Cell Phones Responsible For Next Internet Worm? 109
nitsudima writes "The mobile devices you know and love are great for productivity, but they have completely changed the vulnerability state of our networks. Norm Laudermilch tells you why you should be afraid, very afraid." From the article: "The new and largely unexplored propagation vector for malicious code distribution is mobile devices. With 802.11, Bluetooth, WiFI, WiMAX, MMS, Infrared, and cellular data capabilities on almost all new models, these devices provide a wealth of opportunity for the transmission of data. With no notion of user access levels in the compact mobile operating systems, a lack of effective authentication, and no data encryption, these environments are prime targets for the incubation of malicious code."
I want a refrigerator (Score:5, Interesting)
No, seriously, what aren't they thinking of using cell phones for these days, except maybe making reliable, clear, and simple phone calls? Seems like the piling on of more non-cell-phone features on cell phones is not very well thought out. Couple the lack of security design in these added networking features with the possibility/probability more mobile phones are moving to embedded Windows (at least that's what I've read), potential for network compromise and disaster increases non-linearly (upward).
What I find annoying and intrusive about this is I'm sitting here in my (our) internet universe working hard to make it reasonably sound, and these entrepreneurs trump that work with their one-off, disposable technology. So, I (we) eventually take the big hit for their irresponsibility. Sheesh, in every major park I've visited there's a requirement for pet owners to clean up after their pets, it'd be nice to see similar structure here.
When they're designing these phones, and these networks, and what and how the phones work, does anyone in the room bring up the notion these phones first and foremost should be phones?
In haste to be the first with the new features it seems the ramifications of what and how they add are considered little, if at all. It's money grabbing, and let the chips fall where they may, as long as the manufacturer is first and fastest with the latest new features. Sick.
I find it ironic, paradoxical(?), one of the features so darling and network centric is text messaging. I've referenced this before the T-Mobile Sidekick got written into an episode of Gilmore Girls where Rory carried on a "conversation" with Daddy about arrangements to attend a function. I'm waiting for the next great headlines where someone discovered the newest and fastest way to communicate with one of these devices -- you can actually dial a number and talk to the other person!!!
As for the "The mobile devices you know and love are great for productivity" statement, give me a break. Firstly I don't "love" them, and if by "great for productivity" you mean: great for interrupting the social flow of interaction; great for rude behavior; great for ignoring real world, then, okay, great! Not.
(And, for those who feel they must beat me with their clue sticks, no thanks on advice about how to get phones that are just phones -- been there, done that... I know how to get around the system, I just don't think I should have to.)
ZOMGWTF (Score:5, Interesting)
Says somebody who has clearly never programmed a mobile phone.
The vast, vast majority of consumer phones are not the so-called "smartphones" that run traditional operating systems like Symbian or Windows, they run proprietary operating systems that have no publically known names and do not export any APIs, except for J2ME or possibly BREW.
As an aside, J2ME consumer phones are often just as "smart" as larger, more powerful phone/PDA hybrids ... my own does calendaring, web access, has an IMAP client built in, is themable, plays music and videos, and has a 500mb flash storage facility amongst other capabilities. Yet by the standard definition it is not "smart".
Anyway, J2ME has many flaws, but security is not one of them. If somebody finds a programmatic way to compromise a J2ME phone in the next 5 years then I will be very surprised. These things have no concept of processes or users, which is great, because this sort of security confuses the crap out of pretty much anybody who isn't steeped in UNIX security lore. Instead they rely on constructing (with a bit of help) a mathematical proof that the Java programs they're running don't compromise type safety, and then either interpret them or on Jazelle-based phones run them direct on the chip. This is safe and allows for a very flexible and intuitive form of security.
The absolute best you can do on these things is social engineering or exploiting piss-poor UI (which is what Cabir does). To claim you could "infect a cafe full of phones" is ludicrous: most people don't even have Bluetooth switched on as many phones disable it by default.
Re:Oh my, what amazing FUD. (Score:1, Interesting)
As someone who has worked in the mobile industry since the dawn of J2ME and Brew, I know that claims of a widespread virus are complete FUD.
Anyone who has created applications for mobile devices know what a complete pain it is to port the applications (particularly ones that use advanced features like IR, Bluetooth, SMS or even create a network connection).
The anti-virus guys like Norton and their ilk are showing up at all of the major mobile shows now claiming to be saving the industry from it's lack of awareness.
Nothing could be further from the truth.
Text messaging is free money... (Score:3, Interesting)
Text messaging is the equivalent of someone coming to you and telling you to give them money for something you've already paid for. What people don't understand about this technology is that they are getting nothing for something. In the time it takes for you to utter "Hello World!" with your voice, you could send hundreds of text messages in the same data stream. So text messages are essentially "free" from the cell providers point of view, yet they are charging us extra for it.
It seems these days that people understand less and less about how technology works and companies are able to take advantage of that fact. In fact there is a fair amount of downright "confusion marketing" going on so that the consumer can never be knowledgeable about what they are actually getting for their money. If I can charge you $40 for the basic service and $10 more for an added service that doesn't require any more technology than the basic service (or less in the case of text messaging), then consumers are getting ripped off.
I'm actually dumbfounded as to why no one seems to care about things that are going on in the world these days. Oh sure, gas is above $3.00 a gallon, but that is a highly visible and tangible substance. What about the price of bottled water, or sugar water for that matter? No one seems to care. In fact, the business of selling so called "energy drinks" is escalating out of control.
If you actually care about the price of gas, then you should be downright "ticked off" that you are being charged extra for text messaging.
In fact, why in the world don't prices drop further for established services? Why do all your typical monthly bills seem to bottom out at around $20 to $30 (a single person, living alone). Why are they all about the same, even for completely differing services. Ever notice that you will never get an electric bill for less than $30 dollars? Why doesn't a land line phone only cost $5.00 a month in 2006? If I get a bill for $30 dollars a month, and so do 100 million other people, then that's 3 billion dollars a month going somewhere? So where?
Over the past 20 years we've seen technology prices tumble. A PC that once cost $5000 now costs $400, and it can process 10,000 times more information. Fiber can now support millions of connections at data rates hundreds of times greater than 20 years ago. Yet, our bills seem to keep going up. Why?
Why don't MMORPGs cost only $1.00 a month? Why do most subscriptions to almost any service all range from $10 to $40? Why do we pay around $1.00 for 3 Meg of compressed audio file (just bits) when we don't get anything at all material?
Companies are making more these days, and squeezing more out of consumers than ever before and few seem to care. So in this respect I'm quite happy to see the price of gas rise. Serves us right.
Just my 2 cents.
Cell phone virii do not bother me one bit.. (Score:3, Interesting)
Sadly the norm for most companies these days is to whore themselves out to the "must have it" minded people.