/Ns>\zB_kj,8Eψa6Z4kΊG( V`!O1t|PZ# (ʑ=`=`VVwu .f_d@Anp+z!NU HE*e4ДKe=:)K H-@N zP _>Fq>p]9Qz AC~g}\0n;z{w_7bOf0W)l8niamǡ8 0Nt,4P$EUՊZr,WU $]dNFftZt@2&n_%3ٌ<ki^d̠t4s !.`0^.EdOc@/mvx1_t` AAXŀ0!V lϸG s8<OFeuw#S''Sc3HF#xgyS/6-lF@|Pg;a *|b1 \<e) W_L7⎍zkQ(|SqzH7V_N7\PGXg_/tc@Ifc`TQ#Kvx"%3u ?6% m_SLZI~3cpwrɅ5o4DrMt67ǼJEOq0ecy#dsiQva s=Q@txNh_<4qY:4HECu(7|M/T52 *o+vw T8SM%~y#1v}ah'`ɖY/,81q]+~7iޓ/s + }_R %,>]&NfS4'7A/i!렳*@A3H}w kB{ Lp@%-rƻ$6|p,uYDd>N%?ۊs=->Nbðb .^;> jӸ_i=S%Wޮ86RWڪR'60_hՊvj 97.g]BA 3꧷xy:7IIINfF T,aF&GO 3B1 dݦ~8猓d lƽlS|rKNybndEJ,K({gjf)'b 8B/+%ERTV%^sclit^qQ m"^ϊKsb#r0L_^ci9.兤ir" e"Dlv8XoU%` ZD/)5 j,_ʰ*Xz C$U郁9=]؂ >&H RNtzЂ'ܓSoK8,a0Xx]"pXنHQa{[_U$JٔJW2f $c1J#חu/rx+G8<aӵ,7Wt4Ǒd7Pc)?;ҍ; TF'm!9L'!s8'm!kmV6$EʦS~va&fzT~8KJgs/OMEET2mUIU$)T]#A/J{1 BxWj]n/~I-9*D"<t{}[J鑴Ȱ%oSֱK2sq"qqw?ww?w?w?7GVk0>O#'9wN?#Ddͬe 7%j?#'C*= AAӾdB,zo6½M yC{IN7No; 6xǎ&Hys*}CZ-P+tk YT6 I$iD HG&05nަ~EzNR|k<' {!YJz$W`c*5z"~Ig7Al1|~;S1e_C\oJk1~D:IaȨ>Qml\ua~mnM\ #7׉nfm.n:!±occjrR{NvLυIBt,FWkF Ҝ]QL]om7E9qoecz9;SVLe`wz&ONm[c K<ևUq+]Nac6ʎ}; 0m=>jgiCkMMMMM=ܦrUݦIW6٢8&>k+e1:Ѽ`l\oM\.Bd0!FؗsMqmlZKDŲ)`.K :B"ˉ;fx_&f;$Iދ.{]e8G>e߂PU,&6%.]'` WO]Uq(us<6EHEil~c/\s#o9UL\Oq Qv3MⷉxdMtMmlR9%PnO6tzvdQެ^SnB1hY 7@x"uO񥽤%Lpq UĕQבJdz90͂" " з3'=ib%)[=es(cd&\M) ᚏ`#x2e/3GX/l=`;v K+lxڋ_i9׬M \OrڷD%R| uʿ2ͻrO|k gNE)O0aӛ^ $wmYï^ٷ^k3&{A[os6௶aul:}/Փ}ȫhF̊>wt)RՎrgjp,_N˺ ؼz3= z!(f ƗY'uZIHgcS8g2h8eYXYAw GyR , A(%=D/].ޮb!>i`+|-^J/Ym/\}KRŃiȼ M^FړEYİO+yX ђ,#Ћk_A'-gլjgϡ?f:\Kx V8_YHݓ:b$:$sq@?E* nO`y’fStl f yNpwoc䭼cUd??܉o"?YSC ~܉ >I8O:ߧ'dQCx8n ] g{w{[$]$hvmЏ;"?(F]{F9-02n?\q? T:[\4#5|5XAÈ2aQ g*׶/q'0ЍoY#j\{jsZzbdFyAx!Fvُ;Kb+.6Q{$Ipj+jj5JA^bT1ckZzD,?t"RVЮ(> Bl?QX2!܏6K fZןQѨE3, YʸK15\R |r\.he,zUdI2&ϯ czRO&WUSj9 O=#T`|HU9 & 0Zp?b\i z8lX+U+sZԎE=4!