Information Security News mailing list archives
Wireless Phone Hack Attack?
From: William Knowles <wk () C4I ORG>
Date: Thu, 31 Aug 2000 18:44:20 -0500
http://www.wired.com/news/business/0,1367,38557,00.html by Elisa Batista 1:45 p.m. Aug. 31, 2000 PDT During a routine software check, a Norwegian company recently discovered what might be the first hacker attack on mobile phones and other personal digital assistants. Norway-based WAP service developer Web2WAP was testing its software on Nokia phones with the short messaging service (SMS) when it realized that suspicious code was being sent to the phones and causing them "to freeze." The keypad on a phone that receives this code - which is delivered through email -- won't work for about 30 to 60 seconds, unless the user immediately replaces the phone's batteries. Web2WAP said the problem has only been found on SMS-enabled phones from Nokia, but they declined to comment further. Nokia and security experts aren't ruling out the possibility of a bug or software glitch is causing the phones to freeze. But they are trying to confirm if the SMS code was maliciously created. "It is already evident, based on (Web2WAP) publicly made claims, that this is not a WAP virus," said Nokia spokeswoman Cherie Gary. "The incident that has been described is typically a temporary 'freeze' in the execution of the phone software, caused by a tampered-with smart message sent to the phone with a deliberate intention to cause the freeze. This can be done, for example, by sending many consecutive smart messages with non-standard content to the phone." Neither Nokia (NOK), which learned about the incident through the Norwegian press, or Web2WAP, will say what the code is, but Web security experts see this as the first step for hackers in disrupting wireless devices. "There's concern among our clients that this is part of a larger trend - the first step for an increasingly growing number of Trojan (horses) and viruses and attacks targeted to wireless phones and Palms, that before were not considered at risk for these types of problems," said Ben Venzke, director of intelligence production for cyber security information provider iDefense. Venzke and Nokia's Gary say no hacker has been able to unleash a successful virus on mobile phones. But many hackers probably prefer attacking the more ubiquitous desktop computers. "What's the point in creating a virus when only four people have phones?" Venzke said. But the growing number of wireless phones is making them more attractive. "Suddenly there's a real target." Dan Takata, a virus specialist for security company F-Secure, agrees. "This is the beginning of a whole new era, now that we're moving more from the wired to wireless," he said. "Right now (these attacks) are not destructive, but in the not too distant future we will see malicious attacks on mobile phones and Palm devices." Once Nokia locates a source for the problem, it will probably put out a software fix that can be downloaded to prevent the malicious code from taking effect, Takata said. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Wireless Phone Hack Attack? William Knowles (Sep 01)