Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Threats Against Smart Cell Phones Are Mounting
TechWeb News ^ | December 21, 2004 | Gregg Keizer

Posted on 12/22/2004 4:13:44 PM PST by Eagle9

Mobile phone security is bad now, but it is only going to get worse, a security firm said Wednesday as it laid out this year's attack timeline to demonstrate the quickening pace of exploits.

Finnish anti-virus vendor F-Secure listed 2004's attacks against smartphones, particularly those running the popular Symbian operating system -- Nokia is a one of the phone makers whose devices use the OS -- starting with the spring's Mosquito "trojanized" game and running through this week's similar threat, another Trojan masquerading as a popular cell phone game, Metal Gear Solid.

In between, the Cabir worm spread, which first became public in June, has been detected in China, India, Turkey, the Philippines, and Finland.

Most alarming, said F-Secure, is the ramp-up of worms during the last 30 days. Since November 19, eight new exploits attacking smart phones have been uncovered by F-Secure. Five are of the Cabir family, while three are variants of Skulls, a Trojan horse that replaces icons on phone displays with pics of human skulls.

"In the future, it's likely that we'll also see new kinds of attacks," said F-Secure in a statement. "They'll include Trojan horses in games, screensavers, and other applications [that] result in false billing, unwanted disclosure of stored information, and deleted or stolen user data."

Anti-virus firms have reacted to the increase in mobile device exploits by releasing software suited for cell phones and handhelds. Symantec, for instance, rolled out a PDA-specific anti-virus product in 2003, while this December, Trend Micro made its Mobile Security package available for free downloading. F-Secure also sells something called Mobile Anti-Virus.

F-Secure isn't the only security firm to spot a rise in cell phone threats.

Symantec's Vincent Weafer, the senior director of the Cupertino, Calif.-based security vendor's threat lab, has it on his list of likely security stories for 2005.

"The increasing number of attacks shows that there's an interest building out there among the hacker community," he said of smartphone worms and Trojans. And it'll get worse, a lot worse, he said. "As e-commerce becomes a bigger part of what people do with smart phones, so too will attacks." Currently, e-commerce conducted over smartphones, such as buying goods over the Internet via phone or even paying for small vending charges by phone, is popular in just a few countries, such as Japan.

In the near future, Weafer expects to see smartphone infections that mimic human vectors, not the network-cruising threats that typically cause such a ruckus on Net-connected PCs and servers, like 2003's MSBlast or 2004's Sasser.

"What's unusual now is that most [smartphone] infections are caused by airplanes, just as something like SARS was," he said. Like a real-world human virus, today's phone worms spread because people criss-cross the globe. In this case they bring their infected devices, not infectious diseases, with them. And those infected phones, when used to conduct e-commerce, will be at risk of exploitation for financial gain, just as PC users have been subjected to a massive increase in for-profit scams like phishing and spyware attacks.

"Where there's e-commerce," said Weafer, "there'll be e-crime."

Including on a phone near you it seems.


TOPICS: Extended News; News/Current Events; Technical
KEYWORDS: cellphone; phishing; security; trojans; worms
Including on a phone near you it seems.

I can only imagine what it'll be like trying educate and get many cell phone users, who don't use the Internet, to keep their Anti-virus program updated on their cell phone.

1 posted on 12/22/2004 4:13:45 PM PST by Eagle9
[ Post Reply | Private Reply | View Replies]

To: Eagle9

My firm has a strict no Blue Tooth Phone or PDA policy.


2 posted on 12/22/2004 4:28:26 PM PST by Syntyr
[ Post Reply | Private Reply | To 1 | View Replies]

To: Syntyr
My firm has a strict no Blue Tooth Phone or PDA policy.

Yikes - i am awaiting my new Moto V3 RZR phone and the bluetooth feature is a big plus.

Does your company ban ANY bluetooth -capable phone/PDA or just bans them from being ENABLED at work?

