Posted on 12/22/2004 4:13:44 PM PST by Eagle9
Mobile phone security is bad now, but it is only going to get worse, a security firm said Wednesday as it laid out this year's attack timeline to demonstrate the quickening pace of exploits.
Finnish anti-virus vendor F-Secure listed 2004's attacks against smartphones, particularly those running the popular Symbian operating system -- Nokia is a one of the phone makers whose devices use the OS -- starting with the spring's Mosquito "trojanized" game and running through this week's similar threat, another Trojan masquerading as a popular cell phone game, Metal Gear Solid.
In between, the Cabir worm spread, which first became public in June, has been detected in China, India, Turkey, the Philippines, and Finland.
Most alarming, said F-Secure, is the ramp-up of worms during the last 30 days. Since November 19, eight new exploits attacking smart phones have been uncovered by F-Secure. Five are of the Cabir family, while three are variants of Skulls, a Trojan horse that replaces icons on phone displays with pics of human skulls.
"In the future, it's likely that we'll also see new kinds of attacks," said F-Secure in a statement. "They'll include Trojan horses in games, screensavers, and other applications [that] result in false billing, unwanted disclosure of stored information, and deleted or stolen user data."
Anti-virus firms have reacted to the increase in mobile device exploits by releasing software suited for cell phones and handhelds. Symantec, for instance, rolled out a PDA-specific anti-virus product in 2003, while this December, Trend Micro made its Mobile Security package available for free downloading. F-Secure also sells something called Mobile Anti-Virus.
F-Secure isn't the only security firm to spot a rise in cell phone threats.
Symantec's Vincent Weafer, the senior director of the Cupertino, Calif.-based security vendor's threat lab, has it on his list of likely security stories for 2005.
"The increasing number of attacks shows that there's an interest building out there among the hacker community," he said of smartphone worms and Trojans. And it'll get worse, a lot worse, he said. "As e-commerce becomes a bigger part of what people do with smart phones, so too will attacks." Currently, e-commerce conducted over smartphones, such as buying goods over the Internet via phone or even paying for small vending charges by phone, is popular in just a few countries, such as Japan.
In the near future, Weafer expects to see smartphone infections that mimic human vectors, not the network-cruising threats that typically cause such a ruckus on Net-connected PCs and servers, like 2003's MSBlast or 2004's Sasser.
"What's unusual now is that most [smartphone] infections are caused by airplanes, just as something like SARS was," he said. Like a real-world human virus, today's phone worms spread because people criss-cross the globe. In this case they bring their infected devices, not infectious diseases, with them. And those infected phones, when used to conduct e-commerce, will be at risk of exploitation for financial gain, just as PC users have been subjected to a massive increase in for-profit scams like phishing and spyware attacks.
"Where there's e-commerce," said Weafer, "there'll be e-crime."
Including on a phone near you it seems.
I can only imagine what it'll be like trying educate and get many cell phone users, who don't use the Internet, to keep their Anti-virus program updated on their cell phone.
My firm has a strict no Blue Tooth Phone or PDA policy.
Yikes - i am awaiting my new Moto V3 RZR phone and the bluetooth feature is a big plus.
Does your company ban ANY bluetooth -capable phone/PDA or just bans them from being ENABLED at work?
Ping
It's hard to feel sorry for these people who download and install anything that comes there way and then are shocked, shocked, that they got a virus
If you have a plain old cell phone that just makes phone calls, is this anything to worry about?
Nope! ;o)
I have a Nokia cell phone that's 4 years old (ancient, by todays standards) which is only capable of storing names and matching phone numbers in it's memory, along with ringer choices, redial, etc -- but it sends and receives calls very well. That's I need.
I think this article is referring to the new generation of cell phones and PDAs that have to use a OS (Operating System, e.g.,WinXP, Linux, OSX for desk and laptops).
My Nokia cheats like hell at backgammon in difficult mode if I turn doubling on.
...and bound to be worse, given the fact that the concepts of "cellphone" and "PDA" converge more and more with each passing day.
My electric circuits professor (an associate prof, mind you) and his TA/grader have a Palm Treo each, furnished by the company they work for. Awesome stuff. But the things you can get when you browse the web with those gizmos are... well, something your run-of-the-mill antivirus can't get rid of.
"Does your company ban ANY bluetooth -capable phone/PDA or just bans them from being ENABLED at work?"
You can have them but you may not use them for company purposes or to store company data. If you want to use one to keep your calendar you can but you may not attach a blue tooth phone or PDA to any company PC. To be fair the company does provide standard issue PDA's and Phones. Just not Blue tooth.
The new blue tooth virus' you "catch" by getting too close to another infected person. It jumps across blue tooth links. I haven't seen an actual copy of this virus but I have seen a proof on concept. All you have to do is walk by an infected phone and bingo your phone is infected. The virus can now steal your contacts.
I wouldn't be surprised to see anti-virus and firewalls for cell phones some day in the future.
I just needed to get a new cell phone. My (nearly) 4 year old phone needed new batteries (the would no longer hold a charge, something that I think was the cause of a car adapter I had bought on eBay, something I'll never do again), and I had trouble finding them.
My carrier is Verizon, and I was "elligable" for a new phone, so I took a look around. I really only wanted an LG phone, because I had such great luck with my last phone (I had nothing but bad luck with Motorolla phones before). I wanted a plain phone, with an external display for caller ID. That was the only feature I wanted. Good luck trying to find just that. Every phone seems to be Internet ready, and the ratio of camera phones to vanilla, plain cell phones seems to be about 10 to 1!
I just want a telephone that works, not something that I can play games on, or music, or email, or "surf the web." I'm going to be really angry if my phone ever gets disabled by one of these viruses.
Mark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.