Symbian S60 SMS Exploit

If your phone uses Symbian S60 (see the list below) then it’s vulnerable to a new threat some people are calling the curse of silence.

It happens when someone sends you a specially formatted SMS. Some phones that receive this special SMS stop working properly – they won’t receive any more SMSs (it crashes the SMS messaging system inside the phone).

On some phones this means it just doesn’t receive any more messages and it won’t tell you there’s anything wrong. On other phones there will be a message that says:

Not enough memory to receive message(s). Delete some data first

The SMS that causes this to happen can’t be seen in the phone’s inbox, so you can’t delete it.

Turning the phone off and on sometimes lets you receive one message before it stops working again – this seems to vary depending on the phone model.

It’s also good to know that making and receiving calls still works.

What can you do?

It’s not a common problem yet and hopefully it won’t become one. For now it requires someone to send you the special SMS – it doesn’t spread by itself like viruses do.

It’s also a good idea to make a backup of your phone’s data now before anything bad happens. Some phones have an option to do this easily. Consult your phone’s instruction manual for more info.

If your phone is affected your choices are fairly limited at the moment.

  • You can perform a hardware reset on the phone. You will lose all data on the phone if you do this (phone book, messages, most probably photos, etc). Think carefully before doing this.
  • Phone manufacturers might release a firmware fix soon. Nobody’s promised anything yet.
  • Contact the company you bought the phone from, they might be able to help.
  • A security company called F-Secure has an antivirus package for mobile phones that they say can fix the problem. They also have a 7 day free trial that you could try. Apparently you need to download their program directly from the phone. Link here: http://mobile.f-secure.com/downloads/trial/index.html

More Info:

There’s a video on YouTube that demonstrates how it works. Link here.

Phones at risk:

Nokia: E63, 5800, N85, N79, E66, E71, 5320, 6220, N78, N96, 6210, N82, E51, N81, N95, 6121, 6120, 5700, N77, E90, E61i, E65, 6110, N76, N93i, 6290, N75, E62, E50, 5500, N93, N73, N72, N92, N71, N80, E70, E61, E60, 3250, N91, N70, N90, 6682, 6681, 6680, 3230, 6670, 6630, 6260, N-Gage QD, 7610, 6620, 3660, 3620, 6600, 3600, N-Gage, 3650, 7650

LG: KT615, KT610, KS10

Samsung: I7110, INNOV8, SGH-L870, SGH-G810, SGH-i560, SGH-i550, SGH-i450, SGH-i400, SGH-i520, SGH-D730, SGH-D720

Panasonic: X800, X700

Lenovo: P930

Siemens: SX1

Fake Twitter Site

Recently people have been receiving a message in Twitter that says something like

hey! check out this funny blog about you…
hxxp://t w i tter.access-logins..com

The link takes you to a page that looks a lot like the Twitter login page. If you try typing in your Twitter username and password it records it in a private database. Later someone will log into your Twitter account using your password and start sending out message like the one above.

Many people have one password for many sites, so once they have your Twitter account they could later try other services (e.g. Facebook).

If you use Twitter and see the above message just ignore it. Don’t click on the link.

Some web browsers (such as the latest version of FireFox and the latest version of Opera) will now detect this fake site and show you a large warning. A good antivirus package will also detect these sites and block them.

And if you think you’ve already fallen for this change your passwords.

Mobile Spy on iPhone

surveillance camera This one of those legal spyware programs I mentioned recently. Mobile Spy is used to secretly record SMS and calling data on a phone. It already existed for Symbian and Windows Mobile phones – now it’s available for iPhones.

They claim it runs in a stealth mode to make it difficult to detect. It silently records all SMS text messages and information about all calls. It then uploads this information to a private account on the web.

Apparently future versions of this program will also capture GPS information and details of any emails sent or received.

Why is this legal?

I can’t really comment on the legal side, and it would be different in each country. The company that makes it, Retina-X Studios, is selling this product to worried parents or employers to monitor their children/staff.

How is it installed?

Someone has to have physical access to the iPhone to install it. They need to purchase the program (US$99), and it seems the phone needs to be "jailbroken" – a hack that voids the phone’s warranty.

How can you prevent it?

Firstly, don’t lend your iPhone to people or leave it lying around.

I’m not aware of any anti-virus programs for the iPhone that detects this yet but I have my bets on F-Secure, they’re fully aware of what’s happening here. I’ll post an update when something new comes up.

Critical Update for Internet Explorer

Microsoft’s Internet Explorer is used by over 500 million people (all Windows PCs have this). A vulnerability was recently discovered and today Microsoft has released a patch to fix it.

It’s important for everyone to apply this patch (Windows users only). Run Windows Update to receive the new patch, or if your PC is configured to update automatically just follow the prompts that will appear today.

mines The vulnerability is activated when you visit a web site that’s been hacked. So far 10,000 hacked web sites have been discovered that will use this vulnerability to install malware on the PC viewing it.

The odds of infecting your PC from browsing innocent web pages are fairly high so apply the patch now. If you need help Microsoft’s security page has some useful links, http://www.microsoft.com/australia/security/default.mspx

Opening Documents

Can you get a virus by opening a .DOC file? How about .RTF or .WRI? Yes, even if you don’t have Word installed.

On Windows these files are traditionally opened by Microsoft Word, and if you don’t have Word installed Windows uses WordPad to open these files.

