Mobile Game Trojan Calls the South Pole

UgLyPuNk writes with an excerpt from Gamepron.com: "Freeware games can actually cost you more money than their pay-to-play cousins, as mobile gamers in the UK have learned. A 'booby-trapped' version of a popular Windows Mobile game has been sneakily spending their money while they sleep – by dialing phone numbers in the Antarctic behind their backs."

yikes

[iwannasexwithyourmom]

aw man, that's pretty cold.

Re:yikes

[PDX]

What next downloading penguin porn? That would be appropriate for a Linux virus.

Re:yikes

[PinkyGigglebrain]

No, that would be perfect for a Windows virus.

Adds insult to injury, with a dash of salt.

Re:

[Pharmboy]

See, Bill Gates was right! Free Software *does* cost more than proprietary software!

(ducks)

Did penguins answer ?

[Arvisp]

and what did they say ?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[EnsilZah]

Probably something along the lines of "Nope, not seeing any bees around here either".

OS name appropriate - WinCE

[zooblethorpe]

I always thought Microsoft made a bit of a branding error when it came to naming their mobile OS. "WinCE" just invites all kinds of negative associations, and stories like this one just add to the painful image.

Cheers,

Re:OS name appropriate - WinCE

[phantomfive]

On the other hand, having programmed for windows CE, it may actually be the most descriptive name the could find.

Re:

[pipedwho]

I've been writing for Windows CE for so long, I've got a permanent furrow on my brow.

Re:OS name appropriate - WinCE

[splutty]

As we all know, 6 months of programming in Windows makes you want to jump out of one (YMMV)

Re:

[Arancaytar]

*winces at the pun*

Re:

[DinDaddy]

They should have rolled it all into one system with Windows ME and NT.

Windows CEMENT!

Re:

[Blakey Rat]

Yeah, they should have called it something like "GIMP." That's much better.

Re:

[mcgrew]

Well, they named their Windows Media Player WiMP. I think both names are fitting.

In fairness, though, WinCE is a better browser than OpenWave, and I say that without even using WinCE; it couldn't possibly be worse than OpenWave.

Re:

[Anonymous Coward]

Nerds can enjoy the same joke over and over for periods much longer than 10 years. It means we don't need to spend a lot of money on entertainment, assuming of course that we actually did spend money on entertainment instead of pirating it. Did I mention that peg legs and eye patches ARRR still funny, too?

Re:

[PitaBred]

September 19th!

Let's play a game...

[_Sprocket_]

....how about a nice game of Ice Station Zebra?

One really has to wonder...

[Lord Artemis]

...how they even *found* numbers in the Antarctic. It's not like you can set up a phone line down there, and I can't imagine many people would have occasion to call the Antarctic.

Re:

[DarthBart]

There's enough phone numbers down there it has its country code for mobiles, and that's supposedly what this malware does. It dials +88234 numbers. It probably just wardials numbers in certain blocks.

I don't know how UK mobile providers do it, but I had to call my cell provider (Sprint) to enable international dialing before I could dial past +1.

Still it is a hell of a lot cheaper than wardialing +870 (Inmarsat) numbers. Last I heard, those were going for 10Euro/min on the wholesale market.

Re:

[DarthBart]

I stand corrected. 88234 is not just for mobiles in Antarctica. It is a country code assigned "Global Networks Switzerland".

Re:

[MichaelSmith]

I don't know how UK mobile providers do it, but I had to call my cell provider (Sprint) to enable international dialing before I could dial past +1.

My bet is that this is a US specific thing. Certainly in Australia new SIM cards can by default dial any number on Earth (and for all I know, some not on Earth). International roaming OTH is not always enabled by default and I have been bitten by this a few times.

Re:One really has to wonder...

[JWSmythe]

    You know, I was curious about this too. I found this page [countrycode.org] which shows there to be no phones (land lines nor cell) in the Antarctic. Wikipedia has a reference to calls being relayed over HAM radio only. They also mention that Scott Base does have a satellite relay for telephone calls [wikipedia.org]. It seems they do have a country code assigned (672), so I'd suspect that someone got a number assigned, regardless of the fact that they aren't really there.