3 posted on 12/22/2004 4:42:35 PM PST by corkoman (Logged in - have you?)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Egon

Ping


4 posted on 12/22/2004 4:45:20 PM PST by RhoTheta (Democrats are the coalition of the coerced and the bribed!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Eagle9

It's hard to feel sorry for these people who download and install anything that comes there way and then are shocked, shocked, that they got a virus


5 posted on 12/22/2004 5:14:58 PM PST by bencarter
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9

If you have a plain old cell phone that just makes phone calls, is this anything to worry about?


6 posted on 12/22/2004 5:33:59 PM PST by Ken H
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ken H

Nope! ;o)


7 posted on 12/22/2004 5:44:16 PM PST by USF (I see your Jihad and raise you a Crusade ™ © ®)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Ken H
If you have a plain old cell phone that just makes phone calls, is this anything to worry about?

I have a Nokia cell phone that's 4 years old (ancient, by todays standards) which is only capable of storing names and matching phone numbers in it's memory, along with ringer choices, redial, etc -- but it sends and receives calls very well. That's I need.

I think this article is referring to the new generation of cell phones and PDAs that have to use a OS (Operating System, e.g.,WinXP, Linux, OSX for desk and laptops).

8 posted on 12/22/2004 6:02:43 PM PST by Eagle9
[ Post Reply | Private Reply | To 6 | View Replies]

Correction: That's I need. = That's all I need.
9 posted on 12/22/2004 6:05:42 PM PST by Eagle9
[ Post Reply | Private Reply | To 8 | View Replies]

To: Eagle9

My Nokia cheats like hell at backgammon in difficult mode if I turn doubling on.


10 posted on 12/22/2004 6:16:16 PM PST by txhurl
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9

...and bound to be worse, given the fact that the concepts of "cellphone" and "PDA" converge more and more with each passing day.

My electric circuits professor (an associate prof, mind you) and his TA/grader have a Palm Treo each, furnished by the company they work for. Awesome stuff. But the things you can get when you browse the web with those gizmos are... well, something your run-of-the-mill antivirus can't get rid of.


11 posted on 12/22/2004 6:16:54 PM PST by El Conservador ("No blood for oil!"... Then don't drive, you moron!!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: corkoman

"Does your company ban ANY bluetooth -capable phone/PDA or just bans them from being ENABLED at work?"

You can have them but you may not use them for company purposes or to store company data. If you want to use one to keep your calendar you can but you may not attach a blue tooth phone or PDA to any company PC. To be fair the company does provide standard issue PDA's and Phones. Just not Blue tooth.


12 posted on 12/22/2004 7:41:52 PM PST by Syntyr
[ Post Reply | Private Reply | To 3 | View Replies]

To: bencarter

The new blue tooth virus' you "catch" by getting too close to another infected person. It jumps across blue tooth links. I haven't seen an actual copy of this virus but I have seen a proof on concept. All you have to do is walk by an infected phone and bingo your phone is infected. The virus can now steal your contacts.


13 posted on 12/22/2004 7:45:42 PM PST by Syntyr
[ Post Reply | Private Reply | To 5 | View Replies]

To: Eagle9

I wouldn't be surprised to see anti-virus and firewalls for cell phones some day in the future.


14 posted on 12/22/2004 8:21:04 PM PST by Wiz
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9

I just needed to get a new cell phone. My (nearly) 4 year old phone needed new batteries (the would no longer hold a charge, something that I think was the cause of a car adapter I had bought on eBay, something I'll never do again), and I had trouble finding them.

My carrier is Verizon, and I was "elligable" for a new phone, so I took a look around. I really only wanted an LG phone, because I had such great luck with my last phone (I had nothing but bad luck with Motorolla phones before). I wanted a plain phone, with an external display for caller ID. That was the only feature I wanted. Good luck trying to find just that. Every phone seems to be Internet ready, and the ratio of camera phones to vanilla, plain cell phones seems to be about 10 to 1!

I just want a telephone that works, not something that I can play games on, or music, or email, or "surf the web." I'm going to be really angry if my phone ever gets disabled by one of these viruses.

Mark


15 posted on 12/22/2004 8:31:05 PM PST by MarkL (Power corrupts. Absolute power corrupts absolutely. But it rocks absolutely, too!)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson