SMS Virus Penetrates Symbian Phones
January 5, 2009 by Meraj Chhaya
Filed under Symbian OS
Heavily-fortified Symbian smartphones have been hit by a virus spread by SMS. The code crashes the Messaging functionality, leaving the rest of the phone fully-functional, according to F-Secure.
The Denial-of-Service attack, now entitled "SMS Curse of Silence", was discovered by Tobias Engel at the 25th Chaos Communication Congress, held on the 27th December 2008 until the 30th December 2008.
The smartphones found to be vulnerable to this exploit are the ones running UIQ platforms, S60 2nd Edition Feature Packs 2 and 3, 3rd Edition and 3rd Edition Feature Pack 1. Newer software platforms such as 3rd Edition Feature Pack 2 and 5th edition are not vulnerable to this bug, which leads to the question of why Nokia did not fix the older phones.
Samu Konttinen, Vice President of the Mobile Business Unit at F-Secure said, “Performing the attack does not require technical expertise, and due to this, there is a risk of it becoming a nuisance. We have already provided a security update to this threat to our F-Secure Mobile Security customers.”
Unlike older viruses, this one does not send SMS or MMS to premium numbers, but just disables the SMS program altogether.
Press release after the break.
[via Cellular-News]
[Image: Conita]
F-Secure Mobile Security protects against a Denial-of-Service exploit that could affect popular smartphone models. The “SMS Curse of Silence” can crash the SMS function of the phone, meaning users cannot receive new text messages.
Helsinki, Finland – December 31, 2008: A new exploit for a wide range of Symbian OS-based smartphones was made public last night. This exploit has been dubbed the “SMS Curse of Silence” by Tobias Engel, who discovered and disclosed the exploit at the 25th Chaos Communication Congress.
The exploit can make the text messaging function of the affected phone unusable. Affected phones cannot receive SMS text messages. Smartphones that can be attacked this way include UIQ devices and S60 2nd Edition Feature Packs 2 and 3, 3rd Edition and 3rd Edition Feature Pack 1. S60 3rd Edition Feature Pack 2 or 5th Edition phones are not affected.
The Denial-of-Service attack consists of sending one, or depending on the phone model, several specifically formatted SMS messages to the smartphone being targeted. The messages crash the phone’s SMS system, but the phone remains functional otherwise. Older models do not show symptoms of the attack that would be visible to the user, however newer phones can show messages that the phone is running out of memory or experience constantly flashing message icons after the attack.
Samu Konttinen, Vice President of the Mobile Business Unit at F-Secure says: “Performing the attack does not require technical expertise, and due to this, there is a risk of it becoming a nuisance. We have already provided a security update to this threat to our F-Secure Mobile Security customers.”
The F-Secure Mobile Security solution protects against this exploit by detecting it and by repairing the phone so that users don’t lose the messages in their inboxes. The solution is available for all the smartphone models at risk. It can be downloaded directly to the phone by using the phone’s browser to access www.f-secure.mobi. There is a free 7-day trial version of F-Secure Mobile Security available.
F-Secure would like to thank Mr Engel for his cooperation in communicating his discovery in advance.
More information on the smartphone DOS exploit is available on F-Secure’s weblog at www.f-secure.com/weblog
derl on Wed, 7th Jan 2009 9:54 pm
I got this last week…and got the code used but dont want to post it here (or anywhere else) as it could be used again. The attack left my phone incapable of viewing inbox and then denied my battery a charge which rendered the phone useless. I know who sent it to me…but not sure what to do about it….