Symbian
‘
vulnerability
’
and Mobile Threats
Wajeb Gharibi
Head of Computer Engineering &Networks Department, Computer Science & Information Systems College,Jazan University,Jazan 82822-6694, Kingdom of Saudi Arabiagharibi@jazanu.edu.sa
Abstract
Modern technologies are becoming ever moreintegrated with each other. Mobile phones arebecoming increasing intelligent, and handsets aregrowing ever more like computers in functionality.We are entering a new era - the age of smarthouses, global advanced networks whichencompass a wide range of devices, all of themexchanging data with each other. Such trendsclearly open new horizons to malicious users, andthe potential threats are self evident.In this paper, we study and discuss one of the most
famous mobile operating systems „Symbian‟; its
vulnerabilities and recommended protectiontechnologies.
Keywords:
Information Security, Cyber Threats, Mobile Threats, Symbian Operating System.
1.
Introduction
Nowadays, there is a huge variety of cyber threatsthat can be quite dangerous not only for bigcompanies but also for an ordinary user, who canbe a potential victim for cybercriminals when usingunsafe system for entering confidential data, suchas login, password, credit card numbers, etc.Modern technologies are becoming ever moreintegrated with each other. Mobile phones arebecoming increasing intelligent, and handsets aregrowing ever more like computers in functionality.And smart devices, such as PDAs, on-board carcomputers, and new generation householdappliances are now equipped with communicationsfunctions. We are entering a new era - the age of smart houses, global networks which encompass awide range of devices, all of them exchanging datawith each other via - as cyberpunk authors say - airsaturated with bits and bytes. Such trends clearlyopen new horizons to malicious users, and thepotential threats are self evident.Our paper is organized as follows: Section 2demonstrates the mobile operating system
„Symbian‟
vulnerabilities. Section3 proposes
Symbians‟ Trojan Types
. Section 4 recommendssome possible protection techniques. Conclusionshave been made in Section 5.
2. Symbian Vulnerabilities
The term 'vulnerability' is often mentioned inconnection with computer security, in manydifferent contexts. It is associated with someviolation of a security policy. This may be due toweak security rules, or it may be that there is aproblem within the software itself. In theory, alltypes of computer/mobile systems havevulnerabilities [1-5].Symbian OS was originally developed by SymbianLtd.[4].It designed forsmartphonesand currently
maintained byNokia.The Symbian platform is thesuccessor to Symbian OS and NokiaSeries 60; unlike Symbian OS, which needed anadditionaluser interfacesystem, Symbian includesa user interface component based on S60 5thEdition. The latest version, Symbian^3, wasofficially released in Q4 2010, first used intheNokia N8. Devices based on Symbian accounted for 29.2% of worldwidesmartphonemarket share in 2011Q1.[5]Some estimates indicate that the cumulativenumber of mobile devices shipped with theSymbian OS up to the end of Q2 2010 is 385million[6]. On February 11, 2011, Nokia announced apartnership withMicrosoftwhich would see itadoptWindows Phone 7for smartphones, reducingthe number of devices running Symbian over thecoming two years.[12]Symbian OS was subject to a variety of viruses, thebest known of which isCabir.Usually these sendthemselves from phone to phone by Bluetooth. Sofar, none have taken advantage of any flaws inSymbian OS
–
instead, they have all asked the userwhether they would like to install the software,with somewhat prominent warnings that it can't betrusted.This short history started in June 2004, when agroup of professional virus writers known as 29Acreated the first virus for smartphones. The virus
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 10, October 201194http://sites.google.com/site/ijcsis/ISSN 1947-5500
