Possible security hole for Dialers/troyan horses

Bartłomiej Zdanowski DRP AC2 b.zdanowski at autoguard.pl
Thu Mar 1 11:47:42 CET 2007 

Krzysztof Kajkowski napisał(a):
> 2007/3/1, Bartlomiej Zdanowski AutoGuard Ltd. <b.zdanowski at autoguard.pl>:
>
>>  THAT IS THE PROBLEM. Bigger than phone theft. That's why commercial 
>> phone
>> manufacturers don't allow to access all the phone for java apps. To 
>> disallow
>> hidden calls and smses.
>
> We have
> similiar situation in Linux - we can download software from net,
> install it (even on user account) and run it without knowing that it
> makes some nasty stuff in the background (for example sending spams).
> Such trojan are not so popular, why? I think it's because openess of
> Linux and it's apps and that they are not spreading automaticly. As

> for the first reason - most of us don't bother to download closed
> source apps for linux.
Developers don't bother. Ordinary users (possible customers from 
september's phase2) would download binaries and run them. I'm mostly 
windows user and I _never_ compile opensource apps. I always look for 
binary version. You may now say it's wrong and lame but my point is not 
so discuss how lazy and lame I am. I say that lot of people do that and 
if we want to create a solution really open for everyone we must 
remember of non-developers which is a huge part of consumer market.

> as Sun, VMware etc. I doubt if anyone would be stupid enough to run
> binary from unknown source. Second reason if that trojan which
> requires human to spread are not likely to emerge in big numbers
> (epidemic).
I would. I promise. And release binaries of trojan striptease tetris for 
free and you will have number of downloads.
> I think that such appilcations (dialers etc) are not likely to wide
> spread. Main source for applications for OpenMoko will be official
> repositories and GSM providers. For first source we would have source
There's a lot of companies running songs, themes and java apps download 
services. And these companies are apart from GSM operators. There will 
be a lot of openmoko apps from unknown source for download too.
> long run. However there might be such attempts to create GSM trojans
> and we should be aware to enable user to protect itself. The question
> is how to do that?
I've already proposed first thought of a solution.

Regards.
-- 
*Bartlomiej Zdanowski*
Programmer
Product Research Department
AutoGuard & Insurance Ltd.

Omulewska 27 street
04-128 Warsaw
Poland
phone +48 22 611 69 23
www.autoguard.pl <http://www.autoguard.pl>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/community/attachments/20070301/7c28149c/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: b.zdanowski.vcf
Type: text/x-vcard
Size: 428 bytes
Desc: not available
Url : http://lists.openmoko.org/pipermail/community/attachments/20070301/7c28149c/attachment.vcf

More information about the community mailing list