| Mobile
Viruses: A Looming Threat?
The
possibility of spreading a virus to millions of mobile devices
is becoming a reality as devices become less 'dumb'. What
hacker could resist such a temptation. Operators should take
preventative measures now or face subscriber anger in the
future.
As
mobile devices become more sophisticated and new technologies
facilitate constant network connections, the user experience
of 'mobile Internet' will become much more acceptable. But
always-on handsets incorporating processing power are also
more attractive to hackers and those seeking to cause damage
to operators or users.
In
an era where mobile devices may carry virtual currency as
well as important corporate or personal information, the threat
from viruses cannot be ignored. A pan-European survey on next
generation mobile services published by Siemens in January
found that a large percentage of consumers have serious reservations
about the security of a wireless interface the emergence
of mobile hacking would simply increase that negative sentiment.
There
is a great deal of confusion surrounding the current threat
to mobile phone security as recent reporting of 'mobile viruses'
demonstrated. The levels of risk and the possible consequences
are important.
"There
were reports last June of a virus that went out over the Telefonica
network in Spain. Unfortunately, those reports were misleading
randomly selected mobile phone users received unsolicited
SMS messages infected with a PC virus, rather than a virus
infecting their phone. There were also reports of a virus
on the Palm platform but this was in fact a crude Trojan."
There
are three main levels of threat. A Trojan could be described
as a program that does something unexpected, so if you had
received a copy of the Palm Trojan and loaded it onto your
device it would have erased your data, but that it the only
way it could have affected the device. A Trojan needs to be
installed and executed by an unsuspecting user in order for
it to be effective.
A
virus is a more serious threat. It can replicate itself from
program-to-program or document-to-document, although it still
requires the recipient to pass it on, most often via e-mail.
At the top of the danger scale is the worm. Unlike the virus
it does not require any user interaction after infection as
it spreads automatically, attacking all members of a network
or the contacts listed in an address book.
|
|
|
"Because
many next generation mobile phones will be constantly connected
to the network a mobile worm could spread very quickly and cause
considerable network traffic or disruption,". "Ironically,
new 'smart' devices are potentially more vulnerable than current
'dumb' GSM handsets, as they are likely to be programmable devices."
The issue of mobile security and the threat posed by viruses
is very relevant to both operators and application developers
according to Neil Flanagan of Alatto (www.alatto.com), a Dublin-based
provider of 3G specialist services.
"Handset
manufacturers are concerned about viruses becoming resident
on mobile devices with the move towards powerful operating systems.
The 3G handsets currently available from manufacturers such
as NEC support WAP 1.2 but as with 2G WAP phones the security
model is weakly supported, although the limited functionality
means that viruses are not a real problem."
However,
with emerging J2ME (java) compatible handsets and combined PDA/phone
devices the importance of strong security becomes much greater.
"These
devices will be as vulnerable to viruses as any PC but with
the added complexity of patching, for example, a java security
sandbox problem onto millions of individual phones once a security
hole is discovered, before hackers subvert or render unusable
large numbers of handsets. These are potential scenarios that
are keeping operators awake at night."
Certain
operators are looking at embedded virus filters to eliminate
malicious code, while others are relying on carefully vetting
applications using the 'walled garden' model, though restricting
customers to walled gardens has negative implications on marketing
of services. "Operators especially are beginning to appreciate
the damage a virus can do to a customer relationship,"
added Flanagan. "Customers have a strong trust relationship
with their mobile operator - much more so than with their fixed
line ISP."
The
possibility of millions of mobile phones being infected and
spreading their unwelcome content around the world is certainly
a frightening one. Mobile developers should learn from the experiences
of the fixed line Internet. "A billion users of smart mobile
devices would be a big target for virus writers. A malicious
program in future might make prank calls, erase mobile data,
even try to interfere with m-commerce payments."
"Before
these smart devices becomes pervasive, the experiences of the
fixed line Internet should guide those building the next generation
of handsets and networks to include security features in their
designs and prevent digital viruses becoming airborne,"
he added.
|
|
