Preparing for Mobile Phone Viruses

The first mobile phone virus, a worm named Cabir, running on Symbian OS mobile phones, was discovered on June 14th, and the first Pocket PC virus appeared in July. In view of these first virus incidents, mobile device users have reason to be concerned about the security of their devices, but they should not be troubled with this issue any more than necessary. Mobile operators and hardware manufacturers are the natural anti-virus service providers for phone users.

Viruses for handheld devices are beginning to emerge. The first mobile phone virus, a worm named Cabir, running on Symbian OS mobile phones, was discovered on June 14th, and the first Pocket PC virus appeared in July. Although these viruses have not spread wildly, and are only a minor threat, they clearly demonstrate that mobile devices have become a target for virus writers.

Predicting the future of mobile virus threats is difficult, but we can expect that these incidents will not be the last. Others will certainly develop these initial viruses further, and introduce new ones to grab some of the glory and fame bestowed on the writers of the first viruses.

The threats are similar to PC malware problems

The potential security challenges in the mobile environment are similar to the problems we have encountered in the PC world, but the virus evolution could be faster. As anti-virus vendors have gained experience about virus protection over the past years, so too have the virus writers.

In addition to malicious, actively spreading applications, it is likely that we will see denial of service and system unavailability attacks. Other possible threats include trojan horses in games, screensavers, and other applications – resulting in false billing, unwanted disclosure of stored information, and deleted, corrupted, modified, or stolen user data. Similar applications can also be used for eavesdropping, and unauthorized access to corporate networks.

The most worrying malware scenarios in the mobile environment come from organized parties. In the PC world, spam and online crime today are behind most of the largest worm outbreaks. The same could be repeated in the mobile world.

It is a credible scenario that mobile spammers will spread viruses to infect large numbers of handsets. The infected handsets would silently send spam SMS and multimedia messages to all the numbers in the phonebook. The owner of the handset would pay the costs and hide the identity of the spammer.

It is almost certain that something like this will happen in the future. With PC spam, this phenomenon appeared roughly eight years after the first spam was seen. It is likely that, in the mobile environments, the first attempts will emerge sooner.

New advanced security solutions are required

The complete security solution to protect the mobile devices against the new threats consists of several layers:

  1. The operating system and mobile device vendors have to develop a security-focused, hot fix process for the operating systems.

  2. Mobile operators must establish a gateway-level security solution in the network to be able to flexibly filter the traffic.

  3. A real-time, up-to-date anti-virus client is required in all smartphones, with a mechanism for automatically delivering updates directly to the device.

Mobile security has been a key focus for F-Secure for years now. Today, content security solutions are available for both mobile terminals and mobile networks.

F-Secure Mobile Anti-Virus, which provides on-device protection for mobile terminals, and a hosted update service with over-the-air anti-virus updates through a patented SMS update mechanism or HTTPS connections, has already been piloted and tested in several operator networks. The mobile anti-virus service will also be available to phone users through F-Secure eStore later this year.

F-Secure Mobile Filter, a security proxy solution, which offers operators and service providers a means for filtering content, has also been delivered to several operators to block harmful software and incompatible Java applications in the network before download to mobile phones.

In view of these first virus incidents, mobile device users have reason to be concerned about the security of their devices, but they should not be troubled with this issue any more than necessary. Mobile operators and hardware manufacturers are the natural anti-virus service providers for phone users. A wireless anti-virus service is preventive insurance against end user support load, terminal downtime, negative user experience, and bad publicity. Now is the time to prepare.

Author: Matias Impivaara, Manager, New Business Development


Printable versionBegin Begin | Back Back