Security Watch | Matt Hines » McAfee predicts Windows Mobile malware

September 06, 2007 | Comments: (0)

McAfee predicts Windows Mobile malware

TAGS: Security

McAfee released a white paper (PDF) that highlights a handful of issues with Microsoft's Windows Mobile operating system that the security company contends will drive malware writers to target the platform in the future.

According to McAfee, hackers will soon begin targeting smartphones such as Windows Mobile devices as the handhelds become more popular and people use them to store larger amounts of valuable data.

While mobile malware attacks have been scarce thus far, and some experts -- including F-Secure wireless security guru Mikko Hypponen -- have predicted that such threats will likely never rival widespread nature of today's desktop viruses, McAfee maintains that as smartphones takeoff more exploit code will be written to target the machines.

All smartphones will likely be assaulted with malware at some point, according to the firm, but McAfee reports that a handful of Windows Mobile design features could lead to the "unintended exposure of device contents" including text messages, e-mail, documents, call records and contact lists, that could leave users of devices running the OS prone to attack.

For instance, writes Zhu Cheng, the researcher in McAfee's Avert Labs group who authored the white paper, the development API that Microsoft provides for sending and blocking text messages on Windows Mobile devices could be used by malware developers to write programs that steal users' personal information.

Cheng maintains that because the system uses a telephone number to establish a line of trust for accepting text messages from senders, someone could easily create a spoofing attack that sneaks by any onboard protections for SMS spam or phishing campaigns.

"One example is malware that uses the text-messaging APIs to send fake messages to people on your contact list. This is similar to e-mail spoofing, but this type of phishing has an even higher likelihood of success because of the victims' lack of awareness of this type of threat. If we trust an incoming message based solely on its telephone number, then we are vulnerable to anyone in our contact list who has been infected by a virus, which can easily send spoofed messages. Users will find it hard to tell if the SMS is malicious," Cheng writes.

"It's reasonable to assume similar attacks will occur against Windows Mobile devices as these devices become more popular. It wouldn't be difficult for a malware writer to create a new threat. According to the Windows Mobile Software Development Kit, an application developer could write code using the sample code MapiRule and load it to implement text message blocking. Because Microsoft already provides a MapiRule framework in the SDK, all that a developer has to do is modify it a bit for use as a DLL."

"After installation, MapiRule becomes a filter between short messages and the text mail program. So, a programmer could interrupt the short message handling process by deleting or forwarding messages, or by performing other operations while acting as the man in the middle. Malware could use this feature to install a DLL in the user's smartphone to block the short message and disturb normal communication, give responses to messages, or forward messages. If SMS was used for corporate communications, it would create an avenue for intercepting corporate data."

Cheng goes on to day that using Microsoft's APIs, attackers could conceivably take control of a Windows Mobile device's camera and use it to snap pictures, or simply hack into users' saved photo and video content and steal it. (Somewhere teen hackers are dreaming that Paris Hilton buys a Windows Mobile smartphone.)

In another example, Cheng said that using Microsoft's mobile voice-recording API, a virus writer could conceivably cook-up an attack that allows them to record phone calls.

"Microsoft applies the Waveform Audio Functions to record and play Wav files, according to the Windows Mobile SDK. Because of the comparability between Windows Mobile and Windows, many recording APIs and codecs used by Windows can be applied to Windows Mobile—and serve as a reference for mobile malware authors. When we tested the Dopod smart phone, for example, we found that the recording quality was very high—even when the mobile was in a user's pocket. "

While the research paper fails to highlight any real vulnerabilities in Windows Mobile, and there remain experts who doubt that hackers will move aggressively to infiltrate smartphones -- especially since so many other types of systems can be more easily cracked today -- it provides interesting food for thought.

The cited threats are pure proof-of-concept material, and would seem likely to affect devices running on other OS software, but Cheng said that McAfee is merely hoping to push smartphone users to be wise about securing their devices (since there's no bad blood between McAfee and security software newcomer Microsoft, after all).

The point of it all, the researcher said, is to prepare for the attacks that will come.

"Right now we're in the early stages of what is likely to become a longstanding trend. We can't let our guard down," Cheng said in a report summary. "It is essential to exercise caution when using your smartphone."

Posted by Matt Hines on September 6, 2007 08:18 AM

RATE THIS ARTICLE: