Possible security hole for Dialers/troyan horses

Bartlomiej Zdanowski AutoGuard Ltd. b.zdanowski at autoguard.pl
Thu Mar 1 08:55:30 CET 2007


While thinking of antythieft protection we came to some ideas about 
sending smses with stolen phone GPS coords. There were some ideas about 
silent voice calls with message that the phone is stolen.
(for details see thread Itch3: Anti-lost/theft protection).
But at this point we came to a serious problem of open phones. Sooner or 
later someone will write a Troyan Horse or some king of dialer (like for 
PC) looking like a solitaire or sth. When you will be enjoying free game 
it will send a bunch of smses for paid numbers or make expensive calls.
THAT IS THE PROBLEM. Bigger than phone theft. That's why commercial 
phone manufacturers don't allow to access all the phone for java apps. 
To disallow hidden calls and smses.
I suppose that access to calling, smses and gprs data cannot be disabled 
but at least we can add menu entry with summaries and statistics which 
application made calls and sent smses. Openmoko kernel should log any 
transmissions with it's length and cost (if such data is available).

What do you think?
*Bartlomiej Zdanowski*
Product Research Department
AutoGuard & Insurance Ltd.

Omulewska 27 street
04-128 Warsaw
phone +48 22 611 69 23
www.autoguard.pl <http://www.autoguard.pl>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/community/attachments/20070301/ac22299e/attachment.htm 

More information about the community mailing list