[nfb-talk] Windows CE, Symbain Wide Open to Attack

[Christopher McMillan]

Windows CE, Symbian wide open to attack


Growing number of vulnerabilities turning up in both platforms

John E. Dunn   Today's Top Stories    or  Other Security Stories    
October 13, 2006 (IDG News Service) -- Windows CE is at an especially high risk of attack according to a new analysis of malware threats. 
Kaspersky Lab researcher Alexander Gostev has produced the report, it which it is noted that the mobile version of Windows remains wide open to software exploits compared to desktop versions, and allows easy programming access to core operating system functions.
Gostev refers to the growing number of vulnerabilities that have affected the platform, starting with the Duts proof-of-concept virus of 2004 that was able to exploit a security hole unknown to Microsoft, making it a zero-day flaw. "There's no doubt that these vulnerabilities exist. The question is only who will detect them first - a virus writer, or a white hat security researcher," said Gotsev. "The main environment used to develop malicious programs will be .Net, and a significant number of these viruses will exploit vulnerabilities in Windows CE."

Although rival Symbian is a harder platform on which to create native malware -- programmers require expensive tools to build Symbian applications -- Gotsev is almost as scathing on its security design.

He details a newly documented and verified vulnerability that would allow an attacker to cause a denial-of-service on a Symbian system simply by sending a small file capable of choking the Web browser, thereby slowing it down. "Even a cursory glance and a few simple experiments reveal that Symbian is riddled with errors," he said.


To date, mobile malware and exploits -- which typically spread using a mobile device's Bluetooth connection -- have been a mostly theoretical issue, prompting some to question their significance.

But the pessimism surrounding Symbian seems justified. In 2005, the TrojanDoombot.A , which harbored the Commwarrior.B worm, went turned up to bother a small number of Symbian Series 60 devices. More recently, the worm Commwarrior.Q hit the platform again.

Reprinted with permission from

For more news from IDG visit IDG.net
Story copyright 2006 International Data Group. All rights reserved.
-------------- next part --------------
Windows CE, Symbian wide open to attack
 
Growing number of vulnerabilities turning up in both platforms
John E. Dunn   Today’s Top Stories    or  Other Security Stories   
October 13, 2006 (IDG News Service) -- Windows CE is at an especially high risk of attack according to a new analysis of malware threats.
Kaspersky Lab researcher Alexander Gostev has produced the report, it which it is noted that the mobile version of Windows remains wide open to software exploits compared to desktop versions, and allows easy programming access to core operating system functions.
Gostev refers to the growing number of vulnerabilities that have affected the platform, starting with the Duts proof-of-concept virus of 2004 that was able to exploit a security hole unknown to Microsoft, making it a zero-day flaw. "There's no doubt that these vulnerabilities exist. The question is only who will detect them first - a virus writer, or a white hat security researcher," said Gotsev. "The main environment used to develop malicious programs will be .Net, and a significant number of these viruses will exploit vulnerabilities in Windows CE."
Although rival Symbian is a harder platform on which to create native malware -- programmers require expensive tools to build Symbian applications -- Gotsev is almost as scathing on its security design.
He details a newly documented and verified vulnerability that would allow an attacker to cause a denial-of-service on a Symbian system simply by sending a small file capable of choking the Web browser, thereby slowing it down. "Even a cursory glance and a few simple experiments reveal that Symbian is riddled with errors," he said.
 
To date, mobile malware and exploits -- which typically spread using a mobile device’s Bluetooth connection -- have been a mostly theoretical issue, prompting some to question their significance.
But the pessimism surrounding Symbian seems justified. In 2005, the TrojanDoombot.A , which harbored the Commwarrior.B worm, went turned up to bother a small number of Symbian Series 60 devices. More recently, the worm Commwarrior.Q hit the platform again.
Reprinted with permission from
For more news from IDG visit IDG.net
Story copyright 2006 International Data Group. All rights reserved.