Possible security hole for Dialers/troyan horses
Bartlomiej Zdanowski AutoGuard Ltd.
b.zdanowski at autoguard.pl
Thu Mar 1 08:55:30 CET 2007
While thinking of antythieft protection we came to some ideas about
sending smses with stolen phone GPS coords. There were some ideas about
silent voice calls with message that the phone is stolen.
(for details see thread Itch3: Anti-lost/theft protection).
But at this point we came to a serious problem of open phones. Sooner or
later someone will write a Troyan Horse or some king of dialer (like for
PC) looking like a solitaire or sth. When you will be enjoying free game
it will send a bunch of smses for paid numbers or make expensive calls.
THAT IS THE PROBLEM. Bigger than phone theft. That's why commercial
phone manufacturers don't allow to access all the phone for java apps.
To disallow hidden calls and smses.
I suppose that access to calling, smses and gprs data cannot be disabled
but at least we can add menu entry with summaries and statistics which
application made calls and sent smses. Openmoko kernel should log any
transmissions with it's length and cost (if such data is available).
What do you think?
Product Research Department
AutoGuard & Insurance Ltd.
Omulewska 27 street
phone +48 22 611 69 23
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the community