    What I don't exactly see is how they're profiting off the number. I know some long distance calls act as premium rate numbers (like dialing a 900 number in the US), where a profit can be had from the initial connection and the minutes on the maintained connection. It should be a simple matter to follow the money back to the source of the problem, and prosecute them accordingly. It's becoming rare that pranks like this are done just as pranks. There's usually a financial interest in it.

Re:

[MichaelSmith]

What I don't exactly see is how they're profiting off the number

Probably doing it for the lulz.

Re:One really has to wonder...

[DarthBart]

+672 is not just for Antarctica, though. It is shared with Norfolk Island (a sort-of part of the commonwealth of Australia).

Re:One really has to wonder...

[stonertom]

Wholesale phone minutes is a sleazy business. If you have a good route to an obscure country making loads of calls to it would probably pay off.

Profiting is the easy part

[chrb]

What I don't exactly see is how they're profiting off the number.

There are plenty of providers of international premium rate numbers that will ask no questions about the callers and deposit a percentage of the call termination fees into a bank account at the end of the month - the article mentions they used Somalia ($0.14/min) [getpremiumnumbers.com], Dominica (€0.45/min) [getpremiumnumbers.com], Antarctica (€0.46/min) [getpremiumnumbers.com]. The provider I linked to was the top of Google's search - you can probably find others offering higher rates.

It should be a simple matter to follow the money back to the source of the problem

Not really. These crimes cross multiple legal jurisdictions, and there is no evidence to tie the trojan writer to the person profiting from the calls. Authorities in, say, Switzerland, will not break the banking secrecy of an individual just because they profited from running a premium rate phone number.

I remember hearing a story back in the early 90s about a French guy who had over 30 land lines installed in his house, and had set up an automated blueboxing dialler to call international premium rate numbers 24/7. Allegedly, he was earning $1.50/min from each call, and he quickly became a millionaire.

Re:Profiting is the easy part

[DNS-and-BIND]

Funny, back when I used to work in toll fraud at one of the Big Three, we regularly had overseas calls in the $3-4 range per minute. A popular destination was Vanuatu along with some other Pacific islands, easily the most expensive of them all. I never really understood porn over voice. Any time I saw the country codes for Pacific islands, I blocked them immediately. Another popular destination for toll fraud was 809, which was part of NANPA but still counted as overseas (Caribbean islands) and thus ran up big charges quickly. The most expensive fee per minute I ever saw was a puzzling destination of INMARSAT. What kind of country is that, I thought to myself as I dialed the number to check what it was. Seaman Mumble picked up the call, it was the bridge of a Navy destroyer! INMARSAT was/is a satellite communications provider for ships at sea. $5.50 per minute, the highest I ever saw.

The point of this rambling post is that toll fraud seems much cheaper these days. Fifty cents a minute to Antarctica seems like nothing compared to rates back in the day.

Re:One really has to wonder...

[Anonymous Coward]

+88234 is allocated to our company Global Networks Switzerland AG who operates a GSM network in Antarctica. The +88234 allocation is published by the ITU in the E.164 standard somewhere around 2003. As Antarctica is not considered a country according to the united nation but international territories, the +88234 allocation is out of the shared country codes block which is where you also find the satellite networks such as GlobalStar, Thuraya etc and also networks operating on Cruise Ships and similar. This is the main reason why operators charge a fortune. They don't differentiate +88234 in pricing from other networks in +882xx or +881xx which means you get charged sattelite connections even though our connection is much cheaper (and they make a hell of a lot of money off you). The connectivity to Antarctica goes over satellite to the edge of Antarctica to a research station (you can't reach the center over satellite). There is a second allocation +672 for antarctica for the australian Scott's base which is basically some kind of areacode of Australia. We have nothing to do with that network.

About the abuse of the number for so called auto-dialers, malware in games etc, please be aware that we are not involved in this. People somewhere in the middle do break out those calls and terminate it illegally on their equipment charging termination fees and making money of it. Those calls do not end up on our switch where they would supposed to go. The numbers used in the dialers are not in use in our network so calling them would result in a "unallocated number" error and you would not have been charged.

If you get charged for calls to +88234-8.... complain to the operator as it clearly points to shortstopping by a 3rd party.
Our legitimate users use mainly +88234-7xxx xx xx with a few allocations in +88234-4... and +88234-5...

Regards

Andreas Fink
CEO
Global Networks Switzerland AG
afink at gsm.aq

Re:

[Anonymous Coward]

There is a second allocation +672 for antarctica for the australian Scott's base which is basically some kind of areacode of Australia.

Scott Base is actually a New Zealand station. I believe the NZ phone system in Antarctica uses the +64 dialing code with an extension.

Re:

[Hurricane78]

+88234-7xxx xx xx

Hey, I had to try that. But it seems nobody was at home right now. :/

Re:

[York the Mysterious]

Note: I worked at McMurdo Station last year so I know what I'm talking about There's tons of phones down in Antarctica, but I'm not sure if any country is actually using the Antarctica country code. The US runs phone calls over the NPOESS sat system and trunks them back to Colorado where Raytheon Polar Systems is located. You can call anywhere in the US from the station with an extension to get an outside line, and the calls just look like some local number in the Colorado. Scott has has the same thing

Re:One really has to wonder...

[Lumbre]

...how they even *found* numbers in the Antarctic. It's not like you can set up a phone line down there, and I can't imagine many people would have occasion to call the Antarctic.

I don't see how you can't imagine phones in Antarctica. It's not like there aren't dozens are hundreds of researchers down there. It doesn't have to be a physical wired connection. It could be a phone connecting to a satellite. As another example of advanced technology in Antarctica, you can find an ATM down there [wellsfargo.com]. It's pretty much a normal ATM which they service every couple years. Think abstractly my fellow /.er

Re:

[York the Mysterious]

It's all goes digital at some point, but not VOIP. McMurdo Station, population 1000, has old analog phones or the crappy beige variety. There's several hundred of them (400 maybe) with a Microwave uplink to Black Island, 22 miles North of McMurdo. From Black Island the signal is uplinked via the NPOESS satellite system to Centennial Colorado, where it's dropped on the public phone system. No VOIP anywhere in there. The South Pole station, however is VOIP fed by several ancient satellites that peak low

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[jonbryce]

There will be satellite phones from networks with a polar orbit, such as Iridium, but not networks like Inmarsat which has a geostationary orbit. That's why it is so expensive.

Re:

[York the Mysterious]

Iridium is the only Sat phone used the NSF in Antarctica. They own hundreds of them and a bank of Iridium phones provide a very slow data uplink to sync the South Pole stations Exchange servers with the US

no phone numbers in antartic

[spectrokid]

According to Wikipedia, there is no international dial code for the antartic [wikipedia.org]

Re:

[DrugCheese]

According to Wikipedia, there is no international dial code for the antartic

That's because Antarctica has no nations to be international with. There are however plenty of research stations there with people who like to talk to mom n dad on the holidays.

Re:no phone numbers in antartic

[pookemon]

I originally modded you up - and then I did a search of my own.

http://countrycode.org/antarctica [countrycode.org]

Seems Wikipedia is not right about everything - go figure.

Re:no phone numbers in antartic

[AK Marc]

That country code is for Australia (they have one code for Australia proper, and one for external territories, which includes the Antarctic station). Most countries use their own country code for their Antarctic territories, but Australia is the exception. The only people you'll get with that country code are Australians, and none of the other research stations, so I'm not sure I'd say that Antarctica has its own country code.

What to the hackers gain?

[Michael Woodhams]

I saw this on the BBC website too, but neither article tells me how it is to the advantage of the hackers to give random people big telephone bills. Do the hackers own some little phone company which the calls are going through? Do they have some overpriced premium number connecting to a computer in Scott Base which recites astrology readings in a synthetic voice?

More seriously: why should the phone OS allow a game to initiate phone calls? (I really hope the answer is 'the OS has a bug' rather than 'that's how they designed it.')

Re:What to the hackers gain?

[LingNoi]

but neither article tells me how it is to the advantage of the hackers to give random people big telephone bills.

Maybe they get lonely down there.

Re:What to the hackers gain?

