Hacking threat goes mobile
Experts at London's Infosec computer security conference are betting that wireless computing will provide the next hot spot for hackers, virus writers and computer criminals.
While demonstrating the first generation of security tools for mobile devices, experts predict that it won't be long before hackers begin targeting computer users on the move.
Jason Conyard, director of wireless business strategy for antivirus firm Symantec, predicts that we'll start seeing viruses, worms and Trojan horses attacking mobile devices within the next two years. He said mass-market adoption of particular wireless technologies will make mobile hacking more feasible. The technologies in question include the Bluetooth short-range radio technology, the 802.11 wireless Ethernet protocol, smart phones -- especially those with common standard operating systems and high bandwidth -- and phones that use always-on mobile phone networks such as GPRS and UMTS (3G).
"I have no doubt that there are threats," he said. "Once these technologies have come together, the potential [danger] is significant." Conyard said that by the start of 2002 we can expect to see hackers targeting mobile computers with denial of service (DoS) attacks, which overload a target machine with requests until it can no longer function. He believes that by the start of 2003, email worms will start spreading between smaller mobile devices such as PDAs, and said that by the middle of the same year computer hackers will be targeting mobile devices with Trojan Horse programs, designed to give an attacker control of a target system.
Conyard predicts that incorrect configuration and a lack of awareness among end users will increase the risks. Companies hoping to provide wireless service will have to start taking responsibility for security too, he added: "If they want to start leveraging wireless technology that have to manage end devices."
Winn Schwartau, editor of the security portal Infoware.com and author of Information Warfare and Cybershock, books about the culture of computer hacking, agrees. The reason that computer hackers will start targetting mobile devices, he said, is "because it can be done, and because it is the next major communications technology".
Jason Holloway, general manager for antivirus company F-Secure, also also sees danger on the horizon. He said that an increasingly mobile workforce may be a concern, and recommends a many-sided defence strategy. "The solution is first to educate users," he said. "And in software, you will need a firewall, to encrypt data and communications and antivirus to ensure data integrity against 'malware'."
Other computer experts agree that the wireless Internet will bring an emerging security threat but say that the danger is still some way off. "It is coming. Especially on PDAs," said Richard Stagg, senior consultant for security firm IRM. "It will prove interesting, but it's probably a bit early to really start addressing the threat."
Graham Cluley, head of antivirus research for Sophos, also pointed out that, while although it has been possible to write viruses for mobile platforms such as Psion's Epoch operating system and the Palm OS, so far only one mobile virus -- written for the Palm -- has ever emerged. He does, however, call for awareness. "Mobile manufacturers need to start learninng a lesson from the desktop," he said. "You have to have a balance between functionality and security."
The majority of security software specialists are, in fact, already thinking about wireless threats. Many antivirus firms, including F-Secure and Symantec, have launched products designed to protect end users from mobile risks. At Infosec there are also companies specialising in securing access to mobile devices and encrypting the data held on such devices.
Take me to ZDNet's InfoSec 2001 Roundup
Take me to the Virus Workshop
Is your handheld really vulnerable to viruses? Alfred Poor tells you how you can measure -- and minimize -- your device's risk of attack. Go to AnchorDesk UK for the news comment.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read what others have said.