Mobile threat still low, but will grow

Experts believe incidents of virus attacks on mobile phone will increase with the proliferation of smart phones and increased Internet mobile use.

As mobile data usage grows and Internet connectivity increases, more security incidents are likely to occur on mobile platforms, say experts.

Kamlesh Kalwar, industry analyst at Frost & Sullivan, said the security threat on mobile devices is currently on a relatively small scale and confined to Bluetooth transmissions and peer sharing activities, when users transfer data from their PCs to the mobile phones.

"[The level of security threat is] not there yet, but with more PDAs and high-end phones in future, the rise of smart phones would make the threat stronger," Kalwar said in a phone interview.

A survey from analysis firm Datamonitor found that a significant percentage of respondents had been exposed, directly or indirectly, to mobile security threats. According to its Mobile Security Report 2008, commissioned by security technology company McAfee, 13.7 percent of those polled from Japan, the United Kingdom and the United States were aware they had been attacked by mobile viruses.

Victor Kouznetsov, senior vice president, McAfee Mobile Security wrote in the report that mobile Web 2.0 is creating fresh opportunities and challenges, as user-generated content and "off-deck communities" dramatically increase the exposure of confidential and personal data shared via mobile devices and networks.

According to the report, 55 percent of respondents expressed security concerns relating to mobile payments and banking, while over 40 percent had concerns about mobile vouchers, ticketing and mobile multimedia downloads such as ring tones, music and games

How viruses spread
Mobile viruses typically spread via SMS, installing a script on the handset after the user opens the offending text message. The script then activates the phone to either call or send text messages to numbers listed in the user's phonebook.

The first mobile phone virus, Cabir, was identified in 2005. The worm replicated itself through the phone's MMS (multimedia messaging system) function, "infecting" Symbian-based phones within range that were detected via Bluetooth. While not usually harmful, the virus reduces the battery life of the host phone because of its constant scanning for Bluetooth targets.

Damage due to mobile viruses currently tends to be limited to small groups of mobile users. They are also limited in their ability to access types of data such as the user's phone book.

However, Kalwar told ZDNet Asia: "When you find mobile phones with more access to the Internet, then you can see more virus attacks."

Howard Schmidt, former advisor to the White House on cyber security, recently said mobile would become a rich target area for malicious attackers. He said the sheer ubiquity of mobile devices and their greater connectivity to the Internet highlight such devices as the next logical focus area.

Schmidt said the availability of software development kits (SDKs) for mobile devices such as the one launched by Apple for the iPhone, increases the potential of malicious codes designed specifically for the mobile platform.

According to security software maker, Trend Micro, mobile threats that target smart phones generally comprise Trojans and worms, and require user intervention to spread. Other mobile threats that leverage Bluetooth spread without user intervention, and this increases the vulnerability of all corporate mobile devices, as well as the network".

"The explosion of interest in phones using operating systems such as Symbian and others, means that mobile threats are due to rise," Trend Micro said on its Web site, noting that some mobile threats involve spyware that can log dialled numbers and record conversations.

"This exposes employees to invasion of privacy and potential identity theft, and can compromise corporate intellectual property," said the antivirus maker. "If infected, mobile devices that are subsequently connected to a 'host' computer can open that computer and the network to a multitude of additional threats."

However, according to Datamonitor's survey, while 83.5 percent of mobile users in the survey run separate security software on their PCs, a staggering 79 percent do not use any mobile protection software.

"Of course, there is still a considerable gap between PC and mobile threat levels", Datamonitor noted in the report. "Despite this, such low penetration of mobile security can be attributed to the fact that the software architecture of the majority of devices prevents the user from installing effective protection tools."