MyMobiSafe.com Official Mobile Security Blog
This blog is managed/edited by Eric Everson, Founder of MyMobiSafe.com. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community.
Thank you for taking the time to review my blog, I am Eric Everson the founder of MyMobiSafe.com. In addition to my duties at MyMobiSafe, LLC I am also a graduate student of software engineering. As a mobile security expert, I am glad to answer any questions you may have on the topic: EricEverson@Hotmail.com
Tuesday 12 June 2007, 7:15 PM
How Your Boss Is Helping Us Grow MyMobiSafe.com…
How Your Boss Is Helping Us Grow MyMobiSafe.com…
By: Eric Everson, Founder MyMobiSafe.com
Your boss doesn’t realize it yet, but your boss is growing MyMobiSafe.com everyday. Internet restrictions in the workplace are creating an increasing rush to the mobile web. If you use the mobile web, chances are you want a mobile security solution and that’s where we fit in.
Before I left the corporate world to start the MyMobiSafe.com venture, I found myself increasingly being subjected to the technology restrictions of “the man.” I was working for a big name U.S. wireless provider (which I’ll leave nameless but will refer to as Orange) and it seemed like everyday there would be a new restriction placed on internet usage. I was with Orange for about five years and in that time it went from being able to login, to only being able to browse at lunch, to the way it was before I left when I could only access .edu or .gov addresses. While I was thankful for a few entertaining .edu portals, I felt the social side of the internet being squeezed out of my work life completely.
Before I left Orange things had become so restricted that I had to go home on my lunch break just to stay in touch with the internet community. What your boss fails to understand is that we as internet surfers are generally less interested at work to search for “images” and are more likely to use the internet to stay in touch. The web has become a social networking giant and our bosses seem intent on restricting our access to it. As rebellious as we are, we’ve found a way to stick it to the man by turning to our wireless web instead.
Inside the menu of most modern mobile phones is the world’s next portal to the web – the mobile internet or the MobiNet as I like to refer to it. So if you are seeing your workplace internet restrictions rising, don’t forget that you have your own key to the web. If you are new to the MobiNet don’t forget to boost your mobile security. The rising content for mobile phones is also increasing the threats that mobile internet users encounter (MyMobiSafe.com has you covered here). I hope the next time you see a workplace memo about increasing internet restrictions, you too will get a big smile on your face as you reach for your mobile internet. As you hit that big red X to delete that memo, just remember that your boss is just doing their best to grow MyMobiSafe.com. : )
By Eric Everson, Founder MyMobiSafe.com
Friday 8 June 2007, 7:52 PM
Mobile Virus ACE-? – Is The Hoax That The Hoax Is The Hoax?
Mobile Virus ACE-? – Is The Hoax That The Hoax Is The Hoax?
By: Eric Everson, Founder of MyMobiSafe.com
In the mobile security industry we all go into overdrive when we hear about a new threat because we want to ensure that we’ve coded against it. There is an old e-mail (circa 1999) that has reared its head again that says something to the effect of:
“If you receive a phone call and your mobiles phone displays ACE-? on the screen DON'T ANSWER THIS CALL - END THE CALL IMMEDIATELY. IF YOU ANSWER THE CALL, YOUR PHONE WILL BE INFECTED BY THIS VIRUS. This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network. You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. There are over 3 million mobile phones being infected by this virus in USA now.”
Symantec supposedly researched/archived this as a hoax email back in 1999, but here we are in 2007 and the same message is floating around in full force again. What gives might one ask? It seems that there may be some shred of truth to this old “hoax”. At MyMobiSafe.com, we’ve identified and coded against a “jacking script” that is titled “ACE.” A jacking script is written to be sent via text messaging (SMS) to a mobile handset where it will attempt to retrieved specific data metrics (like a contact list) and send them back to a central server. Jacking scripts also referred to as “content jacking” are usually only used to phish for data such as contacts and key strokes though they are usually only built for a specific campaign and discarded.
So about that old e-mail, the truth about it is that there may be a low level external threat out there with the letters “ACE” in the file name. The false information (at least as of today 6/8/07) is that it has not spread to 3 million people and the virus would also arrive to look like a text message not a call. It looks like someone may have built the existing threat to piggyback off of the “hoax” label that was assigned in 1999.
