With news of more than 10-billion internet capable non-PC devices already online and suggestions that this number could double by 2014 my thoughts wandered to the security of my new best friend; my HTC Desire.
According to the report published on ZDNet Asia, our TVs, digital photo frames, Blu-ray players and PVRs are now all potentially at risk, defenceless without the anti-virus protection afforded to PC users worldwide.
Now, I don’t know about you but I don’t tend to keep too much personally sensitive information on my digital photo frames, nor do I surf the internet on my PVR but I do carry around all my contacts, calendars, birthdays and other minutiae of daily life on my mobile.
The suggestion of a mobile virus is nothing new, having been around in one relatively unthreatening form or another since 2004 on the Symbian OS. One of the first viruses of its kind was known as Cabir and was released strictly as a “proof of concept” to demonstrate that automatic proliferation via Bluetooth was indeed possible.
Following that initial outbreak and the public posting of the code used to create it, there have been a number of others that extend the virus’s functionality, yet still remain relatively easy to avoid. But as phones get smarter and increasingly integral to our everyday lives, the risk and potential reward (for virus writers) presumably increases.
While (thankfully) Symbian S60 is no longer a part of my everyday life, the problems thus far haven’t been restricted solely to this OS, with other security flaws and infections having been discovered on a variety of other devices, including Google’s Android OS. In this light Symantec’s Norton Android offering certainly seems to make some sense - and it’s not the only company to be rolling out mobile anti-virus solutions.
Naturally, current vendors claim to protect your pride and joy from a plethora of vicious attacks and some even go so far as to offer call controls and remote lock/wipe functionality; which will come as standard on the upcoming Froyo (2.2) Android build.
Whilst this is naturally slightly concerning, I’m inclined to think that the majority of mobile viruses that have come to light so far pose little threat in the real-world, lacking the destructive payload or ease of infection to be a truly persistent menace.
However, this could all change at the DEF CON convention next month when Nicholas J. Percoco and Christian Papathanasiou from Trustwave are reportedly set to demonstrate a “kernel-level Android rootkit in the form of a loadable kernel module.”
The pair claim that if successful an infected phone would only need to receive a call from a “trigger number” and full root access would be silently granted – potentially allowing the attacker full access to texts, calling functions and even GPS location data.
Considering the reach of the handset permissions granted, the ability to install OTA (as well as alongside other apps) and isolated cases of retail handsets shipping with rootkit infected microSD cards it starts to sound like a pretty scary place for smartphone users. Until next month though, I’ve decided that the biggest threat to my HTC Desire is my own innate forgetfulness combined with one tipple too many down the local.
If you’re similarly afflicted and want to get your hands on that nifty remote lock/wipe functionality before Froyo arrives, then check out the Norton beta from the Android Marketplace; free for 90 days but the company’s not currently saying what it will cost after that.