Wireless Phone Hack Attack?

[William Knowles <wk () C4I ORG>]

http://www.wired.com/news/business/0,1367,38557,00.html

by Elisa Batista
1:45 p.m. Aug. 31, 2000 PDT

During a routine software check, a Norwegian company recently
discovered what might be the first hacker attack on mobile phones and
other personal digital assistants.

Norway-based WAP service developer Web2WAP was testing its software on
Nokia phones with the short messaging service (SMS) when it realized
that suspicious code was being sent to the phones and causing them "to
freeze."

The keypad on a phone that receives this code - which is delivered
through email -- won't work for about 30 to 60 seconds, unless the
user immediately replaces the phone's batteries.

Web2WAP said the problem has only been found on SMS-enabled phones
from Nokia, but they declined to comment further. Nokia and security
experts aren't ruling out the possibility of a bug or software glitch
is causing the phones to freeze. But they are trying to confirm if the
SMS code was maliciously created.

"It is already evident, based on (Web2WAP) publicly made claims, that
this is not a WAP virus," said Nokia spokeswoman Cherie Gary. "The
incident that has been described is typically a temporary 'freeze' in
the execution of the phone software, caused by a tampered-with smart
message sent to the phone with a deliberate intention to cause the
freeze. This can be done, for example, by sending many consecutive
smart messages with non-standard content to the phone."

Neither Nokia (NOK), which learned about the incident through the
Norwegian press, or Web2WAP, will say what the code is, but Web
security experts see this as the first step for hackers in disrupting
wireless devices.

"There's concern among our clients that this is part of a larger trend
- the first step for an increasingly growing number of Trojan (horses)
and viruses and attacks targeted to wireless phones and Palms, that
before were not considered at risk for these types of problems," said
Ben Venzke, director of intelligence production for cyber security
information provider iDefense.

Venzke and Nokia's Gary say no hacker has been able to unleash a
successful virus on mobile phones. But many hackers probably prefer
attacking the more ubiquitous desktop computers.

"What's the point in creating a virus when only four people have
phones?" Venzke said. But the growing number of wireless phones is
making them more attractive. "Suddenly there's a real target."

Dan Takata, a virus specialist for security company F-Secure, agrees.

"This is the beginning of a whole new era, now that we're moving more
from the wired to wireless," he said. "Right now (these attacks) are
not destructive, but in the not too distant future we will see
malicious attacks on mobile phones and Palm devices."

Once Nokia locates a source for the problem, it will probably put out
a software fix that can be downloaded to prevent the malicious code
from taking effect, Takata said.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".