This message is to those who download java apps from free sites.
Yesterday I downloaded and installed what I thought was a java game from one of the popular free application sites (IE getjar, mosh etc...). I will not post the name just for the sake of not ruining credibility. After installation I continued to run the game only to receive an "application error" message prompt. I did what any typical user would do and went to remove the game.
Of course, the application could not be removed so I restarted my phone and tried again. Again, it would not uninstall and with a lack of error code or any detailed reason what-so-ever so I decided to take my own action. I tried to install the file again, hoping this would create the necessary uninstall information needed. No such luck. This is where it gets fun.
After the first reboot my phone prompted that Bluetooth was not turned on, and if I'd like to turn it on. I selected no without giving it a second thought.
Note that I do not have any file permission software installed on my device of any kind so this file gave itself full system permission on its own.
After trying several things to attempt to remove my device, including several reboots, I started to get more curious as to what was trying to activate Bluetooth.
I decided that I would do a reboot of my phone and allow Bluetooth to turn on. After about a minute and a half my computer alerted me that a device was attempting to make a connection via Bluetooth and it was indeed my phone trying to connect. Very reluctantly, I allowed the connection after running a few registry monitoring tools on my PC. I don’t know if my phone tried to pair with my computer or not because it had already been paired before. I did not notice any malicious action on behalf of my phone connecting to my PC. After this I went into my phones file system using Y-browser and found quite a few entries that were made by this odd application. I decided that I would not allow this file to do anymore damage and so last night I performed a firmware re-flash of my phone and reformatting of my memory card.
So far, no issues but I just wanted to make others aware of this and to make sure that your applications come from trusted sources. I still don’t know the intent of this particular application but I could assume it was designed to spread via Bluetooth to other java capable mobile devices.
**edit** I had also downloaded and ran F-secure mobile before connecting to my computer. F-secure found 0 infected files. I'd like to point out though that I am not convinced that mobile virus scanners really do anything.
You should name the file/game and the source, so that people know what to avoid. If not that, at the very least contact the site and tell them they have issues with software they are hosting.
I had contacted the site and the file was removed that's why I did not post the file. I just wanted to make people aware that this could become a not so rare occurance.
With how popular mobile gaming has become, I would not be surprised if there was a major shift of focus to write more malicious software for mobile devices.
Fair enough. This should be a signal for sites to start vetting apps sent to them for hosting.
I didn't think Java applications could use bluetooth.
waxup wrote:I had contacted the site and the file was removed that's why I did not post the file. I just wanted to make people aware that this could become a not so rare occurance.With how popular mobile gaming has become, I would not be surprised if there was a major shift of focus to write more malicious software for mobile devices.
You'd be better naming and describing the file though as it might be hosted on other sites.
Wombler
--- After the first reboot my phone prompted that Bluetooth was not turned on, and if I'd like to turn it on. I selected no without giving it a second thought. ---
Lots of things can do this, though your Java application will not survive a phone reboot without alerting you of its desire to do so, so this is very unlikely to be the cause. I'm assuming you were careful 😊 Even if it was the cause, it's still fairly harmless. It will have to ask you every time it wants to connect.
--- Note that I do not have any file permission software installed on my device of any kind so this file gave itself full system permission on its own. ---
Java applications do not have any way to give themselves full system access, they work within the bounds of the various JSR's on the phone itself. This is not possible for a whole myriad of reasons.
--- I decided that I would do a reboot of my phone and allow Bluetooth to turn on. After about a minute and a half my computer alerted me that a device was attempting to make a connection ---
This can be fairly common, bluetooth likes to do auto-discovery - I get these notifications on a fairly routine basis - once you pair the devices with each other these notifications usually go away.
Unless you name the source or application, then this didn't happen. Period. Sorry to be so negative, but you describe issues that have a whole range of different causes from the Symbian OS itself, through to unstable applications. It takes a pretty serious effort to bypass the caged directory structure, not only that, but unless this java app was signed, then it's going to be spitting up alerts on a constant and annoying basis every time it wants to use any communication path out of the phone. You would notice this real quick. Even signed applications will ask you at least once.
The easiest way to test for replication is to get a second phone along side and wait, or use something like wireshark to sniff the packets and see what's what.
dchky wrote:It takes a pretty serious effort to bypass the caged directory structure, not only that, but unless this java app was signed, then it's going to be spitting up alerts on a constant and annoying basis every time it wants to use any communication path out of the phone. You would notice this real quick. Even signed applications will ask you at least once.
A very informative post and quite reassuring to know.
Thanks for that info.
Wombler