Can You Trust Your Phone?

By Michel Gien
published: Thursday, July 31 2008

Virtualization Technology Prevents Malware from Attacking the Heart of Your Phone

September 11, 2011, New York: The world commemorates the tenth anniversary of the first large scale terrorist attack on America when mobile phones suddenly stop working.  Panic develops as people forget how to live without a mobile phone.  The savvy open up their handsets, take the battery off, put it back, close the phone, and re-initialize the phone. But this conditioned response to un-block a "frozen" phone does not work.  Those who still own a 20th century phone connected to a land line rush to call a mobile carrier without success. Finally, radios and TVs announce that the world is being attacked by a new kind of virus that propagates between phones and from phones to the network, leading to a shut-down of the world's telecommunication system.

Such a scenario may seem as though it is from a catastrophe movie and far from the reality of the real world. However, it is a fact that the first mobile phone viruses have emerged and it is now possible for malicious code to render a phone unusable. A virus can cause false billing, unwanted disclosure of stored information, and deleted, corrupted, modified or stolen user data.

Mobile Malware is Born

"Cabir," the first mobile phone malware, appeared in June 2004.  Cabir is a worm using Bluetooth to propagate between Symbian mobile phones. The worm replicates over Bluetooth connections and is sent to a phone messaging inbox as a Caribe.sis file that contains the worm. When users click the Caribe.sis file it installs and activates the worm, proceeds to look for new devices to infect over Bluetooth. As Cabir worms find other Bluetooth devices it sends infected SIS files and locks to that phone so that it is unable to connect to other phones even when the target moves out of range.

Aleks Gostev, virus analyst at Kaspersky Labs wrote on his blog in December 2005.

Yesterday one of our employees was out for the evening. And naturally enough used the metro. As you may know, the Moscow Metro is one of the busiest mass transit systems in the world, transporting approximately 9 million people a day. With so many passengers, a number of whom now have smartphones, what are the chances of infection by Cabir or another virus for mobiles? Hard to tell exactly - all we do know is that while descending to the station, our employee detected an attempt by Cabir to infect her phone. This is the third time she's experienced this in two months. You may think that this is a low frequency. You may also wonder why an employee of Kaspersky Lab is walking around with a Bluetooth phone in ‘visible to all' mode. In my opinion, it shows that Cabir has already spread far and wide, in Moscow if not in other regions of Russia. OK, three times in two months, when compared to the daily attacks which PCs are subjected to, isn't that high a frequency. And Cabir doesn't, theoretically, pose that much of a danger. But this case illustrates the way in which mobile malware is gathering momentum. I don't want to think about what will happen when someone - and this will happen sooner, rather than later - releases a viable worm for mobiles which is written with the intention of doing serious damage. Seems like the Metro might become a very dangerous place for smartphone owners.

The first Java or J2ME malware for phones was found in February 2006 with the emergence of the Redbrowser Trojan. This malware steals money by portraying itself as a way to use Wireless Application Protocol (WAP) services for free. When run, it sends a premium-rate SMS messages to a number in Russia, costing the user around 5 USD for every message sent.

In March 2006 the first mobile spyware application was found in the form of FlexiSpy. Being a commercial application, the customer logs into a portal where the software, when installed on the mobile device, monitors all calls, SMS and MMS messages and posts them to the portal. The software is advertised as a clever means for suspicious husbands or wives to keep track of their spouses' online activities.

Wide Spread of Mobile Malware Expected in 2009

Today over 200 mobile phone malware have been identified. Compared to the 185,000 viruses in the PC world, this is still a small number but this indicates a growing trend.

Research from Gartner states that conditions for the wide spread of mobile viruses will not take place until the end of 2007.  Smartphones are seen as key to the spread of mobile viruses and will not hit the 15 percent penetration market before 2007. This is also the predicted year that wireless messaging of executables will be used widely enough to spread viruses and operating systems will have converged enough to make the overall network vulnerable.

In addition, the number of creators of viruses evolving into criminally operated gangs continues to rise. Many cyber criminals write viruses for financial gain, and as the growth of mobile phones with the capability to make financial transactions increases, it is certain that malware threats will become a major issue to consumers and enterprises.

The adoption of mobile devices with advanced capabilities such as digital media content accessibility is causing security, management and licensing headaches for IT departments, according to UK IT chiefs.  All 12 of silicon.com's CIO Jury IT user panel said the proliferation of 3G mobile phones and PDAs that allow staff to access voice, internet, music and TV services creates serious content usage and licensing, monitoring, and security challenges for the IT department.  Phil Young, head of IT operations at Amtrak Express Parcels, said "The new devices not only will cause a security monitoring headache but also may have software licensing impact issues on a business. The ability to ‘lock down' known systems such as laptops is well established, but securing these devices in the same way is, at best, weak at the moment."

Security Issues Hamper Smartphone Adoption Today

A survey conducted by the Economist Intelligence Unit and Symantec suggests that smartphone adoption is delayed due to security concerns. According to the study, 60 percent of companies hold off on deployment and almost 20 percent experience financial losses because of attacks on this platform. A sobering finding of the survey is that only 10 percent of companies include mobile device access in their overall security architectures. Eighty-one percent of companies have assessed potential security problems on laptops, while only 26 percent of companies have done so for smartphones.

"Most organizations don't realize that smartphones present the same security issues as PCs because they hold sensitive information, and that all network endpoints must be secured in the same fashion," said Paul Miller, director of mobile and wireless solutions at Symantec. "A lot of these devices are brought into the office by individuals, so a comprehensive strategy is critical."

"Smartphones present their own security issues, with their own vectors for infection, such as Bluetooth wireless connectivity, that can make these devices the weakest link in an enterprise security system," Miller said.