| Whitepaper warns of Windows Mobile malware |
Sep. 06, 2007
McAfee's Avert Labs has released a whitepaper discussing ways hackers might attack Windows Mobile-based smartphones. Author Zhu Cheng says there is no significant risk today, "but we're in the early stages of what is likely to become a longstanding trend," attributed partly to Microsoft's release of Windows CE kernel source.
Pointing out that carrying a smartphone is basically like having a computer in your pocket, Cheng claims Windows Mobile is vulnerable to attack. "Windows CE's open-source kernel policy allows virus writers to get a deep understanding of the operating system," he writes.
"Developing software under Windows Mobile and Win32 is very similar, so it's easy for authors of Win32 malware to transition to mobile malware," Cheng charges. As an example, he cites the possibility that hackers could turn a smartphone into a secret audio recorder: "Many recording APIs and codecs used by Windows can be applied to Windows Mobile, and serve as a reference for mobile malware authors."
Threats
The whitepaper says the greatest threats to mobile phones lie in these seven areas:- Text messages
- Contacts
- Video
- Phone transcriptions
- Call records
- Documentation
- Buffer overflows
With regard to text messaging, says Cheng, Avert Labs has observed examples of SMS phishing, where fake and potentially malicious messages are sent to everyone on a user's contact list. Viruses can also use text message APIs to charge cell phone fees through the SMS payment gateway, he writes.
"According to the Windows Mobile Software Development Kit, an application developer could write code using the sample code MapiRule and load it to implement text message blocking," Cheng charges. By modifying this framework for use as a DLL, it's claimed a hacker could launch a man-in-the-middle attack, intercepting, or responding to message.
With regard to contacts, Cheng says many users take advantage of Windows Mobile smartphones' contact backup tools, which typically use programming calls such as IPOutlook, ItemCollection, Ifolder, and Icontact from the Pocket Outlook Object Model APIs in the Windows Mobile SDK API. "Malware developers could easily use these calls to get and modify contact information and send the results to someone else," he says.
In the area of video, Cheng theorizes that "through Microsoft's APIs, mobile malware could take over the phone and use its camera to snap photos, though it would probably be difficult to get a good angle." However, he says, a virus could search for all JPG files already on a device through the file API, then send those files to a malicious third party.
Audio recordings also pose a threat, Cheng writes. Though limited storage space means malware cannot record indefinitely, it could send audio recordings to a hacker via email or via the Multimedia Message Service (MMS). Malware could use SMS to turn this function on and off, he claims.
Call records are not particularly valuable, but malware can be used to steal documents, once again using the file API function, Cheng warns. "Files with the extensions *.doc, *.xls, and *.pdf are likely to become popular targets for mobile malware thieves," he says.
Finally, "buffer overflows also plague mobile devices," Cheng writes. "Way back at Xcon 2005, we saw a presentation on hacking Windows CE 4. The talk included shell code development advice as well as sample code."
Remedies
In his whitepaper, Cheng suggests some remedies for both users and software developers. For users, he unsurprisingly recommends anti-virus and anti-malware tools, but also says users should follow "safe browsing practices," and only install programs that have digital signatures from reputable manufacturers.
Users should also be careful with their phone's wireless functionality, disabling WiFi and Bluetooth when they are outdoors, Cheng says. Also, "if you find your phone is auto-connected to GPRS (General Packet Radio Service), then your mobile might be infected with a virus that is sending your data to other parties."
To protect valuable data, users should back it up regularly, Cheng says. Asserting that "smartphones and PDAs are simply not very secure," he says confidential files or photos should be stored on removable disks.
For programmers, Cheng suggests using Visual Studio .NET 2005, which adds a security_cookie function to prevent buffer overflows. This strengthens a program's security, but he urges programmers to still check the length of the character string that transmits to the buffer, making sure it will not cause an overflow.
"The profit motive is driving malware writers in increasing numbers to create mobile viruses," Cheng charges. "The bottom line is that the danger is not going away."
To download a copy of this thought-provoking whitepaper, "Mobile Malware: Threats and Prevention," in PDF format, go here.
To download a Microsoft-written article on Windows 5.0 application security -- recommended by Cheng -- go here.
Related stories:
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed