There’s a reason many cell providers continue to insist that mobile viruses can be beat at the network level… Cell phones don’t often sport a bunch of unused processing muscle onboard.
That hasn’t stopped CommWarrior from infiltrating subscribers’ phones via Multimedia Messaging (MMS). But Windows Mobile has seemingly stayed above the fray… Until now.
Collin Mulliner of the trifinite.group just demonstrated his SMIL exploit at Defcon 14 in the Riviera of Las Vegas.
When SMIL hits a matched cell phone running Windows CE… and the victim cooperates by clicking… it generates a buffer overflow, which causes your cell to lose its mind so the exploit code can download appropriate malware.
As a successful attack requires careful coordination of exploit, victim, equipment and software, it’s admittedly no Sasser. But it’s a start.
In case you’re wondering, Mulliner’s SMIL stands for Silently Install Malware on Your Mob, a pun guaranteed to draw geek snorts, as SMIL really stands for Synchronized Multimedia Integration Language, the parser of which is the target of Mulliner’s exploit. Get it? Get it?
No comments
Comments feed for this article