Thursday, January 5, 2006
Security and Convergence in your Palm
Playing Devil's advocate (or when keeping 4 devices instead of one is a good thing):
One Device. In your pocket. Large Screen, hi speed over the air connection. Your phone, your planner, your email, your presence, your Instant Messaging client, your gaming console, your shopping center. It remembers all your preferences and your details. Just ‘one click and go’. Watch TV, order PPV – just one click. Listen to music, buy new albums – one click. Read documents, interact.
In other words, that little PDA of yours is your home away from home. Always connected. How much better can it get ?
One Word: Security
As phones get more 'powerful' they morph into general purpose machines, succeptible to the same remote exploits, DoS and security issues an open PC on the internet is. To top it off, many phones work on embedded OSes that cannot offer expensive virtual address space and address locking mechanisms making it easier for one application to write over the address space of others (think heap and stack exploits). Proof of concept viruses for smart phones are already old news (here and here. ) Most of the attacks on PDA phones use the basic concept of buffer overflow techniques - which are very powerful. The idea is this: Whenever a function is called, the return address to the calling function is stored in a stack. When the function exits, the return address is popped off the stack and control transfers to that return address. The idea, then, is to somehow overwrite that stored return address with one that points to malicious code. For example: if a badly written app does an strcpy(pFoo,fnData) and fnData is a userinput, I could craft a string for fnData that is large enough,that in trying to store fnData, the application overwrites it stack; and that string is actually a binary coded exploit that knows exactly where to place a modified return address to point back to another place in that same string, that is the malicious code. Ta-dah. We have an exploit. This is nothing new - techniques for buffer overflow exploits have existed for years. Just that our phones were too 'specific purpose' for it to do much harm.
Why is this only a problem related to 'smarter phones' ? Well, what is the worst that has happened to your ‘old’ phone ? You downloaded a game and it crashed your system. That’s it, right ? What is the worst that has happened to your email ? You clicked on a link, and it installed a trojan and your mail server sent a 100 viagra emails to all your buddies, from you. Ouch. What can happen if your phone presence is compromised ? Now put them all together as a converged application platform, where one application compromise can lead to a trojan compromising other installed applications. What happens if you click on your outlook client in your phone and that installs a trojan that takes over your phone control ? How cool – hackers now have multiple application routes and ports from which they can think of attacking your complete phone. Hey, its not a phone anymore – it’s a converged device ! A powerful computer in your palm. And since all these applications sit next to each other in your phone, if one application is compromised, a trojan can attack other applications within your phone – and no firewall can help, because its already in your phone ! Hooray. And if you don't think this is real, there are already theories out there which acheive buffer exploits via SMS messages.
So again, security. I hope application developers and phone OEMs realize that badly written applications lend themselves to easy exploits and as the convergence dream is racing ahead, so are security concerns. Gee, this was nothing. Here is a paranoid look at how wonderful it can get (click on image for larger version).