Tag Archive: Smartphone


Microsoft’s range of Windows Phone devices suffer from a denial-of-service attack that allows attackers to disable the messaging functionality on a device.

The flaw works simply by sending an SMS to a Windows Phone user. Windows Phone 7.5 devices will reboot and the messaging hub will not open despite repeat attempts. We have tested the attack on a range of Windows Phone devices, including HTC’s TITAN and Samsung’s Focus Flash. Some devices were running the 7740 version of Windows Phone 7.5, others were on Mango RTM build 7720. The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages. The bug is also triggered if a user sends a Facebook chat message or Windows Live Messenger message to a recipient.

The flaw appears to affect other aspects of the Windows Phone operating system too. If a user has pinned a friend as a live tile on their device and the friend posts a particular message on Facebook then the live tile will update and causes the device to lock up. Thankfully there’s a workaround for the live tile issue, at initial boot up you have a small amount of time to get past the lock screen and into the home screen to remove the pinned live tile before it flips over and locks the device.

Both Apple and Google have suffered from SMS bugs with their iOS and Android devices. Security researcher Charlie Miller discovered a flaw in the iOS 3.0 software that allowed attackers complete control over an iPhone at the time. Android-based phones also suffered in the SMS attack, but attackers could only knock a phone offline rather than gain full access. The attack described in this article does not appear to be security related. It appears, from our limited testing, that the bug is related to the way Windows Phone handles messages.

Khaled Salameh discovered the flaw and reported it to us on Monday. WinRumors is in the process of disclosing the bug directly to Microsoft privately in co-operation with Khaled. At this stage there doesn’t appear to be a workaround to fix the messaging hub apart from hard resetting and wiping the device. Please see the video below for a demonstration.

 

 

Source: WinRumors

Get Safe Online says that there has been an increase in smartphone malware as the market has grown.

Criminals are typically creating Trojan copies of reputable apps and tricking users into installing them.

Once on the phone, the app can secretly generate cash for criminals through premium rate text messages.

Get Safe Online, a joint initiative between the government, police and industry, said it was concerned that users of smartphones, such as Android devices, were not taking steps to protect their devices.

Get Safe Online said fraudsters are designing apps which generate cash secretly in the background without the owner realising until their monthly bill.

A typical scam involves an app designed to send texts to premium rate services without the user knowing.

Apps can appear to be bona fide software or sometimes masquerade as stripped down free versions of well-known games.

Rik Ferguson, a hacking researcher with internet security firm Trend Micro, said: “This type of malware is capable of sending a steady stream of text messages to premium rate numbers – in some instances we’ve seen one being sent every minute.

“With costs of up to £6 per message, this can be extremely lucrative. The user won’t know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device’s back-end infrastructure.”

Online banking

Another major security firm, Symantec, recently warned in its annual threat assessment that Android phones were at risk and that it had found at least six varieties of malicious software.

Minister for Cyber Security Francis Maude said: “More and more people are using their smartphone to transmit personal and financial information over the internet, whether it’s for online banking, shopping or social networking.

“Research from Get Safe Online shows that 17% of smartphone users now use their phone for money matters and this doesn’t escape the notice of criminals.”

Tony Neate, head of Get Safe Online, urged people to check their phone’s security.

“Mobile phones are very personal. I have talked to people who are never more than a yard away from their mobile phone. Because of that attachment, they start to think that they are in a way invincible.

“It’s the end user that picks up the tab – it’s your phone that incurs the costs. Whether you have pay-as-you-go or a monthly account, that money is going to come from the account and go to the criminal.”

Source: BBC News

If another group was trying to take on Android and Apple’s iOS on smartphones and tablets, I’d dismiss them. RIM, BlackBerry’s parent company, is having a heck of a time getting anyone to buy into PlayBook and while HP TouchPad users loved it,HP killed the TouchPad after only a few weeks. So, why should anyone think that KDE, makers of one of the two most popular Linux desktops, should stand a chance with Plasma Active? Well, because KDE has a long history of delivering the goods with minimal resources.

