Mobilizing Against Wireless Viruses

New, so-called "smart phones" can retrieve all types of digital information from wireless networks: games, the latest news, driving directions, music, e-mail, pictures, ringtones, text messages -- and, increasingly, viruses.

Last week, online security companies took note of a new virus called Skulls designed specifically to attack Nokia smart phones. The bug -- disguised as a program to help manage the phones' "themes," or graphical backgrounds -- was posted on several Web sites devoted to smart phone programs.

Once downloaded and installed on the phone, the virus disables all of the phone's built-in programs -- such as the calendar, clock and notepad functions -- and replaces its icons with images of skulls. Once infected, the smart phone essentially turns "dumb," allowing for only simple voice-based phone calls.

Although Skulls is not as sophisticated as traditional Net viruses designed for desktop computers -- it cannot automatically spread to other devices on its own, for example -- security experts warn that a growing number of hackers are taking an interest in designing and releasing malicious programs designed to attack wireless devices.

"A number of these viruses are just proof-of-concept [designed] to show us that it's possible [for hackers] to develop these kinds of attacks," says Matt Ekram, product manager for mobile security at Symantec, a security software maker in Cupertino, Calif. "But these [smart phone] devices are becoming open... It's just a matter of time that these devices will be attacked in a big way compared to what we've seen so far."

Tempting Targets of Growth

While there are fewer than 10 known viruses and other malicious programs created specifically for mobile devices, some note that the development pace is already beginning to pick up.

On Monday, online bug trackers noted that a new, more sophisticated version of Skulls had already been released. The new Skull bug also contains a revamped version of "Cabir," a wireless worm that was discovered in June. Cabir, say security experts, was designed to automatically spread using the short-range wireless Bluetooth connections found in many mobile devices.

And some security experts worry that as cell phones increasingly become mobile data devices, hackers will have a greater reason to try their hand at sowing wireless havoc.

For example, some telecommunication service providers and financial institutions in Asia and Europe are transforming mobile phones into electronic "wallets" capable of wirelessly paying for goods and services bought online or at local retailers.

"Obviously, there's not a big reason for attacking cell phones yet because of lack of motive," says Mark Rasch, senior vice president and chief security consultant at Solutionary, a electronic security company in Omaha, Neb. But, he continues, "when you can attack electronic payment systems or things linked to it, that's a huge financial incentive for hackers to create more and better wireless viruses and worms."

Steps to Securing Cells

While the prospect of mobile bugs chipping away at wireless users' security and privacy may seem daunting, the good news is that service providers and security companies are already trying to tighten up wireless security.

  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...