called itself 'Caribe'. It was written for the Symbianoperating system, and spread via Bluetooth.Kaspersky Lab classified the virus asWorm.SymbOS.Cabir.Although a lot of media hype surroundedWorm.SymbOS.Cabir, it was actually a proof of concept virus, designed purely to demonstrate thatmalicious code could be created for Symbian.Authors of proof of concept code assert that theyare motivated by curiosity and the desire toimprove the security of whichever system theircreation targets; they are therefore usually notinterested either in spreading their code, or in usingit maliciously. The first sample of Cabir was sent toantivirus companies at the request of its author. Thesource code of the worm was, however, publishedon the Internet, and this led to a large number of modifications being created. And because of thisCabir started too slowly but steadily infecttelephones around the world.A month after Cabir appeared, antivirus companieswere startled by another technological innovation:Virus.WinCE.Duts. It occupies a double place of honour in virus collections - the first known virusfor the Windows CE (Windows Mobile) platform,and also the first file infector for smartphones. Dutsinfects executable files in the device's rootdirectory, but before doing this, requestspermission from the user.A month after Duts was born,Backdoor.WinCE.Brador made its appearance. Asits name shows, this program was the firstbackdoor for mobile platforms. The maliciousprogram opens a port on the victim device, openingthe PDA or smartphone to access by a remotemalicious user. Brador waits for the remote user toestablish a connection with the compromiseddevice.With Brador, the activity of some of the mostexperienced in the field of mobile security - theauthors of proof of concept viruses, who useradically new techniques in their viruses - comesalmost to a standstill. Trojan.SymbOS.Mosquit,which appeared shortly after Brador, was presentedas Mosquitos, a legitimate game for Symbian, butthe code of the game had been altered. Themodified version of the game sends SMS messagesto telephone numbers coded into the body of theprogram. Consequently, it is classified as a Trojanas it sends messages without the knowledge orconsent of the user - clear Trojan behaviour.In November 2004, after a three month break, anew Symbian Trojan was placed on some internetforums dedicated to mobiles.Trojan.SymbOS.Skuller, which appeared to be aprogram offering new wallpaper and icons forSymbian was an SIS file - installer for Symbianplatform. Launching and installing this program onthe system led to the standard application icons(AIF files) being replaced by a single icon, a skulland crossbones. At the same time, the programwould overwrite the original applications whichwould cease to function.Trojan.SymbOS.Skuller demonstrated twounpleasant things about Symbian architecture to theworld. Firstly, system applications can beoverwritten. Secondly, Symbian lacks stabilitywhen presented with corrupted or non-standardsystem files - and there are no checks designed tocompensate for this 'vulnerability'.This 'vulnerability' was quickly exploited by thosewho write viruses to demonstrate theirprogramming skills. Skuller was the first programin what is currently the biggest class of maliciousprograms for mobile phones. The program'sfunctionality is extremely primitive, and createdsimply to exploit the peculiarity of Symbianmentioned above. If we compare this to PC viruses,in terms of damage caused and technicalsophistication, viruses from this class are analogousto DOS file viruses which executed the command'format c:\' .The second Trojan of this class -Trojan.SymbOS.Locknut - appeared two monthslater. This program exploits the trust shown by theSymbian developers (the fact that Symbian doesnot check file integrity) in a more focused way.Once launched, the virus creates a folder called'gavno' (an unfortunate name from a Russianspeaker's point of view) in /system/apps. The foldercontains files called 'gavno.app', 'gavno.rsc' and'gavno_caption.rsc'. These files simply contain text,rather than the structure and code which wouldnormally be found in these file formats. The .appextension makes the operating system believe thatthe file is executable. The system will freeze whentrying to launch the application after reboot,making it impossible to turn on the smartphone.
3.
