I am keen to get in on the Joost Beta Programme, so if any of you kind hearted souls out there would be willing to give me an invitation, I would be eternally grateful.
I can be contacted by email from joost@mobsec.com
Mission accomplished!. Thanks Antonio. You’re a gentleman.
No Tags| Powered by Gregarious (41) |
|
Trend Micro has discovered a nice little flaw in Windows Mobile which affects Windows Mobile 5.0 and PPC which is reported on their Blog. It temporarily bricks the device for up to 15 minutes when it tries to process a malformed jpeg (nice). They simultaneously reported another vulnerability which relates to IE which when executed makes the device unstable.
I personally am interested in finding out more information about the latter. What does this mean? Is it permanently or temporarily unstable?
No Tags| Powered by Gregarious (41) |
|
I started this blog around the middle of October 2006 and made my first post on the 24th of October. I’ve submitted this site to Yahoo!, Google plus others and after three months it’s still not showing in Google. Do they have an indexing problem? What gives?!
| Powered by Gregarious (41) |
|
Windows Mobile/PPC is again back in the news. This time, Colin Muilliner demonstrates how to crash a Windows Mobile device by flooding it with MMS messages.
Basically, the phone can be DoS’d by flooding it with over-sized MMS messages. Colin has posted the exploit code here. This is great for attackers since Windows Mobile accepts all notifications sent via WLAN broadcast addresses. So next time you’re in a cafe and your inbox starts filling up in a mucho-rapido fashion, you’ll know what’s up.
No Tags| Powered by Gregarious (41) |
|
I took the time to read McAfee Avert Labs’ top ten security threats for 2007. The section on mobile security caught my eye:
More mobile attacks
Mobile threats will continue to grow as platform convergence continues. The use of smartphone technology has played a pivotal role in the threat’s transition from multifunction, semi-stationary PCs to palm-sized “wearable” devices. With increased connectivity through BlueTooth, SMS, instant messaging, email, WiFi, USB, audio, video and Web, there are more possibilities for cross device contamination.
2006 saw efforts by mobile malware authors to achieve PC-to-phone and phone-to-PC infection vectors. The PC-to-phone vector was achieved with the creation of MSIL/Xrove.A, a .NET malware that can infect a smartphone via ActiveSync. Existing phone-to-PC vectors remain primitive in nature at this time, such as infecting via removable memory cards. However, McAfee expects that this next stage will be achieved in 2007.
SMiShing, which involves taking the techniques of phishing by email and porting them to SMS (SMiShing instead of phishing), is also expected to increase in prevalence. In August 2006, McAfee Avert Labs received its first sample of a SMiShing attack with VBS/Eliles, a mass mailing worm that also sends short message service (SMS) messages to mobile phones. By the end of September 2006, four variants of the worm had been discovered.
In addition, for-profit mobile malware is expected to increase in 2007. While most of the malware Avert Labs has run across includes relatively simple Trojan horses, the outlook has changed with the J2ME/Redbrowser Trojan. J2ME/Redbrowser is a Trojan horse program that pretends to access Wireless Access Protocol (WAP) web pages via SMS messages. In reality, instead of retrieving WAP pages, it sends SMS messages to Premium Rate numbers, thus costing the user more than intended. A second J2ME, Wesber, appearing in late 2006, also sends out messages to a premium SMS number.
Late 2006 saw a flurry of spy-ware offerings in the mobile world. Most are designed to monitor phone-numbers and SMS call-logs, or to steal SMS messages by forwarding copies to another phone. One spyware in particular, SymbOS/Flexispy.B, is able to remotely activate the microphone of the victim’s device, allowing someone to eavesdrop upon that person. Other spyware can activate the camera. McAfee expects that the offerings of commercial spyware targeting mobile devices to grow in 2007.
It is easy for such reports to over-simplify and tar all mobile devices with the same brush. The same statement written for the PC world wouldn’t fly.
In the PC world we have Linux, Windows, BSD or OS X * just as in the mobile world we have various S60 incarnations, Windows Mobile/Pocket PC and a whole host of other proprietary mobile OS’s – all of which are very different beasts.
Analysts in other leading companies said this exact same thing last year, perhaps with the exception of IBM who pointed out:
However, other much-hyped security trends are unlikely to break out in 2006, including attacks on VOIP (voice-over-IP) systems and on mobile devices
Whilst I agree with some of what is written, I would like to emphasise that some mobile OS’s are more vulnerable than others. And layer 8 will probably continue to be the most effective attack vector – as is the case on the PC side.
* Well, sort of
No Tags| Powered by Gregarious (41) |
|