NEWS

Computing Now Exclusive Content — August 2009

News Archive

November 2009

Program Uses Mobile Technology to Help with Crises

More Cores Keep Power Down

White-Space Networking Goes Live

Mobile Web 2.0 Experiences Growing Pains

October 2009

More Spectrum Sought for Body Sensor Networks

Optics for Universal I/O and Speed

High-Performance Computing Adds Virtualization to the Mix

ICANN Accountability Goes Multinational

RFID Tags Chat Their Way to Energy Efficiency

September 2009

Delay-Tolerant Networks in Your Pocket

Flash Cookies Stir Privacy Concerns

Addressing the Challenge of Cloud-Computing Interoperability

Ephemeralizing the Web

August 2009

Bluetooth Speeds Up

Grids Get Closer

DCN Gets Ready for Production

The Sims Meet Science

Sexy Space Threat Comes to Mobile Phones

July 2009

WiGig Alliance Makes Push for HD Specification

New Dilemnas, Same Principles:
Changing Landscape Requires IT Ethics to Go Mainstream

Synthetic DNS Stirs Controversy:
Why Breaking Is a Good Thing

New Approach Fights Microchip Piracy

Technique Makes Strong Encryption Easier to Use

New Adobe Flash Streams Internet Directly to TVs

June 2009

Aging Satellites Spark GPS Concerns

The Changing World of Outsourcing

North American CS Enrollment Rises for First Time in Seven Years

Materials Breakthrough Could Eliminate Bootups

April 2009

Trusted Computing Shapes Self-Encrypting Drives

March 2009

Google, Publishers to Try New Advertising Methods

Siftables Offer New Interaction Model for Serious Games

Hulu Boxed In by Media Conglomerates

February 2009

Chips on Verge of Reaching 32 nm Nodes

Hathaway to Lead Cybersecurity Review

A Match Made in Heaven: Gaming Enters the Cloud

January 2009

Government Support Could Spell Big Year for Open Source

25 Reasons For Better Programming

Web Guide Turns Playstation 3 Consoles into Supercomputing Cluster

Flagbearers for Technology: Contemporary Techniques Showcase US Artifact and European Treasures

December 2008

.Tel TLD Debuts As New Way to Network

Science Exchange

November 2008

The Future is Reconfigurable

Sexy Space Threat Comes to Mobile Phones

by George Lawton

Security researchers have discovered Sexy Space, the first mobile malware able to send and receive information from a remote server and spread via SMS, the short-message-service standard used worldwide for text messaging. The malware's communications abilities have raised concerns that it could portend the rise of mobile phone botnets.

Sexy Space spreads via SMS by encouraging a recipient to download an application to view sexy women. But when the application runs, nothing appears to happen, said Patrick Runald, chief security advisor at F-Secure. "There are no sexy women or anything else. From a social engineering perspective, it would have been more successful if you had seen sexy women, but that is not the case."

Once the malware has been installed on a new phone, it sends messages to all the contacts in the phone book. Recipients must visit the link and agree to install the application. However, there are no security warnings.

Runald called Sexy Space an SMS worm because it can automatically propagate to other users. However, Craig Heath, Symbian's chief security technologist, argues that Sexy Space is a Trojan horse rather than a worm, because it can't spread without human intervention. It can only transmit a link to a copy of itself, which the end user must then open.

Runald said the majority of mobile malware applications are simple Trojans that cannot be shared between phones. They are generally only spread on top of other applications downloaded via the Internet. Other worms have included Commwarrior which can be transmitted via Bluetooth, and Cabir which could be transmitted via Bluetooth and MMS. But these worms only worked on Symbian S60 Second edition, which was replaced by the S60 Third edition in 2006.

First Signed Malware

Another unique aspect of Sexy Space is that it's signed by Symbian. In the default mode, a Symbian phone will let users run unsigned applications with a security warning. A signed application doesn’t raise any warning messages.

Runald said that he's seen signed spyware applications that must be purchased, but this is the first time a malware creator has gone through the trouble to run an application through the Symbian signing process.

Symbian developers are required to obtain a publisher ID from a reputable certificate authority (CA). Symbian supports both VeriSign and TC Trust Center publisher certificates. The publisher ID provides assurance that  developers can be reliably identified if they misuse the signing services. Developers can choose to use Certified Signed or Express Signed certificates. All Certified Signed applications are submitted to an independent,  third-party  test house for assessment against published test criteria.

Only a proportion of the Express Signed applications are audited by a test house, said Heath. However, developers must declare that they have run the tests themselves and verified that the application passed. If a developer states that an application passes the test criteria, but an audit shows that it doesn't, the developer is blocked from submitting further applications via Express Signed.

Each signed application receives a unique content certificate. Any application that subsequently proves to be damaging or malicious can therefore be individually revoked. When the application is installed on a phone, the phone can check the status of the certificate to see if it's revoked and, if it is, can refrain from installing the application.

Botnet Concerns Overhyped

Sexy Space can download the SMS message template and send the malware to phone numbers listed in the phone's address book. It can also transmit the International Mobile Equipment Identity number, which is a unique identifier for each phone to the server. Runald noted that some people claim these communication capabilities make Sexy Space the first mobile botnet, but he believes a true botnet would require more capabilities.

In its current state, the malware appears to cause no significant harm to the user or the phone. Runald said it might cost some money for sending text messages but doesn’t render the device useless or compromise data. "However, it might be an embarrassment if you are sending malware to friends and colleagues," he noted.

Heath said the application can be removed without any special security software by simply using the normal uninstall procedure built into Symbian. He also pointed out that no variants found so far include other malware or damage the system or the network in any way.


Suggestions