Again as of 6/8/07, our records indicate that the newest version of “ACE” is no longer an active threat as the original backfeed IP is null. Mobile threats usually seem to come in waves, so there is a possibility that we may see a few new threats that piggyback off of old “hoax” files in the future. Feel free to check us out at MyMobiSafe.com if you are interested in protecting your mobile against these concerns in the future. Keep reading my blog to learn more about mobile security.
By: Eric Everson – Founder, MyMobiSafe.com
ericeverson@hotmail.com or Eric.Everson@MyMobiSafe.com
Monday 4 June 2007, 7:36 PM
Cell Phone Viruses: What? Those Really Exist?
Cell Phone Viruses: What? Those Really Exist?
By: Eric Everson, Founder of MyMobiSafe.com
It amazes me how often I get surprised reactions from people that have no idea threats are out there targeting cell phones. The common response, as you have likely guessed from the title of this entry “What? Those Really Exist?” Though I hate to be the bearer of bad news, mobile threats are increasing at an alarming rate. The days have passed when only those with Bluetooth capabilities built into their phones are the only mobile users at risk. At MyMobiSafe.com, as we continue to uncover increasing numbers of mobile viruses it makes us shutter to think about how many mobile users will fall victim to their fury. The scariest element of a viral attack is the interconnectivity that mobile phones have.
Consider the popularity of cell phones these days, as we keep them so close to us that they have practically become part of the human anatomy. Cell phones are integrated into every aspect of the working world and frighteningly there is a vulnerability to the industry that few ever consider. The interconnectivity of cell phones is at epic levels, which makes every mobile user a potential victim of a mobile threat. Consider how many other people’s cell number you have got in your contacts list and now considering the other 800 million cell phone users in the world think about how interconnected we all are. I think the last number I read was that the average number of contacts in person’s cell phone was around 30. Thirty seems like a relatively small number of contacts considering the working persons contacts, but nonetheless we will call it 30 for all practical purposes.
Let’s take those 30 contacts on your cell phone list and assume that at least one of them is hip to technology and uses the functionality of their mobile phone to access any number of growing mobile content portals. The person might download video, games, or music and unbeknownst to them they are opening a cell phone virus. Your first thought might be, better their phone than mine! On the contrary however, by the time you finish reading this sentence you will know that the majority new mobile threats distribute themselves through a phones contacts before causing any harm to the infected handset. Here you are now, completely oblivious to the fact that your contact has lost everything on their phone and as you always would you open that text message that they sent you. Yes, that text message that looks like it is from your friend is really a text-Trojan virus about to take out everyone you hold dear on your contacts list.
I hope that if nothing else through this blog entry that I have at least stuck the idea of mobile security and the importance of a mobile antivirus into your head. We have solutions available to protect all mobiles at MyMobiSafe.com, but I am not writing this to advertise but merely to shed enlightenment throughout the mobile community. I hope that you will continue to follow my blog to learn more about mobile security… because YES! Those really do exist. Thanks for reading.
Eric Everson, Founder
MyMobiSafe.com
Sunday 3 June 2007, 8:07 PM
Anatomy of a Mobile Virus: Dismantling A Daisy Chain Explosive
Anatomy of a Mobile Virus: Dismantling A Daisy Chain Explosive
By: Eric Everson
Commonly grouped along with external mobile threats, mobile viruses have become common throughout today’s mobile community. The fleeting question on the mind of so many mobile owners is why. To understand today’s mobile virus, one must look back at the evolution of computer viruses. Viruses don’t typically enter a medium such as mobile communication as malicious attacks rather they start with software developers pushing the limits of modern coding. Initial developments in computer viruses would often remove or otherwise alter a strategic kernel or other file type in effort of achieving a desired result. Mobile viruses began with much of the same innocence. The early mobile viruses would merely drain the battery of a mobile handset while today’s mobile viruses can practically render a cell phone useless.
To understand why mobile viruses have become so destructive one must understand that as a hacker the more malicious your virus is the better it is. As a group, hackers are scientist that in my humble opinion, fuel the development of technology. Generally hackers get a bad wrap, but it is their persistence in exploring the edge of technology that makes them extremely interesting. The reason mobile viruses are so fascinating to me is that dissecting them really is – this is the former U.S. Marine about to come through – like dismantling daisy chain explosives. In case you’re not the military type, daisy chain explosives are any variety of bombs that are interlinked to cause a chain of explosions that to the naked eye looks like a single blast.
