News Forum Phone database

> New Topic
> Reply
< Esato Forum Index > Sony Ericsson / Sony > General > This is the gif image that will crash or restart your SE phone Bookmark topic

Actually you need to see it differently. Phone that can receive a corrupted file and behaves as if there is nothing wrong is actually has problem. Imagine if this file is important file and you copy it to your phone, view it and think it is OK then transfer it to other computer far aways who really need it but can't use it because it is corrupted.

But I agree that phone should be more graceful and catch the exception instead of just restarting. At least let the user know what it does not like before restarting. I thought Java should handle this. Maybe J2ME is still way behind J2SE.
--
Posted: 2008-03-23 06:38:15
Edit : Quote



Actually it's not a lack of cpu or memory resources that causes this problem. The image is tiny, it uses hardly any resources at all. The image has been purpose designed to crash A100 phones and it most likely does so by causing a memory addressing error or buffer overflow.

Just about any operating system is susceptible to such an attack, but this particular file is targeted at A100. (That's why UIQ is immune)



It's not J2ME that is to blame.

1st the phones you call "java" phones do not run on JAVA, they run on A100. J2ME is an additional application platform that runs over the top of A100. There is a bit of a perception around that non-symbian SE phones are "java" phones, because you can install "java" applications on them, but the java applications are installed into a java virtual machine that runs over the top of the core OS.

The crash that occurs when virus.gif is viewed on the phone occurs within the core OS (ie: A100). J2ME isn't even operative when the crash occurs. If the crash only occured within J2ME applications, THEN you could blame J2ME

2nd even J2SE can be targeted for these kinds of attacks. I have had many crashes occur in J2SE VM's running on my PC, it's by no means uncommon. So even if you were right to blame J2ME, which you are not, it is still incorrect to claim that J2SE is immune from this kind of thing.

3rd No operating system is completely immune to EOF faults or buffer overflows. EVERY single operating system on the planet is crashable, given the right code. Such a "virus" could be designed for MAC, UNIX, Linux, Windows, Symbian, Palm, WM, Beos, Dos, or any OS you care to name.



Running crash prediction software in the background is VERY resource intensive and also unreliable. There is no sure fire way to predict a crash of this kind. If it were so, no operating system would ever crash.

Don't be fooled by our friend Mario's bit of fun - this "crash" does not indicate SE phones are in some way inferior to other phones. This attack has designed to exploit characteristics of A100, but could just as easily have been designed to exploit symbian or linux phones.

The Nokia fanboys who created this are are so keen to discredit SE that they go to these great lengths to dishonestly cast aspersions. Meanwhile, SE fanboys spend their time hacking their own phones rather than Nokia. This is probably why there are so much better hacks available for SE than Nokia
_________________
File System Tweaks for the K750 K750 Tricks
K800 Tips and Themes
Max's K800 Page


[ This Message was edited by: max_wedge on 2008-03-23 07:06 ]
--
Posted: 2008-03-23 07:56:01
Edit : Quote




can't believe those fanboys had gone this long just to bash SE. tbh SE community is the best
--
Posted: 2008-03-24 01:18:32
Edit : Quote



Well.. when you're running a java- application, then the program can crash because a module fails, or if some logic or other doesn't work. But the program doesn't take the OS with it (on any good java- machine, such as anything not used by MS). Because he memory used in the program can't "elevate privileges" (read: execute monitor- code for the OS), or execute code that could cause a "buffer overrun", and overwrite memory other programs will crash from. And I'm sure SE chose that platform for applications on their phones for that reason - because of the security, the reliability around installing extra apps on the phone, and because the well- specified modules.

Is it possible to have the same guarantee involved when executing c- code? It's a different framework from the beginning, so no. But it sure is possible to program the modules in your program to operate within the constraints you give it. And then fault the program when it doesn't. And that's what SE hasn't done here, and allowed a picture- animator to run monitor- level code, and overwrite memory.

(Not that certain other manufacturers aren't notorious for just quietly ignoring every fault in the programs - so the hangs can be written off as "random bugs" that somehow are "acceptable" when they happen. But hey..)

Well.. no. You won't get an overflow error when launching specific modules in a well- written program environment that isn't designed to give full privileges to every kind of program- string anywhere in the OS. And a good OS has some way to recover from errors in the code, when specific modules are launched to do some task. The same goes for any program trying to access memory directly - the framework can prevent that. I mean - you just won't find that kind of error on a unix system, or in a java machine, because of the memory handling.

(...And that's not expensive algoritms dealing with garbage- collection, and so on. That's proper addressing, and lack of opportunity to elevate code to monitor- privileges executed in a "user"- environment by design).

Bottom line: SE expected the OS code to be self- contained, and impossible to crack. It wasn't, and the only recovery available on the first consistency check is to restart the phone. Not pretty - but at least it won't corrupt the files on the phone afterwards (that too, happens on phones from certain other manufacturers).
--
Posted: 2008-03-24 12:45:51
Edit : Quote


Good points nipsen, in other words symbian would be harder to fault. But are we comparing an A100 OS against symbian and if so is it really a fair comparison?

And as you say, the files are protected from corruption atleast. Personally I don't care if makers like SE don't go all out to provide 100% protection of OS's that aren't designed to run high demand file or application servers (or even a home pc). As long as a phone is stable in the situations that average end users find themselves in then I think they have done enough.

As for security (and threat from viruses and malware) on Symbian, because of it's higher complexity probably needs more attention given to code vulnurabilities. Atleast the J2ME platform is well sandboxed from the core OS.

And bluetooth is not that easy to crack - you have to rely on social engineering or unobstructed physical access to gain malicous access to a bluetooth phone.

So I still think the ability of this "malware" gif image to crash an SE phone is not an indication that SE A100 phones are less stable than Symbian.
--
Posted: 2008-03-26 00:58:02
Edit : Quote


Try this one. Maybe you won't see it animated in a browser, but it's an animation that restarts your SE

--
Posted: 2009-03-23 15:28:44
Edit : Quote


Just makes me them handsets even more
--
Posted: 2009-03-23 16:11:09
Edit : Quote


I have this one since friday. W910 crashes, but Nokia 5320 don't.
--
Posted: 2009-03-23 16:46:26
Edit : Quote


it looks like the gif image drain your battery on 3 seconds, (but it still isnt)....

like it "tell/hoax" the UI that the battery is empty and there by turn the phone off........
but in the real world you still have power left, (because its just a hoax)....you follow me ??


its like a PC Trojan. (to hostile the Operative system (UI))

anyway...its just a idea

--
Posted: 2009-03-23 18:36:41
Edit : Quote




Wow thats clever, I had a menu.ml on my k810i and in the menu was a restart option, and I saw this pic appear wierdly enough
--
Posted: 2009-03-23 18:54:27
Edit : Quote

---

New Topic   Reply

Forum Index