[thegarbz]

This is almost triggering nostalgia. I remember the good old days where viruses were actually malicious to the system they were installed on. None of this run silently in the background bot zombie we'll use your resources if we need it to further our own gain crap.

In the good old days a virus just wasn't a virus if it didn't format your C: on some arbitrary birthday of the writer, or nuke your master boot record, or even copy itself to the master boot record so that when you started up the computer said Suck It! Rather than displaying the Windows 3.11 loading screen. Man it sucked re-installing dos and windows from floppies.

Re:

[internewt]

Man it sucked re-installing dos and windows from floppies.

This bit of info might be a little late, but IIRC you could copy the contents of the 3.11 floppies to the HDD, and run setup from there. The install process would go much quicker, and the overall install time was quicker to manually do the copying first. Plus no having to watch the install process, and put disks in when it asked.

Re:What to the hackers gain?

[fuzzyfuzzyfungus]

Frankly, the kiddie vandal stuff was way less dangerous than the pro-level sneaky botnet crap we put up with now. Yeah, it sucked for the target(whereas, with a sufficiently powerful machine, your modern malware victim can limp along for months); but diseases virulent enough to kill their hosts swiftly don't spread as well, and don't have time to spam.

It would be ugly, for a while; but if more modern viruses nuked their hosts, as opposed to quietly lurking and spamming, the internet would be a safer, cleaner, place today.

Re:

[JustOK]

virulution

Re:

[chrb]

neither article tells me how it is to the advantage of the hackers to give random people big telephone bills

International premium rate numbers are big business, see my other reply [slashdot.org]. Here's another provider [premiumtlc.com] offering 1+ euro a minute. The lines usually cost a couple of hundred Euros to set up, so it's easy to make the money back if you can get people to call them.

Re:

[Sockatume]

From the sounds of things, the hackers cracked what was originally a shareware app. Putting in a money-wasting dialler may just be their way of saying "if you want to pirate games with the assistance of hackers, get ready for some serious bullshit".

Hacked by penguins

[kaoshin]

Hernk the planet squaaack!

To install or not install

[krischik]

One of the problems with mobile apps is the "allow and install" vs "deny and not install". You read the list of privileged operations and you are left with a tough decision and no middle ground - which would be "deny and still install". If I read the list of requested privileged applications I often get a shiver.

Considering how often links get slashdotted

[VShael]

You'd think SOMEONE would actually tell us the name of the game responsible?
Seems like that should have been in the headline or story.
("3D Anti Terrorist Action" by the way)

But no, I suppose it's more important to emphasise that it's Windows.

Slashdot. Old school journalism at its finest.

("There's a chemical in your home which may kill you. We'll tell you what it is, after these important messages")

Still Think Apple Moderates Too Harshly? ;)

[Udigs]

Running any application on your phone from untrusted sources produces unexpected results. Clip at 11.

Re:

[Hurricane78]

Protip: COMMON FUCKING SENSE!

When we treat people like idiots, the BECOME idiots. And my theory is, that that is the reason most people are idiots nowadays.
Because they CAN. And still live a pretty nice life. It’s just a (short-sighted) question of efficiency.

All those people in those companies that put people in miles of padding, should go to jail for crimes against humanity, until they have undone the damage.

Diego Garcia

[ei4anb]

The island of Diego Garcia used to be a favourite for such phone scams. Phone companies have international agreements to tranfer money, a portion of what they bill for international calls. In the case of the scam calls to Diego Garcia the money could be siphoned off by middlemen because Diego Garcia did not have agreements with all phone companies (bad credit rating?) and the money was routed indrectly. Something similar is happening here. The Irish Communications Regulator blocked direct dial calls to a list of countries to cut down on such fraud http://news.cnet.com/Ireland-launches-phone-fraud-crackdown/2100-1036_3-5377387.html [cnet.com]

Misnomer

[RenHoek]

This article is mistagged as a 'worm', it should be tagged as a 'logic bomb'.

A worm [wikipedia.org] is a piece of software that is able to propagate itself without interaction from a user. A logic bomb [wikipedia.org] is a piece of software or a function in a piece of software that activates when certain conditions are met.

Hmmm...

[rindeee]

I guess that whole "Is your refrigerator running" crank would be sort of un-funny given the circumstances....

Pranks

[Bigbutt]

Somewhere on McMurdo Station

Bob: ZzzzZZZzz
Phone: *ring* *ring*
Bob: Zz*wha* hello?
Phone: *ScreeEEeeeEee*
Bob: Hey, HEY THIS ISN'T A FAX! PICK UP! PICK UP! *slam* morons

[John]

Why attack freeware?

[Anonymous Coward]

This isn't freeware. It was a shareware version of a "pay" game that was cracked and injected with malware. Why does the summary make it look like freeware is more dangerous than pay-to-play? This is just another case where warez is more dangerous than legitimate software.

900 Numbers in the Antarctic ?

[mbone]

There is no civil society in Antarctica - none. I do not believe that there is as much as a convenience store in the entire continent. So who, pray tell, is getting the money from these calls ? The National Science Foundation ? Now, that would be an interesting way to expand the science budget...

Time to investigate.

[dadelbunts]

It seems the developer was a little. *puts on sunglassses* cold blooded. YEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH

Re:LOL

[vivian]

Crappy brain dead design strikes again.
Why on earth are mobile phone apps even allowed to make calls in the first place, without some sort of specificaly made user authorization?

Surely that should be something that has to be done on a per-application basis, and only after the user has allowed it by entering an authorization password to allow the app to access those parts of the phone!?
There should also be a way to limit the number or costs of calls (per application) that is built in at the lowest possible level too.

Re:

[LingNoi]

Thats way too complicated IMO. All that should be allowed is sending a number to the dialer program. Then the user can decide to call that number or not.

Re:

[Anonymous Coward]

the problem is that a secure design would show a popup like:

do you want to call this 00431341424345 number with your modem (yes/no/always allow this number) every time the modem driver engage

instead windows 7/vista shows us a popup like:

the application solitaire.exe requires you authorization to continue (yes/no)

and that popup is so common that users click trough it without a second thought.

Re:

[eugene2k]

>Why on earth are mobile phone apps even allowed to make calls in the first place, without some sort of specificaly made user authorization?
For the record, when a Symbian app tries to make a call or connect to the internet the user is presented with a dialog asking whether to allow the app to connect/make a call. No idea why Microsoft decided this is not needed.

Re:

[KDR_11k]

Might be using some software bug to circumvent the prompt but yeah.

Re:

[jimthehorsegod]

... software bug ....

Oh I hardly think that likely...

Re:

[QBasicer]

It's frustrating on my windows mobile phone that if you turn off data, for example if you're roaming in the US, and some app is like "OH I NEED TO CHECK FOR UPDATES RIGHT NOW", that WinMo will just say "Oh I see data is turned off. Let me turn that on for you.".

Re:

[GNUALMAFUERTE]

Actually, it was even worse. There was no security model in win98, FAT doesn't have permissions, and all users are the same. The login dialog allowed you to login onto a network, and to load a custom wallpaper and some other user-based preferences.

When m$ migrated everything to NT-based systems, they did introduce file permissions and user-based auth, but it's still totally insecure and easily bypassed.

Did you really think m$ was going to do better on the mobile version of their os?

Re:LOL

[FearForWings]

The simple answer is that the phone companies hope you'll be to embarrass to contest the charges.

Simmilar examples can be found in:

1.) Back in the good old days of dial-up, there were adult sites that would give "free" access assuming you (stupidly/unknowingly) dialed into a south-pacific island nation number that had a north American prefix, with your unlimited long distance account.*
2.) All the cell joke and ring tone numbers you can "get for free" that are/were advertised on TV.

*my brother found out about this the hard way

Re:

[makomk]

All the cell joke and ring tone numbers you can "get for free" that are/were advertised on TV.

That's generally known as false advertising and fraud, at least in countries with sensible regulatory systems. Our cellphone/ring tone scams here in the UK are all rather more advanced for this reason...

Re:

[PopeRatzo]

at least in countries with sensible regulatory systems.

Xanadu?

Re:

[John Hasler]

> That's generally known as false advertising and fraud, at least in countries
> with sensible regulatory systems.

It's also illegal in countries with simple basic criminal laws against fraud. No need for "regulatory systems".

Re:

[erroneus]

No doubt. My blackberry asks if I want to allow software to access the internet, bluetooth, gps and dial the phone each and every time (unless I mark that software safe to do so on its own). So if I am playing a game and it wants to dial my phone, I'm going to deny it and then wonder "wtf?!" Then I'd probably remove it. Not saying that RIM are especially insightful in their creating the OS that way. I'm saying it's plain obvious that it should be exactly like that and that it is unimaginably stupid for

Re:LOL

[profplump]

And decent phones do. On a BlackBerry, for example, you have to specifically authorize each application to access to the voice radio, IP connections (as a whole or per-domain), GPS, address book, etc. It's easy to use and provides great protection, not to mention the instant insight into what a program is actually doing (i.e. "Why does this free calculator want to connect to warez.ru"). Why WindowsCE doesn't do such things is a complete mystery.

Re:

[DrXym]

Android also has finegrained security permissions and does stick up a warning before installation of what the app is permitted to do. But I think it would be very easy for people to click through these. I think certain permissions are more dangerous that others, especially in combination and I would like to see phones more prominently warn upfront and also when the app tries to invoke them.

Re:Android permissions

[just fiddling around]

The permissions on Android are OK, but for IP access are too vague. Since I pay per Kb, I'd like to have a per-domain permission or a per-access notification.

Moreover, all the programs I downloaded triggered "network access" warning on install so I would not be surprised if "whoopieCalc" did so. Security breach by desensitivation FTL.

Re:Android permissions

[mlts]

Android's permissions are either all or nothing when it comes to Internet access. And some apps just ask for that permission for no real reason.

Best way to deal with that is to have a rooted phone and Droidwall. However, this won't protect against an app that was installed that was given capabilities of dialing and sending/receiving SMS/MMS items.

Another item to have is an app called autostarts. You would be surprised on what apps want to hook where.

Re:

[davidbrit2]

Why WindowsCE doesn't do such things is a complete mystery.

It's built from a codebase that's from around 1995, when such concerns barely existed yet. And instead of building up something like UAC and privilege control, it looks like MS is just taking the easy way out and locking down the OS, which is kind of sad, considering extreme flexibility and relative open access is/was one of WM's (only?) major strengths.

Re:

[mlts]

I am actually a bit miffed at MS for taking the easy way out and doing this. Why couldn't they make a permission/security system that would both work with legacy programs, but still provide protection against rogue apps on legacy systems? There are already third party firewall programs for WM, it wouldn't be hard for Microsoft to integrate that functionality in and have apps either request permission on install (like Android), or before use (like Blackberries).

What made Windows Mobile so attractive for a

Re:

[Dan East]

Note that this differs between signed and unsigned apps. Unsigned apps result in more notifications to the user, and RIM doesn't actually approve applications like Apple does. So anyone can sign unlimited apps for $50.

Re:

[doug141]

>Why WindowsCE doesn't do such things is a complete mystery. Perhaps because they get panned when they do the same thing, like in Vista UAC?

Re:

[gid]

I have that problem with Motorolla Karma/QA1. Signed google maps can access the network all it wants after selecting "yes always". But the unsigned gmail cannot "yes ask every time" is the only allow network option for gmail and all unsigned apps. I've always assumed it's something that AT&T did to intentionally cripple the phone to not use the network as much as it's not a "smart phone" (read as cheaper data plan), but it's still quite capable so they had to make it stupider. [sic]

Re:

[PinkyGigglebrain]

Hammer, meet nail head.

You are dead on with that. As much fun as it is for the /. community to say "oh look, another WINDOWS VIRUS!" and start bashing MS this is a screw up at the application level, not the OS.

Looks like I'm going to have to save my MS bashing comments for another day, bummer.

Re:LOL

[zullnero]

It's how .NET CF's telephony API works. You call a function, send it a number as a parameter, and it dials it. As long as I can remember, that's pretty much been how you call that particular .NET CF function. At least, that's how it worked in 2005 with .NET CF 1.0. So basically, that particular hole has been there for probably about 5 years. Since most mobile phones run a slightly older than latest version of .NET CF, I'd imagine that quite a few phones would be vulnerable to that. That said, the main reason it doesn't prompt for verification is because a lot of big companies, carriers, major third party dev houses, etc. most likely demanded that they be able to "phone home" seamlessly and quietly for various reasons or they wouldn't support their platform.