Without getting too technical, almost every mobile virus has four major sections of anatomy: The Jacket, The Filament, The Charge, and the Trigger.
The Jacket: This is the only part of the virus that the general public ever knows about. This includes the virus type/class and the “trojanesque” characteristics that always end up in the media.
The Filament: This is really the nuts and bolts of a mobile virus. All of the scripted coding exists in this layer of the mobile virus. As a virus hunter, this is really the most fascinating part of the virus for me because as you’re dismantling it one false key stroke can end the decryption process. Anytime I am going through the filament of a virus I liken it to Catherine Zeta-Jones making her way through the lasers. One false move and all your decryption work is in vein.
The Charge: I call this the charge or nucleus of the virus because this is what really acts as the neurological system of the virus. If you can make your way to the charge, about any virus can be dismantled by the right person.
The Trigger: I saved this piece for the last because it is the trickiest part of any mobile virus. The trigger is much like the blasting cap for TNT. This piece of the virus is what “triggers” everything. It would be the pin of the grenade or the catalyst of a chemical reaction. The trigger is what allows the virus to do what it is designed to do. In a mobile handset for example, the trigger would scan for “file X” and when it finds it the fury of the virus will be set in motion. The thing that makes a trigger so had to identify is that it is almost always encrypted or somewhere buried in what sometimes seems like endless filament.
By now I’ve either kept your interest and have intrigued your thirst for more or I have painted myself as the mad scientist you want to keep on your side. I assure you I only use my knowledge of this area for the good of the mobile community, so you can set your mad scientist image aside. By understanding the viral world we at MyMobiSafe.com can concentrate on increasing the security of the mobile community. For someone like myself, this is a fascinating world of digital exploration and we are at the forefront of what is to come. As a mobile user, you should increase your knowledge about the threats that exist to your mobile device. Of course I hope that you will entrust MyMobiSafe.com with the security of your mobile device, but that is for you to decide. I think that while some players in the industry are more profit driven than passion driven, collectively we all want to make the mobile community a safer place for each cell phone user. With increases in mobile content such as games, video, internet, and banking mobile security is becoming a reality for all cell phone owners. Viruses are not just something that people with Blackberry/Smartphones need to worry about – all mobile devices have security vulnerabilities. Keep following my blog to learn more about security in a mobile world.
Created by:
Eric Everson, Founder
MyMobiSafe.com
blog.myspace.com/mymobisafe
Thursday 31 May 2007, 6:33 PM
Mobile Banking Gets a New Security Guard
A recent article on PocketPicks suggested that “by 2010, 35% of online banking households will also be using mobile banking services.” Many of the global banking giants have already invested millions of dollars towards mobile banking technology in preparation for this new wave of banking. Mobile phone owners are increasingly getting additional interactive content such as music, video, and games so it is a natural evolution that banking capabilities will arrive in stride.
With such increases in available content, cell phone owners must begin to consider the safety of their handsets. Much like in the computer world, mobile phones also have external threats. There has been emerging media press coverage lately about cell phone viruses among other security issues facing cell phone owners. It is easily understandable how increased content can translate into increased risk.
As the banks have invested in bringing the mobile banking services to their customers, customers must also begin considering their cell phone security as much as their computer security. As the founder of MyMobiSafe.com I am obviously partial to the services we provide for cell phone security but there are others out there. McAfee, F-Secure, and Bullguard all have a mobile antivirus program designed to protect specific mobile handsets. The big advantage to most wireless users is that MyMobiSafe.com has introduced is a security solution that works with all cell phones.
One of the reasons MyMobiSafe™ has attracted so much interest from the banking community is that increasing cell phone security is the first step towards allowing customers to have the confidence to try mobile banking services. So far the banks have invested in the technology, mobile security providers like MyMobiSafe.com have invested in the security, and as more cell phone owners realize their mobile vulnerability the pieces will all come together.
Mobile banking is here to stay, but as wireless users we have to keep mobile security high on our priorities list. I am working to establish MyMobiSafe.com as the new security guard for the mobile banking community.
Sources:
PocketPicks.co.uk: http://www.pocketpicks.co.uk/latest/index.php/2007/05/21/mobile-banking-to-take-off-by-2010/
MyMobiSafe.com: http://news.google.com/news?um=1&tab=wn&hl=en&q=mymobisafe
Previous
