Worms have been less of a problem in the world today because of two security features:
- DEP (Data Execution Prevention): This marks memory segments as “non-executable”. Executable code inserted here from program faults, overflows, and what not, is not executed by the microprocessor. DEP has been in all Windows systems since XP SP2 in 2004. The same holds true for Linux systems. Most smartphones, by default architecture, have non-executable memory pages.
- ASLR (Address Space Layout Randomization): This is an O/S feature designed to prevent the prediction of executable code in memory. It randomizes the location of the executable, stack, heap, and libraries in the system’s memory. This was a Linux option in 2001 and standard in Linux since 2005. Microsoft adopted this in Vista in 2007, although the bugs weren’t worked out of it until Windows 8. Mac OS introduced this in verson 10.5 in 2007. Apple’s iOS introduced in version 4.3 (2011). Google’s Android system partially introduced this with Ice Cream Sandwich in 2011, and fully in Nougat (7.0) in 2016.
Smartphone’s have other attack surfaces; namely the Baseband (Carrier) and WiFi chipsets. There is an active exploit of the Broadcom BCM43xx family of chipsets used in all iPhones (5 and later) and many Android devices. The exploit allows RCE (Remote Code Execution) with Kernel-level privileges; in other words, the take-over of your phone. For the techno-geek, here is a great article from Exodus Intelligence where they actually create a self-propagating worm using this exploit. Wow!
Google fixed this issue in early July as part of it’s monthly Android security updates. Apple fixed this last week in the release of iOS 10.3.3.
All smartphone users should upgrade their phone’s software.