Preparing for Mobile Phone Viruses

Article of the month

Helsinki, 1 November, 2004 — Preparing for Mobile Phone Viruses

The first mobile phone virus, a worm named Cabir, running on Symbian OS mobile phones, was discovered on June 14th, and the first Pocket PC virus appeared in July. In view of these first virus incidents, mobile device users have reason to be concerned about the security of their devices, but they should not be troubled with this issue any more than necessary.

Viruses for handheld devices are beginning to emerge. The first mobile phone virus, a worm named Cabir, running on Symbian OS mobile phones, was discovered on June 14th, and the first Pocket PC virus appeared in July. Although these viruses have not spread wildly, and are only a minor threat, they clearly demonstrate that mobile devices have become a target for virus writers.

Predicting the future of mobile virus threats is difficult, but we can expect that these incidents will not be the last. Others will certainly develop these initial viruses further, and introduce new ones to grab some of the glory and fame bestowed on the writers of the first viruses.

The Threats Are Similar to PC Malware Problems

The potential security challenges in the mobile environment are similar to the problems we have encountered in the PC world, but the virus evolution could be faster. As anti-virus vendors have gained experience about virus protection over the past years, so too have the virus writers.

In addition to malicious, actively spreading applications, it is likely that we will see denial of service and system unavailability attacks. Other possible threats include trojan horses in games, screensavers, and other applications – resulting in false billing, unwanted disclosure of stored information, and deleted, corrupted, modified, or stolen user data. Similar applications can also be used for eavesdropping, and unauthorized access to corporate networks.

The most worrying malware scenarios in the mobile environment come from organized parties. In the PC world, spam and online crime today are behind most of the largest worm outbreaks. The same could be repeated in the mobile world.

It is a credible scenario that mobile spammers will spread viruses to infect large numbers of handsets. The infected handsets would silently send spam SMS and multimedia messages to all the numbers in the phonebook. The owner of the handset would pay the costs and hide the identity of the spammer.

It is almost certain that something like this will happen in the future. With PC spam, this phenomenon appeared roughly eight years after the first spam was seen. It is likely that, in the mobile environments, the first attempts will emerge sooner.

New Advanced Security Solutions Are Required

The complete security solution to protect the mobile devices against the new threats consists of several layers:

The operating system and mobile device vendors have to develop a security-focused, hot fix process for the operating systems.

Mobile operators must establish a gateway-level security solution in the network to be able to flexibly filter the traffic.

A real-time, up-to-date anti-virus client is required in all smartphones, with a mechanism for automatically delivering updates directly to the device.

Mobile security has been a key focus for F-Secure for years now. Today, content security solutions are available for both mobile terminals and mobile networks.

F-Secure Mobile Anti-Virus, which provides on-device protection for mobile terminals, and a hosted update service with over-the-air anti-virus updates through a patented SMS update mechanism or HTTPS connections, has already been piloted and tested in several operator networks. The mobile anti-virus service will also be available to phone users through F-Secure eStore later this year.

F-Secure Mobile Filter, a security proxy solution, which offers operators and service providers a means for filtering content, has also been delivered to several operators to block harmful software and incompatible Java applications in the network before download to mobile phones.

In view of these first virus incidents, mobile device users have reason to be concerned about the security of their devices, but they should not be troubled with this issue any more than necessary. Mobile operators and hardware manufacturers are the natural anti-virus service providers for phone users. A wireless anti-virus service is preventive insurance against end user support load, terminal downtime, negative user experience, and bad publicity. Now is the time to prepare.

Author:
Matias Impivaara, Manager, New Business Development
F-Secure Corporation
matias.impivaara@f-secure.com

***

Previously published Articles of the Month:

2002-09 School in the Grips of Change - Media Education in Finland
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=8534

2002-10 Finns Work for e-Accessibility
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=8962

2002-11 The Finnish Model of Information Society
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=9989

2002-12 ”Silicon Valley is more than a place, its a state of mind”
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=10716

2003-01 Data Security Challenges
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=11199

2003-02 Lifelong Education in Upper Secondary Distance Learning Schools and Virtual Networks
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=12244

2003-03 Finnish Lapland - More than Meets the Eye
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=13208

2003-04 A Renewed Policy to Promote Innovation
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=13545

2003-05 ICT Standardization in Europe and Globally – CEN/ISSS’s Role
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=14315

2003-06 Public-Private-Partnership Works Well in Finland
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=15229

2003-07 Information Technology in Nicaragua - Finland Offers a Helping Hand
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=15848

2003-08 Victory Development Partnership Project - Personal and Virtual Rehabilitation for IT Employment
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=16924

2003-09 Young People and Wireless Future
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=18041

2003-10 Video Message Transmits Sign Language
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=17911

2003-11 Combatting Spam Requires Global Co-Operation
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=18707

2003-12 Saving the Earth from Anarchy by Eliminating the Weakest Link
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=19243

2004-01-01 Information Society Models and the New Everyday Life
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=19717

2004-02-01 Quo vadis, Finnish Virtual University?
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=20501

2004-03-01 The Finnish Virtual University: Connections with the Bologna Process?
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=21702

2004-04-01 "Look What I Say" - Unique Solution Enables Face-to-Face Communication for Speech Impaired
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=22694

2004-05-01 Changes to Copyright Law Heavily Debated
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=23338

2004-06-01 Finnish and Italian Technology in the Global Environment of the European Union: a Comparison of ICT Strategies in Education
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=24566

2004-07-01 A New Law Designed to Improve Data Protection in Electronic Communications
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=25552

2004-08-01 The Etno.Net Website for Practicing and Aspiring Folk Musicians Includes Recordings and Learning Material Packages
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=26467

2004-09-01 Status of Wireless Service Business Today
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=27319

2004-10-01 People Over Fifty in Finland as Users of Internet
www.e.finland.fi/netcomm/news/showarticle.asp?intNWSAID=28452

More information
matias.impivaara@f-secure.com
http://www.f-secure.com