Helsinki, 1 November, 2004
Preparing for Mobile Phone Viruses
The first mobile phone virus, a worm named Cabir, running on Symbian OS mobile phones, was discovered on June 14th, and the first Pocket PC virus appeared in July. In view of these first virus incidents, mobile device users have reason to be concerned about the security of their devices, but they should not be troubled with this issue any more than necessary.
Viruses for handheld devices are beginning to emerge. The first mobile phone virus, a worm named Cabir, running on Symbian OS mobile phones, was discovered on June 14th, and the first Pocket PC virus appeared in July. Although these viruses have not spread wildly, and are only a minor threat, they clearly demonstrate that mobile devices have become a target for virus writers.
Predicting the future of mobile virus threats is difficult, but we can expect that these incidents will not be the last. Others will certainly develop these initial viruses further, and introduce new ones to grab some of the glory and fame bestowed on the writers of the first viruses.
The Threats Are Similar to PC Malware Problems
The potential security challenges in the mobile environment are similar to the problems we have encountered in the PC world, but the virus evolution could be faster. As anti-virus vendors have gained experience about virus protection over the past years, so too have the virus writers.
In addition to malicious, actively spreading applications, it is likely that we will see denial of service and system unavailability attacks. Other possible threats include trojan horses in games, screensavers, and other applications – resulting in false billing, unwanted disclosure of stored information, and deleted, corrupted, modified, or stolen user data. Similar applications can also be used for eavesdropping, and unauthorized access to corporate networks.
The most worrying malware scenarios in the mobile environment come from organized parties. In the PC world, spam and online crime today are behind most of the largest worm outbreaks. The same could be repeated in the mobile world.
It is a credible scenario that mobile spammers will spread viruses to infect large numbers of handsets. The infected handsets would silently send spam SMS and multimedia messages to all the numbers in the phonebook. The owner of the handset would pay the costs and hide the identity of the spammer.
It is almost certain that something like this will happen in the future. With PC spam, this phenomenon appeared roughly eight years after the first spam was seen. It is likely that, in the mobile environments, the first attempts will emerge sooner.
New Advanced Security Solutions Are Required
The complete security solution to protect the mobile devices against the new threats consists of several layers:
The operating system and mobile device vendors have to develop a security-focused, hot fix process for the operating systems.
Mobile operators must establish a gateway-level security solution in the network to be able to flexibly filter the traffic.
A real-time, up-to-date anti-virus client is required in all smartphones, with a mechanism for automatically delivering updates directly to the device.
Mobile security has been a key focus for F-Secure for years now. Today, content security solutions are available for both mobile terminals and mobile networks.
F-Secure Mobile Anti-Virus, which provides on-device protection for mobile terminals, and a hosted update service with over-the-air anti-virus updates through a patented SMS update mechanism or HTTPS connections, has already been piloted and tested in several operator networks. The mobile anti-virus service will also be available to phone users through F-Secure eStore later this year.
F-Secure Mobile Filter, a security proxy solution, which offers operators and service providers a means for filtering content, has also been delivered to several operators to block harmful software and incompatible Java applications in the network before download to mobile phones.
In view of these first virus incidents, mobile device users have reason to be concerned about the security of their devices, but they should not be troubled with this issue any more than necessary. Mobile operators and hardware manufacturers are the natural anti-virus service providers for phone users. A wireless anti-virus service is preventive insurance against end user support load, terminal downtime, negative user experience, and bad publicity. Now is the time to prepare.
Matias Impivaara, Manager, New Business Development
Previously published Articles of the Month:
2002-09 School in the Grips of Change - Media Education in Finland
2002-10 Finns Work for e-Accessibility
2002-11 The Finnish Model of Information Society
2002-12 ”Silicon Valley is more than a place, its a state of mind”
2003-01 Data Security Challenges
2003-02 Lifelong Education in Upper Secondary Distance Learning Schools and Virtual Networks
2003-03 Finnish Lapland - More than Meets the Eye
2003-04 A Renewed Policy to Promote Innovation
2003-05 ICT Standardization in Europe and Globally – CEN/ISSS’s Role
2003-06 Public-Private-Partnership Works Well in Finland
2003-07 Information Technology in Nicaragua - Finland Offers a Helping Hand
2003-08 Victory Development Partnership Project - Personal and Virtual Rehabilitation for IT Employment
2003-09 Young People and Wireless Future
2003-10 Video Message Transmits Sign Language
2003-11 Combatting Spam Requires Global Co-Operation
2003-12 Saving the Earth from Anarchy by Eliminating the Weakest Link
2004-01-01 Information Society Models and the New Everyday Life
2004-02-01 Quo vadis, Finnish Virtual University?
2004-03-01 The Finnish Virtual University: Connections with the Bologna Process?
2004-04-01 "Look What I Say" - Unique Solution Enables Face-to-Face Communication for Speech Impaired
2004-05-01 Changes to Copyright Law Heavily Debated
2004-06-01 Finnish and Italian Technology in the Global Environment of the European Union: a Comparison of ICT Strategies in Education
2004-07-01 A New Law Designed to Improve Data Protection in Electronic Communications
2004-08-01 The Etno.Net Website for Practicing and Aspiring Folk Musicians Includes Recordings and Learning Material Packages
2004-09-01 Status of Wireless Service Business Today
2004-10-01 People Over Fifty in Finland as Users of Internet