3-Lib - Viruses for Symbian OS - the truth

Viruses for Symbian OS - the truth
Don't be panicked by media hype about viruses targetting Symbian OS smartphones!


Fact: no-one can pass a virus to your Symbian smartphone over Bluetooth or MMS without your knowledge. See a plea for sanity, below.

Fact: the Symbian 'viruses' you read about aren't really in the wild, in the same way that Windows viruses are. Most Symbian malware has been created as 'concept' software and sent straight to an anti-virus vendor (who naturally make a pretty penny out of advising people that they need a-v utility software). Because it's realistically impossible for these apps to spread in most sensible societies, you simply will not come across them in the real world unless you happen to hang around with teenagers bent on trying all the latest trojan-infested 'warez' (see below).

Fact: it's impossible for any piece of malicious software to make your smartphone unusable. Even if you allow a piece of 'malware' (i.e. a malicious program) onto your unit, it can't touch the OS and applications in ROM, which means you can always do a hard reset (typing in ‘*#7370#’ works with older Series 60 smartphones, 'Dial'+'*'+'3' while powering on for newer ones, procedures for UIQ and Series 80 units are in the manual) to get back to a working system.

Fact: the biggest hazard in the Symbian world is the 'warez' scene, where unscrupulous people 'crack' commercial software and then put it up for free download. Quite apart from the ethical considerations about putting genuine Symbian authors out of business, these cracked versions are the perfect opportunity for a malicious cracker to insert routines designed to cripple your phone or scramble your data.
You can stay clear of such malware by downloading your Symbian OS third party software from recognised software sites and staying clear of warez. This isn't just me quoting a party line here - this is simply practising safe computing. Only download from trusted sources.

A CHALLENGE FOR VIRUS WRITERS OR ANTI-VIRUS SCAREMONGERS
The deal: I'll stand in a room with you and all your infected toys. I'll have a Series 60, a UIQ and a Series 80 smartphone, all set with Bluetooth to 'Discoverable'. I'll give you as long as you want to try and infect me in any way whatsoever, I'll even accept your SMS and MMS messages and generally communicate. If you succeed in infecting me, I'll hand over an obscene amount of money. No-one fancy the challenge? I thought not.
Symbian OS viruses - just keep your software legal and move on....

--------------------------------------------------------------------------------

A plea for sanity (originally written late 2004)
As I write this, on New Year's Eve 2004, the media worldwide are championing scare stories about viruses spreading like wildfire between smartphones happening to run Symbian OS. Even by media standards, this is incredibly misleading. And, to be frank, a load of absolute rubbish. Read on...

Overview
Have you ever tried getting an application (or indeed any other kind of file) from one smartphone to another? Quite apart from the logistics of getting Bluetooth in the right mode ('Visibility: shown to all') on the recipient phone and getting the phones to actually find each other, anything request from another phone to send something has to be manually authorised (i.e. the recipient has to actively read the warning and press a button marked 'Yes'). And, for an application, there are many extra steps to agree to, in terms of accepting that you want to install it in the first place, that it probably hasn't been officially signed and then deciding which disk (internal or expansion card) to install to.

This is totally unlike the virus situation on desktop computers, where viruses infect you quickly and silently, reaching out to others via extra email transmissions and via direct Internet probes. Under Symbian OS, there is (so far) no known way for software to get sufficiently under the hood without your express permission to be able to do any of these things.

A Symbian targetted virus in the Real World
So you're walking through Paddington station, London, within Bluetooth reach of a hundred other smartphone users. And you've left your Nokia 6600 (or similar Series 60 smartphone) open to incoming Bluetooth connections because you often share contacts and appointments with colleagues and it's simply more convenient to leave this setting 'on'. All of a sudden, an 'infected' Series 60 smartphone (assuming there are any in the wild) reaches out to your phone and you hear a beep. Looking at the display you see

"Receive message via Bluetooth from Nokia 3660?"
with buttons marked 'Yes' and 'No'.

Your first choice should obviously be 'No', as you're not with a friend or colleague and are not expecting an incoming contact, appointment or file. Pressing 'No' means instantly stopping the incoming connection dead in its tracks. But let's say that you press 'Yes', out of curiosity perhaps. The virus application will be received into your Inbox, which may even automatically spot that it's a Symbian Installation (SIS) file and will start installing it. There's still no need to panic, though, as you'll then have to accept the various installation warnings and questions:

"Installation security warning: Unable to verify supplier. Continue anyway?"
with buttons marked 'Yes' and 'No'.

There's no application title shown yet, and perhaps you decide to carry on a little further, again out of curiosity (remember that you're not expecting anything).

Now we're getting to the nub of the matter. Symbian OS next pops up the question:

"Install Cabir?" (or "Sexxy", or whatever the heck today's media-favourite virus is called)
with buttons marked 'Yes' and 'No'.

At this point, if you still answer 'Yes', then you deserve everything you get! (As an aside, there are still at least two more questions to answer before the application is actually installed, giving you two more chances to back out)

Conclusion
Does the above sequence sound like the seamless and invisible mechanism needed by any decent virus if it's to propagate itself effectively in the wild? An emphatic NO.

You can keep your Symbian smartphone completely free of malware by following a couple of simple rules:

Don't accept unsolicited Bluetooth transmissions from other phones. Or trust applications tacked onto MMS messages ('e.g. Hey, try my new, kewl game!')
Don't install applications unless they are ones you've asked for or have downloaded from reputable software sites (Handango, AllAboutSymbian, My-Symbian, 3-Lib, etc.)
In most cases, it's quite safe to leave Bluetooth visibility as 'Shown to all'. If you do get bothered by too many unsolicited connection attempts, simply change the setting to 'Hidden'. Although given that the number of 'infected' Symbian Series 60 phones worldwide is truly tiny, you really don't have to worry! You're more likely to be hit by lightning or to win the lottery...

(C) 2004, 2005, 2006 Steve Litchfield


--------------------------------------------------------------------------------