#u_ZӔVW, r8]DU#9 m+K/}XpY$Xk:Vga`SξwAŏ&{{i/ ~HګkޱFK ?Μ iѩHۡ$Z[.gн<#hHY6W2 lO0Vٍ xfVؖUm}qV.R)q2ə莥eC];a8}G*_[G>#rUq{Vađ7xd'VOĈVRR>dD9mFA&W1hX1[LW<0Մ0t#gfٝ7gtڽz[!g>Jm~'dM-ãK|U:o|%w҅n,ӣMCh%717`(8NV|xU{V~Mb?{ru ̋X/LKt4*:>m;Aec*2zވ<pb X`RW7˽}D['ٍI+62 1jLlo-/uhߴsrپ靷u=<swB&#xwOuq[6YF^RAh0qԘ8@!'vq]Q sx>C"aK9.kD!̆\oX|J7O1>B$!ipQo߼)J z";9'pp\pr@KdM+2&Bs8A/׽nrnR-i`Ik„0'ld Dps<~"n#BLk43DDc^r {fĔy {9=۹bbWoH$P`+wdcqX$_@1NJB_$ZOζ]N*@`'*!Lz)%n67Xh_ǙfJÉ  :la`t.tO~?]_:YAV:pRt=:rtT*ʞ |{C` g sXDej@̐0د?<&).yci 8^yN4xPZi"oX62 =<RXX_1[U=LꚂOJBveX zTKwyfELTt)UH+^@0^3:%@0>6#&Dwn`9ͫ{M&ǽUӽ$ ¶V-J-uw[OWO;e8|10Kyl2/*f(H^6/NQʩ٦ΘksYx9%yw8^ Ȥou9]N'(S~ O͜.wsʑ[@V;O֗}Ns6oCgB㬳*4:r_'\C;9+4r?B<>v/ry9\"?/?/re2P! r)r˜̑K˜B9.n~+x*k{/>_?AoP!߇@M^9M@79_zyʛ9rּ…)rq/ 苼 Oy射<)?}VQ<_`kW9t _r̭LOn+]a芫-5nk Ǥjuv^_BKHe^ٛLCGP/<*Y}Mchto$.~EYII{2}tEOi>r𞫫i@Lwe<ߔ[nNJ>S\ȜHWɴV< >}3D9|,y|8SNt 1 }^1 B8 vVt{zMtKn \ x. %> #r75irŭxg?9/ydֺWWVF+p'k͠6K֐gDҿN^*˃a-yyB`pbC3Z<0;c L.aꒆo=H&EFS +6Kg䃴3h^jIcYq1%e%93 3_wG"U?Id6ИYCvsOFdu#Oaq1<̡nl@PJmXvgf 1dp1d`6Nώ;]95 ~Wuu;В/gֻQ!l Oa"qz0u_W>[lOcr c'xMgS6z#Z>},.I5sEEבE,&J O_sJdB2,'KY}V(AtS& 3FX|o:u;WeԦu"vHϵg9UQG1 hΕQi&Gj :"QF{&A}F^܋ )4˧MϫH΢P]ylo()y+6*نx]*Hv]? V_$v{%B+*O 8>eHCgrT~{J}*P=fZPO:] v"0%Yz#{ioF}c_V`ńK8F1dZ?"&PɕX)Isŧ|om|@,[kl`INB`tp"sSqOe]XQYɶy S~h^(#oݒ6x}҄ ]@1SpY ѫv>cx 'L-65Tc*i|? Ge Lt8͡o0kn>7q$LsGizQڃ`+L>}v0u=ĦrR2OepwR K?93O699 3/&U@EqL'Hvxml<^:yl뎮E{cuݎüжJWt{]!Kb 1CbmR>ǔK ]'[٧3й?-R7/e[͌_X ( LwEN8u vAѪ v7"`a^o1n,$@Sr;=Vcm;pSz2 Qm`-নN \70(g|Ntu ۊ|Va=rkbCΜ6 *χŀ{ȾYf#9uVUtg)C2^#s!? x(,.cX-*?҂g' Q\F$/(y lcm5{~7uFP1,sLf7}OaN*)Asa#El [ApN7WmsS<"Y<.'7g)/|%h72b5g_yRȅ^`\YB+.9 7ҝX;EB(O}y9xC*꛺UNE'ώ7zO>!T!6{xvYpEI{şyueK*(Ksӽn Tv>Vju.ߦ+==;`ol3g~oU.x,j z' l5mEgl3W'~};o7 D^4†mJPU&s)c MW_\)MCS9U/k +q>lgLp -ϱ=RZ`'l/Z6v?Ht -