Posted by Virus Bulletin on Nov 2, 2006
California University publishes Symbian proof of concept.
A group of researchers at the University of California, Santa Barbara, (UCSB) have released details and source code for a mobile phone worm, developed as a proof of concept in order to get 'information about what is needed to develop a mobile phone worm, how mobile phone worms spread, and how targets are infected.'
Members of the Reliable Software Research Group, funded in part by the US Army Research Office and the National Science Foundation, investigated many aspects of mobile phone security, and along with their worm have also developed a proof-of-concept remote code execution exploit, which they believe to be the first such exploit shown to function across the mobile phone network. They also claim to have discovered a cross-service vulnerability, allowing them to exploit the interaction between different wireless networks. Full details of the research, and the attacks, are available from the UCSB website, including source code of the worm.
'As smartphones grow in sophistication and user base, they are becoming an ever more popular target for malware,' said John Hawes, Technical Consultant at Virus Bulletin. 'Research into the security vulnerabilities of these new platforms is useful, if not vital, but the creation of new worms, and the publication of detailed data on how they work, seems not only unnecessary but potentially dangerous. With the current state of mobile operating systems, it seems unlikely that the phone companies will be able to block these holes before some script kiddie reworks the worm in a malicious way and unleashes it on the smartphone world.'
The tradition of academics dabbling in malware creation continues at the University of Calgary, where the notorious virus-writing course has been followed by a move into the spyware field.
Posted on 02 November 2006 by Virus Bulletin
