John Pescatore, an analyst with technology research firm Gartner, said malicious programs will be as much a problem for cell phones in 2006 as they are for computers today. "First it will be a nuisance," he said. "The next phase will be crime, like theft or theft of service, and then after that we'll start seeing different types of attacks" that bring down networks, he said.
Now, computers are a bigger target. Cell phones use a number of operating systems, meaning that separate programs must be designed to disable each one. That makes it harder to design a mass attack. "It's never going to be as uniform a landscape for hackers," so it is not clear how broad an attack might be, said John Jackson, an analyst with the Yankee Group.
The cell phone attack known as "Skulls" affected text messages and contact lists. It is one of five malicious software programs in circulation this year.
(F-secure Corp)
|
|
Still, concerns are growing because of the rise in cell phone use. There are 170 million cell phones in use, compared with less than 116 million personal computers, according to the trade group CTIA-The Wireless Association and research firm IDC.
Experts have tried to anticipate how big a problem malicious software might be by simulating attacks on cell phones in software labs. They have found that e-mail viruses can multiply by sending messages through a cell phone's address book. Viruses can allow unauthorized users into a phone to access passwords or corporate data stored on the device. And they can be used to manipulate the phone to make calls or send messages at the phone owner's expense.
"The nightmare scenario with cell phones is a virus that would delete the contents of your phone, or start calling [a toll number] on its own from the phone or recording every single one of your conversations and sending the recorded conversation somewhere," said Mikko Hypponen, director of anti-virus research at F-Secure Corp., a Finnish security firm.
In June, a gang in Europe that calls itself "29A" released a virus called Cabir. It spread through Bluetooth, a feature on some phones normally used to synchronize phones and computers. It sends wireless signals up to 30 feet, so calendar and contact information can be updated without hooking devices together with a wire. But Cabir hijacked that function, sending Bluetooth phones on a search-and-destroy mission to infect other Bluetooth phones, spreading the virus.
The resulting virus called attention to itself through a text message that said "Caribe -- VZ/29a." It also drained cell batteries and killed the phone's Bluetooth feature. Members of 29A did not respond when contacted through e-mail addresses posted on their Web site.
Once a virus gets out, it's hard to contain. Cabir was sent to the labs of anti-virus companies but continued to spread. F-Secure said Cabir last month spread mysteriously from those companies' labs to phones in Singapore. Cases have since been reported in the United Arab Emirates, the Philippines, and last week in Beijing. There are no known cases in the United States, according to security experts.
Companies are beginning to respond. Nokia Oyj plans to introduce two phones in coming months with built-in anti-virus software. "As an industry, it's our responsibility to react very quickly," said Laurie Armstrong, a spokeswoman for the Finnish cell phone maker.
DoCoMo, Japan's main cell phone carrier, launched a McAfee program that can send software over the cell phone network to combat problems with malicious software on its phones. Dozens of smaller companies are also jumping into the mix. Companies such as Trust Digital of McLean and Baltimore-based Bluefire Security Technologies Inc., which is backed by Motorola Inc., are designing software to help companies protect their wireless phones from hackers. Last year, Texas Instruments Inc. started using security technology made by Belcamp, Md.-based SafeNet Inc. in the chips implanted in Nokia cell phones.
"The industry recognizes that today we're in a sheltered environment," said Mark Desautels, vice president for wireless Internet development at CTIA, "but that's not where we're going to stay."
