BBC News releases Smartphone Malware – deliberately

This seems like kind of a strange idea for an “experiment.” Does this mean that I could go out and rob a bank, and when the police caught me, I could tell them, “It’s OK … I’m just doing an experiment!”

No, the BBC isn’t trying to subsidise its coffers by branching out into cyber-crime. As an experiment the British public-service broadcaster wants to know just how secure smartphones really are.

The malware takes the form of a game that spies on the smartphone’s owner and was built using the standard software toolkits that are available to everyone. In a report on the experiment today, Experts says that this makes the malware much harder to spot.

There is evidence that criminals are now beginning to target smartphones with their complete lack of virus protection, in order to gain personal details that can be used for identity theft and other crimes.

Chris Wysopal, the co-founder and head of technology at security firm Veracode, who helped the BBC develop its malware, said that smartphones are not at the point PCs were at in 1999, at the birth of the popular internet.

“At that time malicious programs were a nuisance. A decade on and they are big business, he said, with gangs of criminals churning out malware that tries to steal saleable information.” He said. “Mobiles offered a potentially more tempting target to those criminals.”

Simeon Coney, of mobile security form Adaptive mobile said…

“In a mobile network the device is intrinsically linked to a payment plan, to a user’s credit,” he said. Nothing happens on a mobile network, no call is made or text is sent, without money changing hands. Criminals have tapped into that revenue stream by getting phone owners to dial or contact premium rate numbers. Now they are turning their attention to applications and the lucrative information they scoop up.”

The Java application from the BBC was put together in only a few weeks and gathered contacts, text messages and also gathered the phones’ location. IT then sent this information to a specially set-up email address.

The malware was only 250 lines of code, with the entire program only 1500 lines of code. The BBC say in their report that there can be benefits to the way some phone OS manufacturers vet programs. Apple vets every program for the iPhone and iPad and Blackberry maker RIM and Google can easily switch off malicious applications through use of a code-signing system. Microsoft’s Windows Phone 7 operating system will also see all programs vetted.

The last time the BBC conducted an experiment like this they took control of a botnet, but when the experiment was over left a message on the screens of the infected PCs worldwide and instructed the botnet to self-destruct.


© Mike Halsey for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , , , , ,

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures remote device management products for IT applications. WTI’s Serial Console Server products, Remote Reboot products, Switched PDU products and A/B Fallback products are engineered to allow you to securely manage and troubleshoot rack equipment in remote locations.

Tags: , ,

Comments are closed.