Who Needs Mobile Viruses - We Have Nokia & SE

Bluefrog

Don't know how many of you have seen this yet but I thought it would interest many here. It concerns a bug discovered in the way some Nokia and SE phones process certain SMS messages.

http://www.theregister.co.uk/2009/01/02/cat_keynes_nokia_silence/

Bob the Builder

Brilliant. My phone is also an affected Nokia. *sigh*

Blackdragon

Suggest you read this entry: -
http://www.allaboutsymbian.com/news/item/8714_Obscure_SMS_bug_no_need_to_pan.php

No need to make this into more than it is - Its a simple bug that is not going to effect the majority of us and is cured by a hard reset of the device.

If your at all concerned make a back-up of your phones data now.
Even without a backup, being hit is not the end of the world.

Just create a backup once hit (but do not backup your messages).
Worse case scenario - you lose a few messages. But again, unlikely to even effect you.

strecker

Blackdragon wrote: »

Suggest you read this entry: -
http://www.allaboutsymbian.com/news/item/8714_Obscure_SMS_bug_no_need_to_pan.php

No need to make this into more than it is - Its a simple bug that is not going to effect the majority of us and is cured by a hard reset of the device.

If your at all concerned make a back-up of your phones data now.
Even without a backup, being hit is not the end of the world.

Just create a backup once hit (but do not backup your messages).
Worse case scenario - you lose a few messages. But again, unlikely to even effect you.

Thanks for that!
Common sense!

Creamy Goodness

not a big deal?

it's pretty huge tbh.

now i'm not saying don't take a backup now - everyone should do that on a regular basis - but after seeing how easy this trick is to pull off and the sheer amount of phones effected by it, i'd be a pretty pissed off nokia customer tbh.

strecker

Btw: don't make a back-up when you think your phone's affected! You will back-up the curse in the process
Anyway,
here's some more less panicky info:
http://www.symbian-freak.com/news/008/12/malware_hits_s60_3rd_ed.htm
I agree that Nokia's 'silence' about this is bad!
Still...
Somehow I can't get excited about this...

strecker

P.S.
O.p., can you amend your 1st post!
The attack can affect Sony Ericsson UIQ phones as well
SE have been quiet about this as well... And it makes me wonder about Samsung's S60 handsets!!!

Bluefrog

If you fail to be excited by this then I suggest you conduct a little poll today of everyone you see and ask them do they know how to backup their phone at all, never mind without backing up messages. Ask them when they did their last backup and also ask them do they know how to hard reset their phones or if they even know what that means. In my experience most people just toddle along and expect their phone to work and find it immensely disruptive when it doesn't.

While it may not be a mobile doomsday issue and it was not my intention to cause panic (nor do I detect that sentiment in the piece I pointed to from the Register), it does have the potential to affect a lot of people and without many of them knowing - at least initially. The economic cost of such a disruption is potentially huge with many businesses, my own included using SMS for key business functions such as in automated alert systems.

The issue becomes even more 'exciting' when you see how easy it is to craft and send the attack message. The current resolution to the problem means that you have no way of knowing who sent the attack message as the 'cure' involves deleting it.

Nokia market many of the affected devices as multi-media computers so how would we feel if for example Microsoft kept quiet about a public known bug in Outlook that meant that if you receive a malformed email you will not receive any more emails and furthermore to receive emails in the future you must reinstall your operating system.

If nothing else this shows how woefully inadequate the current systems are for protecting consumers' devices.

elderlemon

except thats its a lot more difficult for ANY mobile phone maker to deliver fixes to handsets. Getting to a desktop is easy but how do you get firmware updates to your moms phone? She's doesn't sync, doesn't connect to the net.

Am I worried? No. in the unlikely event I receive one of the messages a hard reset will fix it. Secondly most of the sms software providers (those that provide the sms infrastructure to the operators) are providing fixes to stop the corrupting sms even being delivered to the handset in the first place.

Bluefrog wrote: »

If you fail to be excited by this then I suggest you conduct a little poll today of everyone you see and ask them do they know how to backup their phone at all, never mind without backing up messages. Ask them when they did their last backup and also ask them do they know how to hard reset their phones or if they even know what that means. In my experience most people just toddle along and expect their phone to work and find it immensely disruptive when it doesn't.

While it may not be a mobile doomsday issue and it was not my intention to cause panic (nor do I detect that sentiment in the piece I pointed to from the Register), it does have the potential to affect a lot of people and without many of them knowing - at least initially. The economic cost of such a disruption is potentially huge with many businesses, my own included using SMS for key business functions such as in automated alert systems.

The issue becomes even more 'exciting' when you see how easy it is to craft and send the attack message. The current resolution to the problem means that you have no way of knowing who sent the attack message as the 'cure' involves deleting it.

Nokia market many of the affected devices as multi-media computers so how would we feel if for example Microsoft kept quiet about a public known bug in Outlook that meant that if you receive a malformed email you will not receive any more emails and furthermore to receive emails in the future you must reinstall your operating system.