A new exploit has been found that attacks WordPad. This affects most Windows users, in particular those who don’t have Word or Office installed.

How it works:

  • You see a link to open a document, or you receive an email with a document attached.
  • You open the file (the file name ends with .doc, .rtf, or .wri)
  • It opens a connection across the internet for a hacker to log onto your computer
  • The malicious hacker can do anything from your computer, such as installing more malware, using your computer to commit other crimes, or just watching what you do on your PC.

What you can do to avoid this:

  • Perform regular Windows updates. Microsoft will be publishing a patch to fix this problem soon.
  • Use a good anti virus package. This attempts to prevent you from downloading infected files.

Microsoft has published a document on this vulnerability here.

Multi Function Anti Malware Toolkit

Anti-Malware Toolkit is a package produced by Lunarsoft. It helps you download 37 different tools you can use to protect your PC from all kinds of malware. A few of the tools it can install are quite useful, such as:

Spyware Blaster, CCleaner, RogueRemover, SUPERAntiSpyware, Malwarebytes, Spybot, Hijack This

multi_function_knife I’d recommend this to more experienced PC users. General users are better off investing in commercial products, such as Trend Internet Security (there are a few good packages out there, Trend is just one). I say this because commercial products do most of the thinking for you and for a lot of people security is better this way.

The Anti-Malware toolkit can be downloaded from Lunarsoft’s site: http://www.lunarsoft.net/downloads

Note that it’s for Windows computers only.

Malicious Firefox Add-On

One of the best things you can do to avoid falling victim to malware is to use an alternative browser.

poppies Microsoft’s Internet Explorer (IE) is very popular. Not long ago almost everyone used IE, it comes setup with almost every new PC sold (Windows PCs). And malware writers targeted IE because they could attack a majority of users just by concentrating on exploiting one browser. You could call it tall poppy syndrome.

Today Firefox is extremely popular. It’s gone from a small minority of people using it to an amazing 44% (depending on which statistics you read – I used this one). This makes for a fairly large demographic, and malware writers are taking notice.

There’s a new trojan that hides in a Firefox add-on. Once installed it waits for you to go to an online banking site. When it detects that you’re using online banking it starts recording your actions (account details, your password). Then it sends this off to cyber criminals who auction off your details and eventually someone can log into your online banking and transfer money. This isn’t good.

There are a few things you can do to avoid this:

  • If you want to install an add-on for Firefox, make sure you get it from a well known site. This is the official Mozilla site for Firefox add-ons: https://addons.mozilla.org/en-US/firefox/
  • Use a good anti-virus package (it’s a small investment you make to protect your PC). Make sure it’s kept up to date.
  • Once a web browser becomes too popular it’s time to start looking at less mainstream alternatives. At the moment you should consider Opera, Safari and Chrome (these are available for all the popular platforms)

In summary, Firefox is a very secure browser. It’s also fast and powerful, explaining why it’s become so popular. You just shouldn’t take its security for granted. Most malware infections happen when users are tricked into clicking something they shouldn’t have.

Keyloggers

A keylogger is a small program that sits on your PC quietly capturing each key you press on your keyboard. It either logs each keystroke to a file, or sends it off somewhere on the internet.

It’s used to spy on people. By capturing keystrokes your login and password can be revealed, as well as other confidential information. And usually they’re what’s known as “stealthy” programs – most of the time you wouldn’t know it’s there.

Where do they come from?

There are quite a few keyloggers available. Most are written by hackers (the bad kind). A few are written by commercial software companies (more on that below). 

Are they legal?

Usually no. They’re used as spyware to capture your passwords which is illegal in most places.

How can you detect them?

Use a good anti-spyware program. Most antivirus packages come with this feature these days, others are available separately. There are free ones too. Search Google for current a list.

But there’s another kind of keylogger that you can’t detect this way. You can buy a little plastic device that plugs in between your keyboard and your PC. Since it’s directly connected to the cable hanging off your keyboard it can detect every key stroke and record it. Someone has to have physical access to your PC to install it (and to later remove it). You need to look at the back of your PC where the kayboard plugs in to detect it. Search here for a list of these devices.

News

Recently a US court has looked at a commercial keylogging company called CyberSpy and decided it’s illegal. They’ve ordered CyberSpy to stop selling their software (called RemoteSpy). Unfortunately there are too many alternatives for people keen on spying and stealing passwords. More on this here.

Key Duplication

Here’s an interesting use of technology to copy someone’s keys (the metal kind that opens doors). It works with someone taking a hi res photo of your keys, then enhancing the image enough to make a template for someone to cut a copy of a the key.

What kind of photos will work?

Useful photos can be found on photo sharing web sites (such as Facebook or Flickr). This is a passive way for someone to find an image of your keys.

Another tactic is for someone to target you with a camera phone, taking photos of your keys while you hold them. Or with a camera and a telescopic lens, from 200 feet away as the article below suggests.

This isn’t really a new trick, but the software to do all the hard work is new. Technology like this only gets better so it’s time to learn how to protect yourself.

Some tips:

  • If you upload photos showing your keys then take the time to blur the keys first. This is similar to how you would blur your car number plate, or a credit card
  • Don’t display any keys in public. It wouldn’t be hard to obscure them with your hands
  • If you have a choice (such as when purchasing a car) opt for something that uses RFID chips embedded in the keys (many cars have this these days)

Read more about the technique here, and read the full paper here.