I know, you're probably thinking "what reasons"? Well, from some of the vendors I've worked with, it ranges from location based information to cell phone recovery tracking to remote programming. None of it is absolutely necessary given current available technology and that you can do all that stuff over the data network, but when Windows CE was originally designed, data networks weren't quite as useful.

Re:

[zullnero]

Whoops, meant to say "when .NET CF for Windows CE was originally designed", not just Windows CE. It's a difference of about 5 or 6 years. 2 pint mugs of White Russians can do that to a guy.

Re:

[abigsmurf]

You're running a piece of code. Your phone is already compromised.

You could give the user an option to give an application permission to use the phone functions but in all likelihood, the application could quite easily authorise itself, trick the user ("submit your high score?") or just disable the checks.

Even if you put in a permissions system modelled after Unix or Windows 7, there's still plenty of damage malware can do (how about changing every number in your phone book to a premium rate number?).

Re:

[TheSunborn]

You are aware that Apple don't review code before it is added to the shop right?

And the rest of the world have already solved this problem for mobile phones. An application don't have access to do anything that can interfere with other applications/the operation system without explicit user accept.

And this access is handled by the operation system not the application. The application ask the operation system, and the operation system ask the user, so the application don't have any way to trick the user into

Re:

[DJRumpy]

All of the 3rd party code in the App store is reviewed and no code is placed into the App store until review is complete. This sort of hack, which would have to use non-standard API's to accomplish this, is exactly what such reviews would find. Love it or hate it, it is an effective tool in finding such malware. It is not a catch all, but is an important piece.

"You are aware that Apple don't review code before it is added to the shop right?"

Re:

[Sebilrazen]

Shhh, you aren't supposed to find arguments in favor of a review process like Apple's, this is /. after all.

Re:

[WNight]

I'm sure they do but it's obviously not worth much. It's partly why they won't allow an interpreted language - to make the check possible at all - and they still couldn't possibly check one app thoroughly, let alone all the thousands.

Such a check is less than worthless - like WEP - a false sense of security. Sure, it'll catch some trivial malware that's written by someone who didn't expect the examination but such a check will miss any of the code submitted to the Underhanded C Contest.

The only worthwhile s

Re:

[Lumpy]

iPhone and Android makes you press a button on screen to dial a number from a webpage. Why is this not the case for the WM OS? there should be no possible way to initiate a dialing. Push the number to the phone interface, but it can not dial until the user presses the dial GUI button.

Re:

[Hurricane78]

J2ME (Java) is an example of how to do it properly. For every action that could be abused, there is a security rule. That rule is by default disabled. Then e.g. when the program tries to make a call, the JVM itself asks if you want to allow it [Never] [No] [This time] [Always]. (Something like this.)

But hey: Windows is brain dead because it has to fits its users. ^^
They would complain if it were different, for being “too complicated to use”. (With is another way for them to say that they are jus

Re:

[Joe U]

Actually, most vendors have security turned on, you can only installed signed apps, and unsigned ones don't get access to the phone or the web.

The first thing the average XDA user does is disable that.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Could someone please post the phone number

[DarthBart]

+88234-86-7-53-0-9

Re:

[DarthBart]

Oh, and you're correct about the lack of undersea cable. Everything that goes down there has to be transported on satellite, and even that gets iffy at times, especially at places south of McMurdo. Connection to the Amundsen-Scott has been done by a combination of geosynchronous birds in inclined orbits and by medium-earth-orbit birds in highly eccentric Molinya-type orbits.

Re:Could someone please post the phone number

[VShael]

Well that's helpful. I tried googling the phone number to see what I could find.

Google told me the answer was 88,079.

Thanks Google.

Re:

[jaavaaguru]

http://en.wikipedia.org/wiki/867-5309/Jenny [wikipedia.org]

Re:

[MichaelSmith]

I assume thats the only way to stay warm at this time of year. So how is the hibernation going?