An easy-to-do SMS attack against numerous versions of Nokia’s S60 operating system is starting to make the rounds on YouTube.
The attack, known as the “Curse of Silence,” which can render a phone unable to receive text messages until a hard reset is performed, was demonstrated at the recent Chaos Communications Congress and was reported last week by bloggers at security company F-Secure.
Chief Security Advisor Patrik Runald said the silver lining is that such an exploit on typically well-secured Nokia phones might push the world’s best-selling handset manufacturer to work harder at testing its products.
Nokia officials could not be reached for comment about a possible patch. However, “generally, it’s kind of cumbersome, you have to download a specific tool. It might be possible over-the-air to fix a specific bug, but whether or not they’re going to do that, I haven’t heard,” Runald added.
The world is likely to see more mobile hacks when there is wider use of mobile financial software. “The motive at the end of the day is always financial. In the mobile space, the motive up until now has always been cracks, or for fun, or just plain evil,” he said.
F-Secure’s own mobile security product debuted in 2001. Runald acknowledged there probably wasn’t much of a threat at that point.
“We figured there’s going to be a threat and eight years later we’re still not there. We still believe something’s going to happen and without spreading FUD, I think it’s just a matter of time,” he said, referencing the industry term for fear, uncertainty and doubt. “Whether that time is six months or six years is hard to tell.”
S60 was also the subject of a rash of security issues in March, April and June of 2005.
Elsewhere in mobile security, Positive Networks today said it’s now called PhoneFactor, which is also the name of its flagship two-factor authentication software.