June 15, 2004 2:40 PM PDT

Smart-phone worm has a hang-up

A recently created "concept virus" designed to show that a worm could spread between smart phones won't get very far in the real world, antivirus companies said Tuesday.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

As previously reported, the so-called Cabir worm is written for the Symbian operating system, the OS used in a majority of smart phones--devices that combine the features of a cell phone and a personal digital assistant. The worm's creators sent a copy of it to antivirus researchers Monday, and it's not yet known if the program has made its way to the general public.

Some researchers initially thought Cabir would automatically run on phones based on the Symbian OS, but an analysis of the program has changed that assessment. In order for the worm to spread, said Kevin Hogan, senior manager for security company Symantec, the user of a targeted phone has to approve of a download from an unknown source.

"The way in which (this worm) replicates itself will severely limit its spread, even if (the worm) was to be made public," Hogan said. "It is not relying on a vulnerability in the operating system; it is relying on the underlying vulnerability of the person who is using" the OS.

To propagate, the worm has to clear three hurdles, Hogan said. First, the target device's user must allow the infected phone to connect to the target device through the Bluetooth wireless protocol. Then, the potential victim must accept the data for download. Finally, the user has to agree to install the application.

"We still haven't seen this thing in the wild," Hogan said. "So far, it is what we call a 'zoo virus'--it is only in the hands of researchers and the person that wrote it."

While the worm is not likely to spread, antivirus companies warned that other virus writers may use it as a departure point for their own development, placing the digital code at the beginning of a chain of evolution that could result in an actual threat to users of smart phones.

"We see it as a pretty significant step forward," said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team. Two other minor variants of the program, which remove extraneous code, have appeared already, he said.

"The saving grace is that you have to accept the program, it just doesn't show up on your machine," Gullotto said.

Cabir uses components of Nokia's Series 60 development platform, a platform used not only by Nokia but also by other major smart phone manufacturers, including Siemens, Samsung, Sendo and Panasonic. Symantec and other antivirus companies confirmed that, theoretically, the worm could spread between Nokia Series 60 phones running Symbian 6.1 or higher. Security company Network Associates found that the program could infect a Nokia 6600 phone.

Representatives of Symbian and Nokia were not immediately available for comment.

Click here to Play

Even if Cabir could spread quickly, it might not gain much traction because smart phones still have not taken off, especially in the United States. Symbian's operating system currently dominates the smart-phone market, which remains small, representing only a thin slice of the more than 1 billion cell phones in circulation. The Symbian OS is expected to battle a similar product from Microsoft for the lead in the operating system market through the end of the decade.

Threats like the Cabir worm could be further stymied by Symbian Signed, a new campaign that will require all applications for the Symbian platform to be digitally signed, attesting that the company has looked at the code. Users could refuse to install any unsigned applications.

Cabir doesn't have a destructive payload, but it constantly scans for other Bluetooth devices it can target, severely shortening the battery life of any system it's already infected, according to Symantec's analysis.

1 comment

Join the conversation!
Add your comment
im not sure when the smartphone aka worm story started, but im reading it today. and i have something to say and in a similar situation. all the hacking going on thats affecting everyone started with a chip transfer from an altel employee from his htc smartphone to mine. i been fighting it since aug/sep of 2008 and today still cant rid it. he uses multiple exploits that has nothing to do with the operating system, but digs into every angle. i can wipe the worm from the drive and low level format each one, removing all devices that emit a signal, throw away burned restore disk and order new ones, ect.... and this worm still affects the machines before the OS is even finishing installing. im trying to scan the firmware areas of devices and the bios. if that dont pan out, the only thing left is that they got their hands on some fbi technology or the phone frequencys from the towers.
Posted by PeaceMaker101 (5 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.