Guest Paul (MVP) Posted August 9, 2006 Report Share Posted August 9, 2006 [teaser]Think that mobile phone viruses are going to be limited to the Symbian world, and that you are safe using a Windows Mobile device? Well, that's not the case, according to this article over at Symantec. ...at DefCon this past weekend, Collin Mulliner demonstrated a remote code execution flaw via MMS on Windows CE. Collin's slides show how he used a malformed MMS message to achieve arbitrary code execution on a device, simply by having a user view the message. This is obviously of great concern; Windows Mobile devices are becoming more and more prevalent and the substantial challenges with patching continue to exist. At the end of 2005, the Symantec Advanced Threat Research team performed a detailed attack surface analysis of Windows CE 5. We took a very broad and a very deep look as to how attacks could target Windows CE (and thus Windows Mobile) devices both from a remote perspective, as well as a local privilege escalation perspective (CE 5 includes the concept of trusted versus un-trusted applications). This research included documenting all of the remote attack vectors that could potentially exist. During the course of the research, as you would expect, we found a number of remote code execution flaws that could be leveraged in a malicious fashion. While we won't be disclosing the specific flaws just yet, what we will discuss is the overall security architecture of CE5, the types of vulnerabilities we discovered, how these impact mobile devices, and what, if anything, people can do to protect themselves....[/teaser] Concerning words indeed, and I thoroughtly recommend checking out Collin Mulliner's PDF slide deck here if you want to learn more about this particular vulnerability, or to read Collin's research into Windows Mobile Phone devices' attack surface in general. Remember people, don't have nightmares :) P (via msmobiles) Link to comment Share on other sites More sharing options...
Guest TheAfroman Posted August 9, 2006 Report Share Posted August 9, 2006 I was at this talk in Vegas this past weekend.. great talk.. Link to comment Share on other sites More sharing options...
Guest muff Posted August 10, 2006 Report Share Posted August 10, 2006 serious amount of testing went into finding these exploits - very nice write up Link to comment Share on other sites More sharing options...
Guest Samsonite Posted August 11, 2006 Report Share Posted August 11, 2006 scanning thru the PDF, it would appear to me that the onus is in the networks to resolve this. Without the speaker, the notes are only giving half the story but i could pick up that the sanitizing of the messages is achieved at the infrastructure level, not the device. The device seems unable to differentiate between a good and bad message... With this in mind, would an anti-virus package in the conventional context actually offer any protection? I dont think it would... considering the actual number if MMS's sent to Windows Mobile units -and as the PDF states, this is all based in the previous OS kernal, not WM5 - is it a real worry? i think i shall still run the gauntlet and stay unprotected... interesting/comforting to know that there is a real effort in this area though. Both in the 'attacking' and 'defence from' areas. Link to comment Share on other sites More sharing options...
Guest Swampie Posted August 11, 2006 Report Share Posted August 11, 2006 scanning thru the PDF, it would appear to me that the onus is in the networks to resolve this. I thought I read that MS and the MMS software company had provided a fix, but it was up to the networks to provide new ROMs for the devices... which on a Windows Mobile 2003 device is unlikely now. There was no mention whether the bug was also in WM5. Seeing as the MMS is still a separate app I believe, it's possible. If so, lets hope they (and then the networks) release an update. Link to comment Share on other sites More sharing options...
Guest PDAHazzard Posted August 13, 2006 Report Share Posted August 13, 2006 Symantec is not a real frontline player in the mobile AV market. I'd rather believe F-Secure, when it comes to Mobile AV, as they have developped much earlier AND own AV software for both PDA's and smartphones. Link to comment Share on other sites More sharing options...
Guest pookiecheeks Posted August 13, 2006 Report Share Posted August 13, 2006 hello all, so when last year i forked out Link to comment Share on other sites More sharing options...
Guest Samsonite Posted August 13, 2006 Report Share Posted August 13, 2006 hello all, so when last year i forked out Link to comment Share on other sites More sharing options...
Guest fraser Posted August 30, 2006 Report Share Posted August 30, 2006 With this in mind, would an anti-virus package in the conventional context actually offer any protection? I dont think it would... It would not help at all. A remote exploit is not a virus, it's simply a way of executing code. Now, the code the attacker may execute might install a virus. If the virus scanner was familiar with that virus (or how it hooks into the OS boot proceedure), then it might be able to detect it. Maybe. However, there aren't any viruses for the windows mobiles platform yet, so there is nothing to look for. It's nice to see Symantec working hard to change that...ought to be good for their sales. :D Here's what the code probably looks like in all the existing scanners. Remember, there's nothing for them to look for at the moment. while(true) { doNothing(); sleepAWhile(); } Firewalls on the other hand are a different matter, but the last time I scanned my phone nothing showed up. No running services = no exploits. Microsoft learned that one the hard way years ago. Link to comment Share on other sites More sharing options...
Recommended Posts