BBC creates Malware

Staff at the BBC hit on a wizard “silly season” story by writing a bit of malware for the smart phone.

Apparently it took them “a few weeks” to create an app which spied on the owner of the handset using the standard parts from the software toolkits that developers use to create programs for handsets.  We guess they had a few other projects to work on as well.

Mark Ward’s software was a naughts and crosses game which he said phoned home to reveal details of the user.

It was possible in a few weeks to put together a crude game that also, out of sight, gathered contacts, copied text messages, logged the phone’s location and sent it to a specially set up e-mail address.

The spyware took up about 250 lines of the 1500 making up the entire program. The code was downloaded to a single handset but was not put on an application store.

It was all an attempt to make a news story out of nothing. The only advice was to watch your phone bill and battery to make sure either was not being hammered by malware.

He dragged up an expert Chris Wysopal, co-founder and technology head at security firm Veracode, which helped the BBC with its project, who said smartphones were now at the point the PC was in 1999.

“At that time malicious programs were a nuisance. A decade on and they are big business,” he said, “with gangs of criminals churning out malware that tries to steal saleable information.”

Not really. Viruses were a nuisance in 1985, by 1999 they were a major problem. So far there has been nothing like 1999 levels of malware on smart phones yet.

So other than “we have created some malware, how easy is it” what has the BBC told us? Er, nothing.

The point is that a silly season story on malware for smart phones could have been a lot better. The central premise of the piece was true. It is too easy to get malware onto smartphones. But the question then is why is the mobile industry refusing to do what the PC industry learnt 20 years ago?

The Beeb told us that Google and Apple all check their application stores, but claimed the task of vetting for malware is nearly impossible.

But it isn’t. It just takes more time and energy than Apple or Google can be bothered with. Both market the numbers of applications in their store as if large numbers are something to be proud of. In such an environment none of them are going to look too closely at what each App does to make sure it is safe.

Where are the security applications that can test to see if an app is working in the background and doing things it shouldn’t? It is unlikely that these do not exist, so why haven’t the major telcos and writers of operating systems got them on board?

The existence of malware on smartphones should have been an occasion to take the telcos and the likes of Apple and Google to the cleaners and not to produce some “tut tut” public awareness piece. It seems that the BBC’s policy of dumbing down technology stories has got so low that its advice and research has lost meaning.