BBC News releases Smartphone Malware… deliberately - gHacks Tech News

BBC News releases Smartphone Malware… deliberately

No, the BBC isn't trying to subsidise its coffers by branching out into cyber-crime.  As an experiment the British public-service broadcaster wants to know just how secure smartphones really are.

The malware takes the form of a game that spies on the smartphone's owner and was built using the standard software toolkits that are available  to everyone.  In a report on the experiment today, Experts says that this makes the malware much harder to spot.

There is evidence that criminals are now beginning to target smartphones with their complete lack of virus protection, in order to gain personal details that can be used for identity theft and other crimes.

Chris Wysopal, the co-founder and head of technology at security firm Veracode, who helped the BBC develop its malware, said that smartphones are not at the point PCs were at in 1999, at the birth of the popular internet.

"At that time malicious programs were a nuisance. A decade on and they are big business, he said, with gangs of criminals churning out malware that tries to steal saleable information."  He said.  "Mobiles offered a potentially more tempting target to those criminals."

Simeon Coney, of mobile security form Adaptive mobile said...

"In a mobile network the device is intrinsically linked to a payment plan, to a user's credit," he said. Nothing happens on a mobile network, no call is made or text is sent, without money changing hands.  Criminals have tapped into that revenue stream by getting phone owners to dial or contact premium rate numbers. Now they are turning their attention to applications and the lucrative information they scoop up."

The Java application from the BBC was put together in only a few weeks and  gathered contacts, text messages and also gathered the phones' location.  IT then sent this information to a specially set-up email address.

The malware was only 250 lines of code, with the entire program only 1500 lines of code.  The BBC say in their report that there can be benefits to the way some phone OS manufacturers vet programs.  Apple vets every program for the iPhone and iPad and Blackberry maker RIM and Google can easily switch off malicious applications through use of a code-signing system.  Microsoft's Windows Phone 7 operating system will also see all programs vetted.

The last time the BBC conducted an experiment like this they took control of a botnet, but when the experiment was over left a message on the screens of the infected PCs worldwide and instructed the botnet to self-destruct.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Alan said on August 10, 2010 at 1:35 pm
    Reply

    Seeing this news makes me wish that the BBC were a cyber-policing force, especially the old botnet, which I must have missed when it happened.

    This isn’t quite public disclosure, but it’s very close, and I think it should give all the smartphone (OS) makers a kick-start into taking security seriously.

    Microsoft added an anti-virus/malware plugin to Windows Live Messenger at around version 8 (?), and BitTorrent Inc. have added BitDefender scanning support to µTorrent. Both these channels are often used to distribute malware, and I hope the smartphones follow suit.

  2. zahid said on October 29, 2010 at 7:53 am
    Reply

    bbc is the only one tv channel which is offering good news to the viewers

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.