MOBILE PHONE VIRUS:  BLUETOOTH  BLUES

MANILA, March 29, 2005 (STAR) By Eden Estopace  -  Let it be said that cellphone users have not been forewarned.

The world’s first mobile phone virus is on the move and security bulletins have been going the rounds of the tech community since early February, abuzz with dire warnings of a mobile worm that is spreading, albeit innocuously.

The culprit’s name is Cabir and has been known to affect mobile phones using the Symbian series 60 platform. That’s a smart move on the part of the virus authors since Symbian is the leading platform for smart phones and is licensed to leading phone manufacturers, including Nokia, Samsung, Siemens and Sony Ericsson.

Series 60 devices also use Bluetooth technology, the medium chosen by Cabir within which to spread itself.

The gameplan is simple. If you are in a crowded place and the Bluetooth feature of your phone is turned on and is on "discoverable" mode, you are vulnerable to an attack. This is because a Bluetooth phone infected with the worm automatically searches for other Bluetooth devices to infect within a range of 10 meters. The virus arrives in your phone as a .SIS file, specifically caribe.sis file, and when you click "yes" to download it, it installs itself in the APPS folder and quickly starts looking for other Bluetooth phones to infect.

If it is any consolation, security firms said the havoc that it can only create at the moment is to drain the battery fast as it searches for other Bluetooth devices to infect. However, you wouldn’t want a worm residing in your phone and creating turmoil on other people’s devices, right?

Although a relatively harmless first try, security solution providers are wary that this worm may mutate into more destructive forms. IBM’s annual security report in early February expressed worry that the malicious code might move into higher levels.

Word of caution: Turn off your Bluetooth when not in use, especially when in a crowded place where people with high-end phones are likely to converge such as Makati, Malate and Greenhills. Be more conscious if you are confined to a fixed location for more than five minutes. Remember that Bluetooth works within a range of 10 meters, so if you are on the move, it lessens the likelihood of infection as you move in and out of the range of infected gadgets.

I received the Cabir worm in the vicinity of a five-star hotel from a phone codenamed "Mitch" and I infected a friend’s phone in the office, she on the third floor and me on the way up to the second floor.

The lure of Cabir is its mystery. When you receive a Bluetooth message from a stranger, especially from someone with a salacious alias as "bedroom voice," "Juliet with no Romeo" or "Jlo on the go," the curiosity prompts you to download the message.

Meanwhile, if you know that your friend or dreamboat is coming and your phone can detect that he or she is within a 10-meter radius, be aware that the proximity is disastrous if his or her phone is infected although there is no malicious intent on his or her part since the worm is sent automatically by the phone.

Security firm Sophos advises cellphone users who can’t turn off their Bluetooth to instead set their phone’s visibility to "hidden" or "undiscoverable." This protects your phone from being found by infected Bluetooth devices within the vicinity but allows you to receive SMS, MMS, contacts or multimedia files from known and trusted sources.

The ‘Bluejacking’ Train

One thing that owners of Bluetooth-enabled phones has not maximized yet is the use of this rich short-range radio feature as a cost-free service.

Phone book entries, business cards, MP3 files, wallpapers, ringtones, memos, text messages, MMS and what-have you’s can be transferred to another phone via Bluetooth if both devices are within a distance of 10 meters.

Unlike infrared, the devices need not be within the line of sight of each other. You can be in two separate rooms or on two separate floors of a building or at opposite ends of a badminton court and swap files.

But here’s the rub: tech fun is no fun if not played on the mischievous side. Beer buddies are known to exchange nude photos and girl friends are known to share "boy" secrets via Bluetooth. And because unlike a text message, a Bluetooth message does not carry the phone number but the user’s alias, the whole exercise becomes a merry-go-round.

On a Nokia 7610 phone, you can "pair" with another device within range. Once found, the owners of the devices can agree on a common passcode and start exchanging files or messages. Some passcodes are fixed and the mechanics of creating "paired devices" actually vary from phone to phone. The first and only paired device on my phone is codenamed "lover boy" and he sent me a sound file of a song I don’t recognize. Was it because my phone’s alias was "Phantom" on the week that Andrew Lloyd Webber’s "classic tale of terror" was showing?

But how would he know that "Phantom" is actually a 37-year-old mother of two and how would I know if "lover boy" is really an android masquerading as human or vice-versa in the tech underworld? The whole thing is an exercise in self-misrepresentation as is the norm in the largely anonymous world of cyberspace. Who are you? Who am I? Can we possibly know that in one unplanned tech joy ride?

The more malicious use of the technology is called "bluejacking," or the unauthorized sending of files or messages, usually naughty or funny, to unsuspecting phone users. The thrill, according to veteran bluejackers, is in seeing the reaction of the recipient and even in guessing who will receive the message in a roomful of "babes."

However, even bluejackers follow a "code of ethics." bluejackQ.com, one of the more popular bluejacking communities on the Web, defines the appropriate conduct for bluejackers. First, send only messages or files but don’t try to "hack" the device. Second, do not send libelous, insulting or pornographic messages. Third, discontinue the exchange if the "victim," called the bluejack, is not amused or is not willing to participate further. But most importantly, do not steal files from the device, otherwise this is no longer bluejacking but "bluesnarfing."

bluejackQ.com says data from a Bluetooth phone can be stolen via bluesnarfing. "In theory, it (bluesnarfing) means if that if your Bluetooth is on and ‘discoverable,’ somebody with the right program on (his) laptop/computer in range of your Bluetooth device can remotely discover your device, create a connection with no confirmation or code-input needed from you and ‘download’ your phonebook to (his) computer," its website states.

Sounds scary? Then spare yourself from these Bluetooth woes. Turn the feature off when not in use. That is the only way to go.


Reported by: Sol Jose Vanzi

© Copyright, 2005  by PHILIPPINE HEADLINE NEWS ONLINE
All rights reserved


PHILIPPINE HEADLINE NEWS ONLINE [PHNO] WEBSITE