Bill P. Godfrey et al

Friday, September 16, 2005

The barbarians at the mobile phone

In the world of mobile phones, the popular Bluetooth system has been in the news.

A virus, called Cabir travels over short range wireless links between phones running the Symbian operating system. Walk into the range of a phone infected with the virus and it will attempt to send the virus over. Just like Independence Day.

What does seem to be amazing at first glance is that infection only works if the attacked phone is set to discoverable and the user has to answer Yes three times to on-screen prompts.

Are these people idiots? Maybe, but I don't think so. The three questions asked are
  • "Receive message via Bluetooth from [phone]?"
  • "Install caribe?"
  • "Installation security warning. Unable to verify supplier. Continue anyway?"
Note that none of these questions are "Installing this might cause bad things to happen! Don't do it!"

Even if you answer No, it doesn't end there. The attacking phone will repeat the conversation again right away. You keep on just pressing the No button until you are out of range of each other. No wonder some press Yes, just to see if it will shut the @%* thing up. [F-Secure writeup]

The problem here is not the stupid user, but a user interface in need of improvement.

For a phone to be Bluetooth discoverable isn't really a problem in itself. (Unless you leave it in your car, where it becomes an "I'm a valuable object." beacon.) The problem comes when the user is hassled to deal with unwanted attention. All the phone really needs to do is show a little indicator in the corner of the display that someone is trying contact you. If you are not expecting an incoming link, the indicator would just sit there saying “Hello, the barbarians are here at the gate, can we come in please?”

However, the barbarians will often be disguised. They may appear as one of your closest and trusted friends. Many executable program files are useful. Games, tools, etc. If your friend has a really cool game and you want to play, there is a risk that your friend has been virused and he doesn't know it yet. That game could come with something nasty attached.

Do we need raw program files that run unrestricted at all? Maybe, but I don't think so.

A good model to follow could be something similar to Flash files. Commonly seen used in animations, a program inside a flash file can do a lot. Here's a jigsaw puzzle. Here's a simple arcade game. Here's a collaborative document editing system.

Flash implements a full program language, but the program's wings are clipped. Unlike regular executables, a flash program can't interfere with other programs and it can't mess with files it doesn't own. Add a way allowing programs to interact with other components (including the file system) with a strict and manageable protocol, and there's no big need for any program to run unrestricted. (Except the operating system and the occasional device driver, that is.)

In the meantime, let's be careful out there. And don't have nightmares.


Post a Comment

<< Home