If nothing else this shows how woefully inadequate the current systems are for protecting consumers' devices.

Jonathan

Meh no big deal.. I have an E51 and experience this once or twice a week. This is because i have all of my emails forwarded to my phone as MMS.

A quick restart solves the problem.

strecker

Bluefrog wrote: »

If you fail to be excited by this then I suggest you conduct a little poll today of everyone you see and ask them do they know how to backup their phone at all, never mind without backing up messages. Ask them when they did their last backup and also ask them do they know how to hard reset their phones or if they even know what that means. In my experience most people just toddle along and expect their phone to work and find it immensely disruptive when it doesn't.

While it may not be a mobile doomsday issue and it was not my intention to cause panic (nor do I detect that sentiment in the piece I pointed to from the Register), it does have the potential to affect a lot of people and without many of them knowing - at least initially. The economic cost of such a disruption is potentially huge with many businesses, my own included using SMS for key business functions such as in automated alert systems.

The issue becomes even more 'exciting' when you see how easy it is to craft and send the attack message. The current resolution to the problem means that you have no way of knowing who sent the attack message as the 'cure' involves deleting it.

Nokia market many of the affected devices as multi-media computers so how would we feel if for example Microsoft kept quiet about a public known bug in Outlook that meant that if you receive a malformed email you will not receive any more emails and furthermore to receive emails in the future you must reinstall your operating system.

If nothing else this shows how woefully inadequate the current systems are for protecting consumers' devices.

Now why would I do that, start a poll!???
For years people have been f*cked by dodgy sms because they just can't stop themselves from reading any old sh*t delivered to their phones by g*d knows whom - you don't need a poll for that; just browse forums for 1 hour!

If people don't bother doing back ups, I can't possibly care... Yes, it's a shame to lose sth, but hey: at work I see people daily who store their cred card numbers on their phones, and the phones pin on a sticker on their credit card, and they don't know their own phone number! A poll(there...) last year revealed that 70 pc of users don't know what make or model they use!!! Is that nokia's fault? Sony Ericsson's? Should I lose sleep?

The place where I work relies heavily on pc's and internet - yet, when I started I found that for 2 years prior they'd been without anti virus or firewall, they have no backups etc etc...

There is only so much the phonemakers can do - elderlemon made some good points.
Could they do better? Sure! I hate rushed releases, and the promise of future fw-fixes while we are guinea pigs. I generally avoid fw updates! If a phone I buy doesn't work, I return it! I don't wait for a magical fix! If I get an sms, email or phonecall from an unknown, I ignore and delete! Any critical work on computers I do on a machine that is NEVER ever connected to the web, and has indeed all related services disabled!

Yet, others have thousands of contacts, sms etc stored on their phones...

If that would get me excited, where would I have 'space' for outrage about Gaza or Guantanamo or Bank Bailouts?

People are people! They will open and download and install any sh*te... Hoping for some validation of their existence or free porn... What can you do?
SEE the lengths people go to to get youtube on their phones when they don't even have a data plan, nor 3g nor wifi??? And then they cry about phone bill robbery!
What can Nokia do about that?!

People use russian opera mibi hacks for online banking. What can Nokia do?

I'm all Zen

Bluefrog

What can Nokia do about that?!

What people do with their phones and the risks they expose themselves to is a bit off topic. In this case you don't have to actively engage in anything but normal behavior to suffer. So here is what Nokia can do. They can inform customers in a prompt and timely fashion that there is a potential problem and that they undertake to rectify the situation ASAP.

And yeah, I realise that there are different challenges to be overcome to keep phones secure as opposed to PC's. I can't help thinking though that in the rush to increase the computing power of these devices that little if anything has been learned from the history of PC security To me it seems that phone manufacturers are much more concerned about the security of the intellectual property they put into the software on the phone than they are about the safety of end-users' data.

And yes, it would seem the operators have a role in this particular case to filter out the attack messages but how do we know they are? Also, technically an email address of over 32 characters isn't normally considered malformed. Do we bend established email specifications indefinitely hoping that Nokia and SE move to address this problem?

strecker

I agree that the rush-hurry-release competitiveness causes a lot of problems - I said as much in the fw-update bit of my last post.
And I do agree that Nokia and other s60/uiq makers could be more open; inform the public, yes!
(btw, you still haven't changed the title! It IS a symbian flaw, not just Nokia!!! If you're concerned for people's good, warn them all, otherwise it looks like nokia bashing)
So, no, you're not wrong to be angry! I had a p990 once. I know about bad bad bad manufacturer support
I just said I can't get bent out of shape over this. There are so many risks using web and phones, not to mention that any f-secure press release makes me laugh! (oops, sorry)
But all manufacturers are ruthless.
Tesco would be empty if manufacturers were open with the public! Yes, I am a cynic!