BBC News releases Smartphone Malwareâ€¦ deliberately
No, the BBC isn't trying to subsidise its coffers by branching out into cyber-crime.Â As an experiment the British public-service broadcaster wants to know just how secure smartphones really are.
The malware takes the form of a game that spies on the smartphone's owner and was built using the standard software toolkits that are availableÂ to everyone.Â In a report on the experiment today, Experts says that this makes the malware much harder to spot.
There is evidence that criminals are now beginning to target smartphones with their complete lack of virus protection, in order to gain personal details that can be used for identity theft and other crimes.
Chris Wysopal, the co-founder and head of technology at security firm Veracode, who helped the BBC develop its malware, said that smartphones are not at the point PCs were at in 1999, at the birth of the popular internet.
"At that time malicious programs were a nuisance. A decade on and they are big business, he said, with gangs of criminals churning out malware that tries to steal saleable information."Â He said.Â "Mobiles offered a potentially more tempting target to those criminals."
Simeon Coney, of mobile security form Adaptive mobile said...
"In a mobile network the device is intrinsically linked to a payment plan, to a user's credit," he said. Nothing happens on a mobile network, no call is made or text is sent, without money changing hands.Â Criminals have tapped into that revenue stream by getting phone owners to dial or contact premium rate numbers. Now they are turning their attention to applications and the lucrative information they scoop up."
The Java application from the BBC was put together in only a few weeks andÂ gathered contacts, text messages and also gathered the phones' location.Â IT then sent this information to a specially set-up email address.
The malware was only 250 lines of code, with the entire program only 1500 lines of code.Â The BBC say in their report that there can beÂ benefits to the way some phoneÂ OS manufacturers vet programs.Â Apple vets every program for the iPhone and iPad and Blackberry maker RIM and Google can easily switch off maliciousÂ applications through use of a code-signing system.Â Microsoft's Windows Phone 7 operating system will also see all programs vetted.
The last time the BBC conducted an experiment like this they took control of a botnet, but when the experiment was over left a message on the screens of the infected PCs worldwide and instructed the botnet to self-destruct.Advertisement