Symbians’ Trojan Types
Trojans exploiting the Symbian 'vulnerability'differ from each other only in the approach whichis used to exploit the 'vulnerability'.a)
Trojan.SymbOS.Dampig overwrites systemapplications with corrupted onesb)
Trojan.SymbOS.Drever prevents someantivirus applications from startingautomaticallyc)
Trojan.SymbOS.Fontal replaces system fontfiles with others. Although the replacementfiles are valid, they do not correspond to therelevant language version of the font files of
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 10, October 201195http://sites.google.com/site/ijcsis/ISSN 1947-5500
the operating system, and the result is thatthe telephone cannot be restartedd)
Trojan.SymbOS.Hoblle replaces the systemapplication File Explorer with a damagedonee)
Trojan.SymbOS.Appdiasbaler andTrojan.SymbOS.Doombot are functionallyidentical to Trojan.SymbOS.Dampig (thesecond of these installsWorm.SymbOS.Comwar)f)
Trojan.SymbOS.Blankfont is practicallyidentical to Trojan.SymbOS.FontalThe stream of uniform Trojans was broken only byWorm.SymbOS.Lascon in January 2005. Thisworm is a distant relative of Worm.SymbOS.Cabir.It differs from its predecessor in that it can infectSIS files. And in March 2005Worm.SymbOS.Comwar brought new functionalityto the mobile malware arena - this was the firstmalicious program with the ability to propagate viaMMS.
4. Possible Protection Techniques
Mobile has security vulnerabilities like computerand network. There is no particular locking systemor guarding system that is able to ensure 100percent security. Conversely, there are varioustypes of security locks or guards that are suitablefor different situations. We can make use of thecombination of available and up to datetechnologies to fight the serious attacks. Yet thereis no guaranty that this option will provide 100percent security, nevertheless, this methodologycertainly maximizes the mobile security and it isoften possible to stop a threat. Few techniques aredocumented here which are also suggested by Wi-Fi Planet, 2007; TechRepublic, 2008; andTechGuru, 2010.
Enable SIM, device and access lock frommobile settings. Enable the periodic lockdownfeature. Enable the memory access code.
Think deeply before accessing any internet siteand installing any application.
Spend little bit more time to check theapplication through Google or any searchengine before downloading or installingunknown files.
Disable WLAN and Bluetooth when you areout door and when you are not using it.
Find a phone with the service option toremotely kill it when it is irretrievably lost.
Never let others access your phone. Be carefulwhile accepting calls or messages fromunknown numbers.
Enable WPA2 encryption for WLANconnection and pass code request feature forBluetooth connection.
If you noticed that your phone has connectedto GPRS, UMTS, and HSDPA, disable thoseinstantly.
Keep regular backup.
Install antivirus software.
Do not simply save sensitive information onthe phone unless absolutely essential.
5. Trends and forecasts
It is difficult to forecast the evolution of mobileviruses with any accuracy. This area is constantlyin a state of instability. The number of factorswhich could potentially provoke seriousinformation security threats is increasing morequickly than the environment - both technologicaland social - is adapting and evolving to meet thesepotential threats.The following factors will lead to an increase in thenumber of malicious programs and to an increase inthreats for smartphones overall:
The percentage of smartphones in use isgrowing. The more popular the technology, themore profitable an attack will be.
Given the above, the number of people whowill have a vested interested in conducting anattack, and the ability to do so, will alsoincrease.
Smartphones are becoming more and morepowerful and multifunctional, and beginning tosqueeze PDAs out of the market. This willoffer both viruses and virus writers morefunctionalities to exploit.
An increase in device functionality naturallyleads to an increase in the amount of information which is potentially interesting toa remote malicious user that isstored on thedevice. In contrast to standard mobile phones,which usually have little more than an addressbook stored on them, a smartphone memorycan contain any files which would normally bestored on a computer hard disk. Programswhich give access to password protected onlineservices such as ICQ can also be used onsmartphones, which places confidential data atrisk.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 10, October 201196http://sites.google.com/site/ijcsis/ISSN 1947-5500
Search History:
Result 00 of 00
00 results for result for
p.
Symbian ‘vulnerability’ and Mobile Threats
Modern technologies are becoming ever more integrated with each other. Mobile phones are becoming increasing intelligent, and handsets are growing ever more like computers in functionality. We are entering a new era - the age of…
(More)
344
Reads
0
Readcasts
0
Embed Views
More From This User
Notes
Load more
