Mobile handset threats on the increase
AdaptiveMobile COO Gareth MacLachlan says lower SIM costs open networks up to criminals
Mobile handset threats have increased dramatically over the last 12 months due to falling costs barriers. SIM cards are now easily available in shops bundled with SMSs and criminals use this to their advantage, according to Gareth MacLachlan, COO of mobile security firm AdaptiveMobile.
“Three years ago if you wanted to do an attack like this, it was technically very complex or you would have to bribe someone in an operator to allow you to gain access to their network unofficially to send the messages. Nowadays I can go into pretty much any high-street store, buy a prepaid SIM or $10 equivalent with preloaded SMS bundles,” said MacLachlan.
This means that while networks are trying to attract more customers with ever bigger bundles of SMS and voice calls, this lowering of costs means the cost of sending out SMS scams, campaigns and frauds has been removed or dramatically reduced.
Adaptive Mobile recently launched its 2011 Global Security Insights in Mobile report, which examines emerging trends in mobile security.The new threats facing mobile security, dubbed compound threats, employ the use of a bundle of malicious mechanisms to spread malware and attack their victims. The compound threat can employ a variety of means, such as SMS, email and IP against its victim or attempt multiple negative impacts such as monetary loss by the subscriber and a loss of trust in the mobile network.
“What we are seeing now is effectively generating viruses or Trojans which people download onto their handsets. Those Trojans will actually send the SMS themselves, a bit like the spambots that people talk about for PCs. These sorts of compound threats, these viruses will be swapped on a memory card, downloaded over Bluetooth, purchased or downloaded from an apps store and once they are on the handsets they can do pretty much anything they want,” said MacLachlan.
The virus may be programmed to only call a premium rate number or send an SMS once a month per infected handset, but the virus writer can infect 50,000 to 100,000 handsets and just one phone call or SMS costing $1 can earn a large amount of money per month. Users also may not notice a single dollar missing on their bill.
“The types of viruses that are being generated are very different to the PC world, where viruses try to infect as many PCs as quickly as possible. In the mobile space the idea is to generate revenue so its aim is to stay as undetected as possible for as long as possible,” said MacLachlan.
Some of the most basic attacks AdaptiveMobile has seen are ones where criminals try to imitate a missed call alert or a voicemail alert that a subscriber would usually receive on their handset from their operator.
“The alert looks exactly like the real thing, it is in the right language, the right formatting everything, so it is indistinguishable, except the reply number actually connects the subscriber through to a premium rate number,” said MacLachlan.
An example of this, he said, was a situation with an operator in Asia, which lost approximately $1 million over a four-day period. Subscribers to the network were receiving a fraudulent missed call alert and were dialing the call-back number up.
“It was ringing an international satellite phone number and they were being charged three or four dollars a minute. They would hear a dialling tone and a message in the local language saying the service cannot be connected at the moment, please try again later. Most people would hang up and try again. Towards the end of the month, people started to realise, their credit was reduced, or they got their bills and noticed they were being charged for calls they had not made or did not know they were making,” he said.
Operators across the world settle on a daily basis with all other network operators, so by the time the fraud was detected, the network had already paid the fraudulent company.
Other examples of common phone frauds are fake competitions telling people to send messages back to a number to register, suggesting to people that they have got free handset upgrades and they need to call into a number or text details into a premium rate SMS code.
According to MacLachlan, the Middle East has some very specific types of mobile phone crimes. Because most operators in the ME do not subsidise handsets, people buy their own handsets and will go into a store to buy the SIM card and in many cases will purchase some content and then swap their memory cards from phone to phone in order to share content, one of the possible routes for infection.
“We see viruses like HatiHati appearing quite strongly in the Middle East whereas it may not spread so widely in other areas. HatiHati was originally written as a legitimate application, it just was not written very well and so it spreads itself and generates messages to fake numbers which cause problems for operators as they try to deliver messages to the fake numbers. It is those sorts of activities that are prevalent in the ME more so than in some of the other regions,” said MacLachlan.
Other prevalent scams across the Middle East are SMS scams due to the high use of SMS in the region. These SMS scams tell users they have won competitions and large sums of money and encourage users to call a number or reply by SMS or even send money through to the scammer to claim their prize.
MacLachlan said that there are always three things a consumer should look out for and do to protect themselves from mobile fraud, the first is to check their monthly phone bill and make sure there are no unusual charges or numbers they do not recognise.
This may be difficult for business phone users whose bills get paid directly by the company. This is one of the reasons that enterprises rather than consumers are more at risk from mobile crime.
Secondly, mobile users must be vigilant and cautious about messages they don’t recognise, or applications they are downloading from an untrusted apps store. They must treat these in the same way as users do when they are opening emails or browsing the internet said MacLachlan. The mobile network is no different from the internet and consumers must take that same level of caution.
The third and most important preventative measure users can take, is look at what their operators are providing in terms of security functionality within the network.
“The providers that we work with, particularly some of those in the Middle East are already providing capabilities to protect against SMS spam, frauds, malware and viruses. Operators are starting to realise and focusing on how to improve the trust between the subscriber and operator,” said MacLachlan.
Adaptive mobile was set up in 2003 and focuses on security threats for mobile operators. “As mobile handsets became smarter and became more like PCs in their own right then the threats that from the PC world such as viruses, spam, inappropriate content is emerging in mobile networks,” said MacLachlan.
The company has worked with operators from North America through to Europe, the Middle East in places like Saudi Arabia and the UAE and is also in Africa, India, Indonesia and Vietnam.
The company now filters information for 600 million mobile subscribers around the world.