Mobile JAVA

We don't forget to scan our PC for viruses and worms but we conveniently forget to download a virus checker for our mobile. Most of us are still under the impression that mobiles are completely secure, which isn't true. There are a number of threats that can crash your mobile handset. Since few people have suffered from such harmful programs, mobile attacks haven't gotten much publicity. In personal computers, viruses attack through removable drives and Internet attachments whereas M-viruses and worms attack through SMS, downloadable application files, Bluetooth, etc.

We have very little knowledge about such mobile attacks. There are many mobile viruses that can even crash your mobile handset. Having a Bluetooth facility in a mobile device makes it even more vulnerable. Bluejacking, bluesnarfing, and backdoor attacks are some Bluetooth attacks. The attacker can access your contact data, personal images, and SMS inbox after making a Bluetooth connection with your mobile.

There are two "free" ways of sharing information that are available with most of the mobile handsets. These are infrared and Bluetooth. Bluetooth offers better coverage compared to infrared. Hence there's greater possibility of attack through Bluetooth than infrared. Let's look at some of the popular Bluetooth attacks.

Bluetooth Attacks...
The simplest one is bluejacking. It is the process of sending anonymous messages using Bluetooth technology. In bluejacking we can send a message, a video file, or an audio file. Bluejacking can't harm the destination mobile. When bluejacking is done to advertise or spam the victim's inbox then it's called bluespamming. In bluespamming, the interloper sends spam messages to all mobiles in its Bluetooth range.

So much for the "not so harmful" attacks. Now let's look at real Bluetooth attacks. The most popular Bluetooth threat is a bluesnarfing attack. Bluesnarfing is dangerous because it can steal your address book, your personal data, and do n numbers of such harmful activities. A bluesnarfing attack can take place from any well-equipped Bluetooth-enabled device. Bluesnarfing can update the most sensitive data and doesn't leave any traces behind. Using bluesnarfing, the attacker can update your address book. A bluesnarfing attack can also set call forwarding in train and cost you money. Then there's bluebugging - the attacker makes calls from the victim's mobile handset remotely.

In Bluetooth, the packet-size value is set for different devices. There's an attack that uses this to try to crash the victim's handset. If a Bluetooth device gets a packet of greater size than its allowed limit it crashes, hangs, or sometimes simply reboots. This attack is known as bluesmacking.

Viruses, Worms & Trojans...
Other than Bluetooth attacks, there are other threats like worms, viruses, and Trojan horses.

Let's start with the first mobile Trojan "Mosquit.a." It doesn't hurt your handset but it costs you money. It's basically a mobile game that sends numerous SMS messages to different numbers when you're busy playing the game. Then there's a Commwarrior virus that spreads either through Bluetooth or MMS and attacks 60 series handsets. There's a skulls Trojan that disables all applications and replaces all application icons with the image of a skull. It's basically a SIS application that replaces all application software with wrong versions disabling basic functionality. And there's is a Trojan called "SymbOS.Locknut" that can crash a victim's handset. If you get a call that displays the name "ACE" and if you pick the call up, it can erase your IMEI number and make your phone useless. Then there's a "Drever-C" Trojan that poses as a security update and corrupts the boot loader. So be careful downloading applications from the Internet.

How Can I Protect My Mobile?

• Don't open untrustworthy applications
• Don't pair your device with unknown devices
• When entering a crowded zone, make sure your Bluetooth is switched off
• Keep your mobile anti-virus updated

In case viruses, Trojans or worms are detected, anti-virus companies have patches and updates. To protect mobile handsets you have to keep your mobile anti-virus updated. If you find that your cell's been attacked by some virus or Trojan don't reboot it. Some Trojans affect the boot loader/boot data and rebooting will make it hard to repair.

Conclusion
After reading about the different kinds of attack that can take place, you might be worried about your cell's security. But we can still keep our mobiles safe by having the appropriate anti-virus loaded on them and keeping our Bluetooth on only when needed. An option in our cell phones lets us maintain a "Hidden/Invisible" connection that refuses new Bluetooth connections, but some devices still remain vulnerable. So keeping Bluetooth on only when required is the only option that remains. We can also refuse to accept connection requests from unknown devices.

Well-known PC anti-virus companies like Symantec and McAfee provide anti-virus protection for mobiles.

References

http://news.zdnet.co.uk/communications/wireless/0,39020348,39145881,00.htm

An Ethical guide to hacking mobile phone by Ankit Fadia, Macmillan publications

www.antivirusprogram.se/virusinfo/SymbOS.Locknut_3172.html

www.viruslist.com/en/analysis?pubid=200119916

http://hoaxbusters.ciac.org/HBMalCode.shtml

Dedications
I would like to dedicate this article to my best friends and my mom and thank my friend Ms. Sneha Abraham for her valuable suggestions.