Middle East users face mobile threat

Not long after the first worm for mobile phones was discovered, a number of other viruses for handheld devices started appearing. Although the risks these first-generation viruses pose are not yet fatal, analysts believe users are on the brink of a security epidemic.

  • E-Mail
By  Peter Branton Published  April 3, 2005

|~||~||~|The computing world did not have to wait for long before viruses found their way into handheld and wireless devices. When the Cabir worm first materialised, it was half-expected. After all, as PC users became more cautious and security measures began to improve, virus writers became more aggressive in their attacks and started looking for new targets. Because of its widespread use and its computing-like abilities, the unassuming mobile phone became easy prey. The Cabir worm was the first reported virus to attack mobile phones. It first appeared in the Philippines in mid-June of last year, and within nine months has contaminated phones in other countries such as China, India, Singapore, Japan, the UAE, France and the US. It affects Symbian mobile phones running the Series 60 platform. It comes as a file, caribe.sis, which, when installed, immediately activates the worm. The virus then starts searching for the next Bluetooth device and repeatedly sends the infected .sis file to it. Cabir has 12 variants, all of which drain battery life. Since then, other viruses, such as Duts and the Mosquito Trojan, have found their way into mobile devices, mostly affecting Symbian-based devices, says Todd Theiman, director, of device security marketing at Trend Micro. “There are basically two categories of phones — feature phones and data-centric phones. Mobile viruses have impacted data-centric phones. There have been a variety of proof-of-concept viruses such as Cabir, Skulls, Velasco, Dampig and Comwar,” he says. “The interesting thing is that in contrast to computer viruses, the mobile phone versions have not, by and large, targeted Microsoft’s mobile OS, but Symbian’s, which holds about an 85% share of the market,” adds ABI Research analyst Brian Pellegrini. It seems that virus authors are willing to forego their traditional antipathy to all things Microsoft, if it means reaching a larger pool of victims, he adds. Theiman agrees: “These viruses have primarily impacted mobile devices using the Symbian operating system. The Symbian platform appears to be attractive to virus writers because of the large presence of Symbian-based devices in the market place. Virus writers typically like an audience,” he says. Historically, virus writers have been known to quickly adopt proof-of-concept viruses and propagate them quickly into more destructive forms. There is every reason to believe that a similar pattern will occur in the mobile world. “The threat posed today has been modest given that the viruses are proof of concept and have not propagated very effectively. Most have used Bluetooth as the transmission technology and Bluetooth has a relatively short range [about 10 metres],” says Theiman. “For someone to get infected via Bluetooth, they would need to have Bluetooth turned on for their device and they would have to click ‘Yes’ on some dialog boxes. The threat in the future, though, is expected to grow as these sorts of devices proliferate,” he adds. As of last month, Symantec has reported a total of 21 known samples of malicious code for mobile applications, one of which is Brador, the first Windows Mobile backdoor Trojan. According to a Symantec security alert, if a user tricked by the Trojan’s file name opens or executes the attachment, Bardor allows full control of the handheld system when it is restarted. When the infected handheld is connected to the internet, the backdoor sends the attacker the IP address of the handheld device. It then opens port 44299 and waits for further instructions from the attacker. Symantec ranks Brador as a very low risk virus, primarily because of its low geographical distribution and ease of threat containment and removal. But although they are all basically harmless — these proof-of-concept viruses were released not to damage phones but to prove that infection was possible — analysts like Pellegrini worry that these first-generation worms, such as Cabir will set off the progression of potentially more damaging threats to mobile users. “As more people adopt data-capable mobile devices like PDAs, it will only be a matter of time before attacks like Sobig become a reality in the wireless world as well,” says Patrick Hayati, McAfee Middle East’s regional director. “What if a virus infecting your phone started buying ring tones? What about Bluetooth? Designers of Bluetooth phones have not adequately addressed security issues, and you could potentially see viruses spreading spontaneously between two phone-carrying people who pass each other on the street... just like real human viruses,” Pellegrini adds. While a recent mobile virus, the Skull Trojan, simply replaces menu icons with images of skulls, there are more serious dangers posed by malicious code designed to infect cell phones. For example, some viruses can steal contacts from address books, send spam or offensive text messages, increase calls to special numbers, or make a handset crash. So far, the only thing that is keeping these viruses from spreading is the limited range of Bluetooth, which is the most common mode used to propagate the worms. But this will soon change as mobile devices become smarter and connectivity speeds become faster. “Mobile phones manufacturers in the region are increasingly launching market devices with increased functionality and the ability to automate tasks,” he explains. “It is this automation that hackers and virus writers look for to create their malicious codes. Moreover, as networks switch from 2G to 3G, the potential offered to hackers intent on doing damage is even higher,” Hayati says. Because of increased connectivity, mobile users are provided with multiple ways of internet browsing and e-mail usage, which according to Hayati are the main sources of malicious codes. “Hackers are solely interested in writing viruses that can cause maximum damage, and 3G networks provide greater scope for doing this. Viruses or worms embedded in downloaded video content or applications can be able to disable the handset, cause repeat dialling to premium numbers or even steal personal information stored on the phone,” he adds. According to the International Telecommunication Union (ITU), mobile phone usage has doubled worldwide since 2000. The ITU reports that there are approximately 1.5 billion mobile phone subscribers globally — about a quarter of the total human population. Madar Research estimates that there are around two million mobile phone users in the UAE alone, with the figures growing at an average of 20% to 25% annually. Consultancy firm Mercer Management Consulting estimates that 30% of the global population will experience hacking and worm outbreaks on their mobile devices in 2005. With the explosive growth of mobile users, systems administrators should start thinking about implementing policies for mobile devices, Theiman says. The primary problem lies not from the fact that mobile use is on the rise but because most PDAs and smartphones lack robust security applications, enabling hackers to exploit these devices and create back doors into corporate infrastructures. “Many knowledge workers are used to going to the corner electronics store to purchase their favourite mobile phone or PDA. Systems administrators will need to establish policies of which devices are supported and what security software is required on those devices,” Theiman says. “The built-in security to current mobile networks and devices is very poor, with virtually no protection from malicious code,” adds Hayati. “Mercer estimates that without security protection, mobile and wireless security breaches could cost over US$2 billion per attack in 2005,” he says. Common sense is the most basic defence, according to Theiman. “Mobile phone users need to start applying the common sense they use with PCs to their mobile phones. If a strange dialog box pops up on your mobile phone asking if you want to install an application, don’t say yes. If a strange SMS message contains a URL, don’t click on the URL,” he says. “At the end of the day, what is needed is a total change of mindset among both industry players and consumers. In the fixed-line world, you instinctively hesitate before opening an e-mail from an unknown sender, especially if that email contains an attachment,” Hayati adds. “Users must start to think about their mobile devices in the same way, treating with suspicion unknown SMS messages and only downloading content from a trusted supplier. After all, it is only a matter of time before the wireless world gets the bug too.” ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code