Linked by HAL2001 on Wed 23rd Feb 2011 23:58 UTC
Privacy, Security, Encryption A new variant of spyware "Spy.Felxispy" on Symbian devices causing privacy leakage has recently been captured by the National Computer Virus Emergency Response Centre of China. According to NetQin Mobile, there are more than a dozen variants of the spyware since the first was spotted, and the latest has affected 150,000+ devices. Once installed, the spyware will turn on the Conference Call feature of the device without users' awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.
Order by: Score:
Phones are easy to pwn
by sigzero on Thu 24th Feb 2011 01:57 UTC
sigzero
Member since:
2006-01-03

"Other" phones are just as easy. No code signing. No sandboxing. Security Fail.

Reply Score: 2

Gee, and I just bought a symbian phone...
by Almafeta on Thu 24th Feb 2011 02:31 UTC
Almafeta
Member since:
2007-02-22

I thought being unable to install applications would make it free from spyware. No such luck. Time to research vectors and defenses...

Reply Score: 2

Neolander Member since:
2010-03-08

You can install applications on symbian phones. In fact, it's the platform where you have most power in this area, atm.

I would also like to know more about this vulnerability. Did people voluntarily install anything ? Did they disable some security features ? If it's an app trusted and installed by the user, it's different than if it's a sneaky app which installs through the web browser without the user knowing.

Edited 2011-02-24 07:33 UTC

Reply Score: 2

Radio Member since:
2009-06-20

Did people voluntarily install anything ?
Yes, it seems to be the case. "The privacy stealers usually install the spyware on the phone or send MMS containing the spyware to users to lure them to click. " in the article, "According to NetQin, the cybercriminals usually install the spyware on the phone by sending an MMS containing the spyware to users to lure them to click." in http://www.securityweek.com/new-variants-old-symbian-mobile-spyware... .

So it is still the user's fault more than symbian's fault, but keeping the user safe from his own idiocy/flaws is becoming more and more a good security feature...

Reply Score: 2

darknexus Member since:
2008-07-15

I thought being unable to install applications would make it free from spyware. No such luck. Time to research vectors and defenses...


Wow, what Symbian version do you have? S40? I assure you, on Symbian smartphones, you most certainly can install apps. In fact, it was one of the first mobile platforms where this was possible and is still the most open one in terms of what you're allowed to do without hacking it.

Reply Score: 2

Almafeta Member since:
2007-02-22

Wow, what Symbian version do you have? S40? I assure you, on Symbian smartphones, you most certainly can install apps. In fact, it was one of the first mobile platforms where this was possible and is still the most open one in terms of what you're allowed to do without hacking it.


Most can, this one barely has enough storage to store a few dozen text messages.

Reply Score: 2

Be more specific
by darknexus on Thu 24th Feb 2011 05:56 UTC
darknexus
Member since:
2008-07-15

What variant of Symbian are we talking about here? S40, S60, Symbian^3 (the latter two are closely related but not identical)? Trouble with Symbian is you can't just say Symbian and leave it at that. There are several branches of it.

Reply Score: 3

Welcome to a new world
by vodoomoth on Thu 24th Feb 2011 16:07 UTC
vodoomoth
Member since:
2010-03-30

To stay safe, NetQin experts give the following tips in using your phone:
...
4. Install a trusted security application to protect your phone from security threats.

What a lovely world this will be for Symantec and their ilk!

Reply Score: 2

Symbian anti virus
by fran on Thu 24th Feb 2011 19:42 UTC
fran
Member since:
2010-08-06

I know Anti-Virus is a swear word to some, but there is some long establish Anti-Virus solutions for Symbian.
Yes, it's not a silver bullet, but it sure helps.
Only thing is, Symbian anti virus solution providers...how long will they commit to these products on Symbian given uncertainty about it's future.

Reply Score: 2

just wondering
by NotGoingDumb on Sat 26th Feb 2011 13:17 UTC
NotGoingDumb
Member since:
2011-02-26

Who is going to listen to 150,000+ devices?
I understand that the purpose of the exploit was "Once installed, the spyware will turn on the Conference Call feature of the device without users' awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation."

This is junk news spread by antivirus manufacturers to sell their mobile products.

Reply Score: 1