Indian hacker Atul Alex has had a look at the firmware for Symbian S60 smartphones and come up with a back door for it. By modifying version 5 of the original software – which runs on such devices as the Nokia 5800, Nokia X6, Nokia 5530XM, Sony Ericsson Satio and Sony Ericsson Vivaz – he has integrated a back door as a reverse shell, including support for Perl scripts. All of the smartphone's functions can be remotely controlled, including the camera. Alex wrote the back door itself in Python. He plans to make the firmware available for free soon for downloading.
To install a modified operating system, however, an attacker would first have to get hold of a smartphone for a few minutes and connect it to a computer via a USB cable or something similar. Once installed, the back door calls the attacker via a wireless connection and transmits the device's current IP address. The shell listens in at port 5530 and handles such functions as netcat, mkdir and wget. In addition, it reportedly supports over-the-air installation of additional applications.
The back door also includes options to read out email, telephone lists, and text messages from memory, create screenshots, take photos with the phone's integrated digital camera, and record telephone calls. The stolen data are transmitted via GPRS/UMTS or WLAN to the attacker's file server.
Alex told The H's associates at heise Security that he uses a technique he developed himself to hide the back door process from the system's TaskManager. While third-party task managers are principally capable of displaying the process, Alex says that they work at the level of the system and therefore cannot terminate the task. He says the only way to remove the back door is to overwrite the firmware with Symbian's original software.