I've just seen Adam's post on the Full-Disclosure list. Apparently Sun has been informed but no Sun Alert is forthcoming. Considering that unlike the recent JRE XSLT issue the KVM is a harder to update. Most phones would require their ROMs reflashed, meaning a trip to the nearest cell technician or return to factory.
UPDATE: Acoording to a tecchannel interview , licensees(Nokia,Siemens, others) have been provided with a fixed reference implementation. So it is now up to the licensees to update their various products.
The presentation pdf was quite large so I've converted it to .chm format for ease of reading. From 53MB to a bit more than 8. Most of the work was automated with pdf2html and pngcrush and the Html Help compiler.
For those looking for the original pdf, it's currently available through Packetstorm and mirrors.
Monday, October 25, 2004
Friday, October 22, 2004
Adam Gowdiak's Research on J2ME Vulnerabliites
I never really looked at the Hack in the Box conferences;this year it was in Kuala Lumpur. The Register has an article mentioning Adam Gowdiak's presentation at the latest conference.
The PDF of his presentation comes in at about 53 MB(91 pages).
There was a also presentation on .net self compiling viruses .
I haven't gone through the whole thing yet, but here are some interesting quotes from the J2ME presentation:
on future threats -
on the rest of his research -
J2Me might be the "in" malware needed that bluetooth wasn't . I'm not sure how worried I'd be that "closed" mobile devices are at risk, as they usually lack in memory and additional networking capabilities compared to "open" systems. Still, anywhere from 3-6 months to find out. :)
* Hack in the Box is putting out videos of the conference via BitTorrent within the next 4 weeks.
The PDF of his presentation comes in at about 53 MB(91 pages).
There was a also presentation on .net self compiling viruses .
I haven't gone through the whole thing yet, but here are some interesting quotes from the J2ME presentation:
on future threats -
- The fact that there are more users of mobile devices than
PC’s makes it very attractive target for attackers and worm writers- It should be expected that remote vulnerabilities for
mobile devices will be published within next 6 months- Vendors and antivirus industry are not prepared for this kind
of threats (there are no means to protect users of the so called „closed” mobile devices against malicious code)- Open platforms (PalmOS, Symbian OS, Windows CE)
seem to be easier to protect, but they are also at the most risk.
on the rest of his research -
- Research paper with all the details including some
additional material that didn’t fit into this 90min talk will be
published in a couple of months
J2Me might be the "in" malware needed that bluetooth wasn't . I'm not sure how worried I'd be that "closed" mobile devices are at risk, as they usually lack in memory and additional networking capabilities compared to "open" systems. Still, anywhere from 3-6 months to find out. :)
* Hack in the Box is putting out videos of the conference via BitTorrent within the next 4 weeks.
Wednesday, October 06, 2004
On emulation
I've been looking into fx!32. Due to the nature of the Symbian emulator and the cost of actual hardware, this might be the most feasible/lazy way to analyze most malware. Sort of a phone-bochs. Of course, it's a different story for scanning.
The GBA emu scene is also useful .
The GBA emu scene is also useful .
F-Secure Releases Cabir Fixtool
F-Secure has finally released a fixtool for Cabir. It weighs in at about 11KB. Kapsersky still wins on size. :) The purpose of Thumb encoding is to reduce size with a tradeoff in speed.
Considering this is a fixtool speed is not that important. The tool does make it clear that it just removes Cabir from your system and it is not a general AV scanner.
Other fixtools are also available, as mentioned previously.
F-Secure's tool is available in two packages, with instructions or separately.
F-Secure blog
Considering this is a fixtool speed is not that important. The tool does make it clear that it just removes Cabir from your system and it is not a general AV scanner.
Other fixtools are also available, as mentioned previously.
F-Secure's tool is available in two packages, with instructions or separately.
F-Secure blog
Monday, October 04, 2004
Cabir in Singapore
F-Secure's blog is reporting news of Cabir in Singapore.
On a related note, I've just noticed that Trend Micro has an updated pattern file for their Pc-cillin for EPOC scanner. The scanner will only run on EPOC/Symbian devices. I have it installed on my Mako. Due to the EIKON dependency and perhaps STDLIB, the scanner will not run on the Series 60 phones.
The recent "outbreak" of Cabir in the Philippines is notable. Not so much for any infections but mainly for the rise of the Cabir disinfection business. Considering that people were willing to spend the cost of living equivalent of US$26+ to get rid of real and suspected infections. The scams were large enough to get press coverage outside of the Philippines. Looks like there is a business case for producing a Series 60 scanner. Especially if it's in your own backyard.
PC-cillin for Epoc sis (EPOC/Symbian ver 5 devices only)
Pattern file 349 (Cabir Detection added, file date July 26,2004)
Porting Psion Revo/5MX Applications to Series 60.pdf :)
On a related note, I've just noticed that Trend Micro has an updated pattern file for their Pc-cillin for EPOC scanner. The scanner will only run on EPOC/Symbian devices. I have it installed on my Mako. Due to the EIKON dependency and perhaps STDLIB, the scanner will not run on the Series 60 phones.
The recent "outbreak" of Cabir in the Philippines is notable. Not so much for any infections but mainly for the rise of the Cabir disinfection business. Considering that people were willing to spend the cost of living equivalent of US$26+ to get rid of real and suspected infections. The scams were large enough to get press coverage outside of the Philippines. Looks like there is a business case for producing a Series 60 scanner. Especially if it's in your own backyard.
PC-cillin for Epoc sis (EPOC/Symbian ver 5 devices only)
Pattern file 349 (Cabir Detection added, file date July 26,2004)
Porting Psion Revo/5MX Applications to Series 60.pdf :)
Subscribe to:
Posts (Atom)
Auto "Kill Switch", solving the wrong problem?
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...
-
A number of factors drive malware on new platforms. The chance for pure discovery and experimentation, the desire to be the first, a need to...
