Symbian success feeds mobile malware explosion

Symbian on Wednesday announced that shipments of its mobile phone operating system have increased nearly 200 percent over the past year. Should this trend continue, security experts are predicting an explosion in mobile phone-based malware.

Symbian on Wednesday announced that shipments of its mobile phone operating system have increased nearly 200 percent over the past year. Should this trend continue, security experts are predicting an explosion in mobile phone-based malware.

Mobile phone malware is still at an embryonic stage when compared with viruses and Trojan horses that target the Windows operating system. However, experts say this is because there is currently such a diverse range of mobile phone operating systems. However, if over the next few years Symbian manages to grab a large enough share of the mobile OS market, it could create a new front in the war against malicious software.

Dr Jan Hruska, chief executive officer and co-founder of antivirus firm Sophos, said currently the threat from mobile phone-based viruses is 'non existent'.

"There is a huge diversity in operating systems. A virus written for one model will not affect another. Until that changes, and change it almost certainly will because of market pressures, there will be very little threat on those platforms," said Hruska.

Sophos does not currently offer an antivirus application for mobile devices, but Hruska hinted the company is developing one and will release it if and when the threat is realised.

"As this threat materialises in a practical way, of course we will have one [antivirus application for mobile devices]. But not till I see more concrete evidence [of the threat] and so far, our virus labs have not seen it," he said.

Mikko Hyppönen, director of antivirus research at European antivirus firm F-Secure, told ZDNet Australia&nbsp that he was surprised Symbian has become the de-facto target for mobile phone malware.

"One year ago, before we had seen any mobile phone viruses, we were not expecting a Symbian virus to be the first. We were thinking it was going to be Pocket PC or a Windows-based platform. That was because there is a large user-base of Windows virus writers that seem to have a grudge against Microsoft in general," said Hyppönen.

According to Hyppönen, the threat from mobile viruses is 'miniscule' at present because there are around one billion mobile phones in the world and only a small fraction of them are 'smart' enough to become infected and infect other devices - with Symbian OS still only accounting for 32 million of those handsets.

However, Hyppönen said that source code for creating Symbian malware was published on the Internet last year, which explains why there are so many different variants of the same virus.

"Most of the mobile phone malware out there are Cabir variants. If somebody writes a virus for a platform and the source is available it means there will be lots of variants.

"So far we have seen 52 pieces of mobile phone malware. Out of those, 50 are targeting Symbian," said Hyppönen.

Symbian is enjoying a period of strong growth in terms of the number of handsets using its operating system and the number of companies licensing its OS for future models. The UK-based company reported year on year growth of 180 percent, with almost seven million handsets shipped in the first quarter of 2005. Also, the number of applications developed for its platform has almost doubled from 1,962 to 3,804 in the same period.

Symbian recently announced it had licensed technology from Microsoft to help improve connectivity with Microsoft Exchange and Microsoft Outlook, which should make the platform even more attractive to business users.

"In March, Symbian licensed Microsoft's Exchange Server ActiveSync protocol," said Thomas Chambers, Symbian's interim chief executive officer and chief financial officer. "We will develop an Exchange Server ActiveSync protocol 'plug-in' that will enable Symbian OS-based phones direct over-the-air (OTA) synchronisation with e-mail and other personal information management (PIM) data supported by Microsoft Exchange Server 2003."

This increased connectivity -- combined with a large volume of handsets and freely available virus source code -- is a recipe for trouble, according to James Turner, security analyst at Frost & Sullivan Australia.

"The hacker sees the product's widespread usage as a distribution channel which can assist the hacker towards another goal. As organisations like banks use mobile phones as a channel for authentication, the attractiveness of mobile phones as a target for hackers will increase. "Imagine a worm that infects mobiles with the express purpose of capturing one-time codes from banks and then sending those codes to an organised crime group," said Turner.

F-Secure's Hyppönen agrees and suspects that mobile phones will some day require the same kind of protection as PCs do today.

"We will keep seeing an increasing number of viruses and security problems with these phones" he predicted. "Eventually we will all be running both an antivirus and firewall on our phones ... it will happen."