So what is it? Plasma Active is not, like Android, iOS, or webOS, an operating system. It’s a KDE 4.x style interface and application programming interface (API) designed for touch devices. The Plasma Active Team states that “Plasma Active is innovative technology for an intelligent user experience (UX). It is intended for all types of tablets, smartphones and touch computing devices such as set-top boxes, smart TVs, home automation, in-vehicle infotainment. The goals for this KDE open source project are:

  • A fast embedded UX platform with minimal memory requirements
  • Customizable and modular to support different form factors
  • An interface that adapts as users change Activities.

In their GrandMaster Plan, the developers go into more detail about how they’ll do this: “Plasma Active runs on the proven Linux desktop stack, including the Linux kernel, Qt and KDE’s Plasma Framework. The user interface is designed using Plasma Quick, a declarative markup language allowing for organic user interface design based on Qt Quick. Plasma Active uses existing free desktop technology and brings it to a spectrum of devices through a device-specific user interface. Classical Plasma Widgets can be used on Plasma Active as well as newly created ones. The key driver for the development of Plasma Active is the user experience. Collaboration is made easy through high-level development tools and a well defined process. ”

“The first release of Plasma Active fully focuses on tablet computers. Plasma Active Tablet’s user experience is designed around the web, social networks and multimedia content.” Today, Plasma Active runs on MeeGo and the openSUSE-based Balsam Professional (German language site). There are also OS images for Intel-based tablets, and package builds for ARM and x86 platforms. The group is working flashable images for ARM platforms. The interface will also run on Oracle’s VirtualBox virtual machine. If you want to try it you can find downloads and instructions at the Plasma Active Installation page.

According to Sebastian Kügler, one of Plasma Active’s leading developers Plasma Active is “certainly meant as a replacement for iOS and Android, a completely open, community-driven project with strong backing by a group of (SMB-sized) businesses. We hope this appeals to many hardware vendors, and have in fact already started talking with some. The feedback so far was very good, and the concepts seem to appeal with potential partners. There is definitely demand for an open system without lock-in in the market for devices.”

Kügler also told me that they “have started investigating Tizen, [Intel and the Linux Foundations’ proposed replacement for MeeGo] but at this point, there is too little information out, and too many unknowns. We do see Tizen as a potential and likely target platform, but before Intel and Samsung release an SDK, our hands are tied. It’s not stopping us, since in the meantime, we can still run our stuff on MeeGo and Balsam, and we are investigating, together with the Mer team [Another mobile Linux operating system] how to get Plasma Active onto Mer.

That’s all well and good but does KDE have any industry support for this? Kügler replied, “My employer, open-slx backs this project, and we are actively working towards creating a wider ecosystem of companies around Plasma Active, to make good commercial support available, next to the community resources. This includes OEMs, ODMs and companies that can deliver support around Plasma Active, for example integration with new hardware platforms, support for custom-build OS images, 3rd party software, end-user support, etc.”

To that, I might add that unlike other such mobile projects, KDE starts with a large number of open-source applications that already run with it. That’s an advantage that neither RIM nor HP had. Personally, it’s hard for me to see a competitor to Android or iOS getting traction, but I’ve learned over the years not to bet against the KDE team.

Source: ZDNet

Hackers have planted viruses in video games for smartphones running on Microsoft Corp’s Windows operating system, according to a firm that specializes in securing mobile devices.

The games — 3D Anti-Terrorist and PDA Poker Art — are available on sites that provide legitimate software for mobile devices, according to John Hering, CEO of San Francisco-based security firm Lookout.

Those games are bundled with malicious software that automatically dials premium-rate telephone services in Somalia, Italy and other countries, sometimes ringing up hundreds of dollars in charges in a single month.

Those services are run by the programmers who built the tainted software, Hering said on Friday.

Victims generally do not realize they have been infected until they get their phone bill and see hundreds of dollars of unexpected charges for those premium-rate services, he said.

Hackers are increasingly targeting smartphone users as sales of the sophisticated mobile devices have soared with the success of Apple Inc’s iPhone and Google Inc’s Android operating system.

Officials with Microsoft could not immediately be reached for comment.

Source: Yahoo! / Reuters (Boston)