Network Magazine

Special Report: Mobile Code Security.(Internet/Web/Online Service Information)

In January 1997, under the hot glare of lights from the TV station Mitteldeutscher Rundfunk, three German hackers gave a dramatic demonstration of mobile code and the havoc it can wreak. First, a "clickbait" Web page with the message "Click here to become a millionaire in five minutes" was shown. Next, the program's presenter (posing as a user) clicked on the link, unwittingly downloading ActiveX controls. When she subsequently opened Quicken, a background task clandestinely generated an electronic fund transfer, payable to "Bad Boy."

This particular "Chaos Computer Club" hack never posed a real-world threat. The ActiveX controls shown never made it out of the studio, and Quicken was later changed to enhance its security. It deserves to be remembered, however, as a lesson regarding the destructive potential of mobile code gone bad.

"Most of the mobile code hacking we've seen so far is the ankle-biter type because there aren't many people who can do other things," says Gary McGraw, senior research scientist at Reliable Software Technologies (www.rstcorp.com). "However, there have already been serious attempts to capture funds and blackmail banks.

"Wearing my paranoid hat," he continues, "I'd say the real danger from mobile code will be corporate espionage. It will be looking for private keys or security codes."

In his book Securing Java (with Edward Felten, Wiley, 1999, second edition), McGraw defined four classes of security risk, in descending order of severity:

. System Modification attacks that can change or delete files on a system and otherwise compromise its security and integrity

. Invasion of Privacy attacks that access passwords, e-mail, and other confidential files, or cause such information to be forged

. Denial of Service (DoS) attacks that shut down or crash a computer, perhaps by using up all its memory or all its CPU cycles

. Antagonistic attacks that annoy a user via unwanted windows, pictures, or sounds.

Some of today's more elaborate commercial Web sites practically qualify as antagonistic or DoS attacks all by themselves, at least for users who must access them via a slow dial-up link. System modification attacks are rarer, but mobile code has proven capable of it (in the lab, if not in the wild). For example, the ActiveX control called Exploder can shut a Windows client down, unsaved data and all, right after its user clicks on a link.

WHAT'S DIFFERENT ABOUT MOBILE CODE?

Using your computer to run program code that someone else wrote and compiled has always been a potentially risky thing to do. In the early days of the microcomputer, no one would even have considered it. Programs had to be written specifically for each new platform, maybe even entered into it by manually flipping switches on a front panel.

As general-purpose applications such as VisiCalc and WordStar became popular, however, users gradually came to trust shrink-wrapped software. (Sometimes their faith was merited, and sometimes it wasn't.) Due to the high cost of commercial software (yes, CP/M word processors really could cost $795 in 1980), a parallel distribution model sprang up: Users traded shareware, or perhaps illegal software, via copied disks, online bulletin boards, and FTP sites. …

Log in to your account to read this article – and millions more.