A new variant of spyware “Spy.Felxispy” on Symbian devices causing privacy leakage has recently been captured by the National Computer Virus Emergency Response Centre of China. According to NetQin Mobile, there are more than a dozen variants of the spyware since the first was spotted, and the latest has affected 150,000+ devices. Once installed, the spyware will turn on the Conference Call feature of the device without users’ awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.
“Other” phones are just as easy. No code signing. No sandboxing. Security Fail.
I thought being unable to install applications would make it free from spyware. No such luck. Time to research vectors and defenses…
You can install applications on symbian phones. In fact, it’s the platform where you have most power in this area, atm.
I would also like to know more about this vulnerability. Did people voluntarily install anything ? Did they disable some security features ? If it’s an app trusted and installed by the user, it’s different than if it’s a sneaky app which installs through the web browser without the user knowing.
Edited 2011-02-24 07:33 UTC
Yes, it seems to be the case. “The privacy stealers usually install the spyware on the phone or send MMS containing the spyware to users to lure them to click. ” in the article, “According to NetQin, the cybercriminals usually install the spyware on the phone by sending an MMS containing the spyware to users to lure them to click.” in http://www.securityweek.com/new-variants-old-symbian-mobile-spyware… .
So it is still the user’s fault more than symbian’s fault, but keeping the user safe from his own idiocy/flaws is becoming more and more a good security feature…
Wow, what Symbian version do you have? S40? I assure you, on Symbian smartphones, you most certainly can install apps. In fact, it was one of the first mobile platforms where this was possible and is still the most open one in terms of what you’re allowed to do without hacking it.
Most can, this one barely has enough storage to store a few dozen text messages.
What variant of Symbian are we talking about here? S40, S60, Symbian^3 (the latter two are closely related but not identical)? Trouble with Symbian is you can’t just say Symbian and leave it at that. There are several branches of it.
What a lovely world this will be for Symantec and their ilk!
I know Anti-Virus is a swear word to some, but there is some long establish Anti-Virus solutions for Symbian.
Yes, it’s not a silver bullet, but it sure helps.
Only thing is, Symbian anti virus solution providers…how long will they commit to these products on Symbian given uncertainty about it’s future.
Who is going to listen to 150,000+ devices?
I understand that the purpose of the exploit was “Once installed, the spyware will turn on the Conference Call feature of the device without users’ awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.”
This is junk news spread by antivirus manufacturers to sell their mobile products.