Is there any future for smartcards?

Eugen Leitl eugen at
Tue Sep 13 09:57:16 EDT 2005

On Mon, Sep 12, 2005 at 09:52:27AM -0700, James A. Donald wrote:

> Typical worm installation goes like this:
> : :	Receive message via bluetooth from unnamed 
> : :	device?  Y/N
> : :
> : :	Installation Security warning:  Unable to 
> : :	verify supplier.  Continue anyway? Y/N

It's just a networked computer that happens to look
like a mobile phone. Not particularly security-oriented.

It also doesn't matter what current malware does on the current
platform. FWIW, it's still in primitive shenanigan stage. 
It's a question what future malware on future mobile platforms
will do. It's a machine for young social primates. Not suitable
for a payment system, unless equipped with dedicated, hardened
cryptographic compartment with dedicated display and PIN/biometrics.

Yesterday we received information on Commwarrior.B sightings on two new countries: Greece and South Africa.

So it seems that the rate in which Commwarrior is spotted is quite a lot faster than with Cabir. But then again, high discovery rate might be result of increased public awareness.

Also as Commwarrior is in the wild here in Finland, we have had an opportunity to follow how the worm spreads and interviewed people who have been infected with it. And it seems that we have found at least partial answer to the question why people install Symbian worms on their phones.

The most common reason why people have installed Commwarrior from MMS message is the trust that they have on the sender. People are wary of messages that they receive from unknown sources, but quite willing to install whatever has been sent from a friends mobile. This is a phenomenon that we have also seen with E-Mail worms, people just are unwilling to mistrust something coming from a friend.

Current count of countries with Commwarrior sightings:
8.South Africa

> Seems to me that the phone designers have done a better 
> job with virus, worm, and malware resistance than 
> Microsoft or Linux.  Teenagers are pretty sophisticated. 

Are we talking even about the same species? About
the same teenagers which already own malware-infested 
PCs, and swap whatever ringtones, logos and games en vogue
with their FOAFs?

Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820  
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the cryptography mailing list