June 15, 2004 2:40 PM PDT

Smart-phone worm has a hang-up

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Worm ready to wriggle into smart phones
June 14, 2004; Nokia gets hip to flip phones
June 14, 2004; Study: Symbian to hang on to smart phone OS lead
April 26, 2004; Expert: Gaps still pain Bluetooth security
April 22, 2004; Nokia: Bluetooth flaw gnaws at phone security
February 9, 2004

A recently created "concept virus" designed to show that a worm could spread between smart phones won't get very far in the real world, antivirus companies said Tuesday.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

As previously reported, the so-called Cabir worm is written for the Symbian operating system, the OS used in a majority of smart phones--devices that combine the features of a cell phone and a personal digital assistant. The worm's creators sent a copy of it to antivirus researchers Monday, and it's not yet known if the program has made its way to the general public.

Some researchers initially thought Cabir would automatically run on phones based on the Symbian OS, but an analysis of the program has changed that assessment. In order for the worm to spread, said Kevin Hogan, senior manager for security company Symantec, the user of a targeted phone has to approve of a download from an unknown source.

"The way in which (this worm) replicates itself will severely limit its spread, even if (the worm) was to be made public," Hogan said. "It is not relying on a vulnerability in the operating system; it is relying on the underlying vulnerability of the person who is using" the OS.

To propagate, the worm has to clear three hurdles, Hogan said. First, the target device's user must allow the infected phone to connect to the target device through the Bluetooth wireless protocol. Then, the potential victim must accept the data for download. Finally, the user has to agree to install the application.

"We still haven't seen this thing in the wild," Hogan said. "So far, it is what we call a 'zoo virus'--it is only in the hands of researchers and the person that wrote it."

While the worm is not likely to spread, antivirus companies warned that other virus writers may use it as a departure point for their own development, placing the digital code at the beginning of a chain of evolution that could result in an actual threat to users of smart phones.

"We see it as a pretty significant step forward," said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team. Two other minor variants of the program, which remove extraneous code, have appeared already, he said.

"The saving grace is that you have to accept the program, it just doesn't show up on your machine," Gullotto said.

Cabir uses components of Nokia's Series 60 development platform, a platform used not only by Nokia but also by other major smart phone manufacturers, including Siemens, Samsung, Sendo and Panasonic. Symantec and other antivirus companies confirmed that, theoretically, the worm could spread between Nokia Series 60 phones running Symbian 6.1 or higher. Security company Network Associates found that the program could infect a Nokia 6600 phone.

Representatives of Symbian and Nokia were not immediately available for comment.

Are security companies ahead of hackers?

Even if Cabir could spread quickly, it might not gain much traction because smart phones still have not taken off, especially in the United States. Symbian's operating system currently dominates the smart-phone market, which remains small, representing only a thin slice of the more than 1 billion cell phones in circulation. The Symbian OS is expected to battle a similar product from Microsoft for the lead in the operating system market through the end of the decade.

Threats like the Cabir worm could be further stymied by Symbian Signed, a new campaign that will require all applications for the Symbian platform to be digitally signed, attesting that the company has looked at the code. Users could refuse to install any unsigned applications.

Cabir doesn't have a destructive payload, but it constantly scans for other Bluetooth devices it can target, severely shortening the battery life of any system it's already infected, according to Symantec's analysis.

See more CNET content tagged:
Cabir virus, worm, Nokia Corp., smart phone, Symbian Inc.

Latest tech news headlines

Duke Energy to invest in mini solar power plants
Posted in Green Tech by Martin LaMonica

September 5, 2008 9:48 AM PDT
About time: Joost to launch browser-based player
Posted in News - Digital Media by Greg Sandoval

September 5, 2008 9:24 AM PDT
Google and 'Vanity Fair' party with the GOP
Posted in News - Politics and Law by Stephanie Condon

September 5, 2008 9:17 AM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Samsung contemplating SanDisk acquisition
South Korean consumer electronics giant is considering a buyout of the chipmaker to reduce its NAND flash memory costs, according to PaidContent.
Gallery
Photos: Ron Paul's RNC alternative
As the Republican convention took place just miles away, a crowd rallied for the former presidential candidate and his message of limited government, ensured civil liberties, lower taxes, and peace.
The Open Road
Analysts as a lagging indicator of success
Gartner, Forrester, and other analyst firms tends to be great predictors of the past, probably because that's where they get their money.
Beyond Binary
Memo: Windows chief on new ads
Windows business unit head Bill Veghte send a memo to troops late Thursday promising that the debut Seinfeld/Bill Gates ad was just an "icebreaker."
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Digital Media
About time: Joost to launch browser-based player
Company's desktop client failed to catch on with the public so Joost is retooling, but is it to late to catch Hulu and YouTube?
Video
Political party playlists
We know the Democrats and Republicans are split over policy issues, but does their musical taste fall down party lines too? And what kind of gadgets did they bring to the conventions to listen to their music? CNET reporter Kara Tsuboi finds out.
News - Politics and Law
Google and 'Vanity Fair' party with the GOP
Google and Vanity Fair hosted one of the most talked-about parties at the Republican convention.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Photos: The brains behind Google Chrome
Here's a look at some of the engineers and executives who took the stage at the company's headquarters as they unveiled the new browser.
Gadgettes, the blog
Gadgettes 105: The Sing, Sing a Song Episode
We have music on the brain in today's episode of Gadgettes. Don't worry, we won't destroy your ear drums with ear-piercing renditions of your least favorite '80s tunes. Instead, we'll soften the blow with a slew of musical gadgets and accessories.
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.