Virus writers take aim at cell phones

Cell phone viruses may be at the same threat level PC malware was 10 years ago, but experts point to a growing concern and preparation for the inevitable onslaught.

Late last week, Finnish anti-virus group F-Secure reported several incidents of the Cabir virus on Nokia phones in California.

The virus was transmitted by Bluetooth, a short-range wireless protocol, and its impact appears to be limited to draining battery life.

The virus was first discovered in June of last year and originated in the Philippines. Using Bluetooth as a transmission mode, it has made its way across a dozen countries, including Canada, according to Vincent Weafer, senior director of Symantec’s security response, based in Cupertino, Calif.

Cabir is not the first virus to be designed for cell phones, but the first to be discovered “in the wild.” A backdoor Trojan called Skulls is also targeting cell phones and encourages a user to download it by disguising itself as a Macromedia Flash player. It was sent out to security firms last November as a warning of the virus writer’s abilities.

“Most of these are ‘proof of concepts’ rather than reality,” said Weafer. “We’re really looking at a future trend rather than something that’s happening right now.”

But the more sophisticated cell phones become, the larger the target they present to virus writers.

“Basically, these devices are becoming similar to PCs in terms of the level of complexity and the level of tasks they can perform,” said Eddie Chan, analyst with Toronto-based IDC Canada Ltd.

The phones that were targeted by Capir and its variants all use the Series 60 user interface, running on a Symbian operating system. Series 60 is the UI of choice for Nokia smart phones, but is also licensed to Samsung, Siemens and other device manufacturers.

“It comes down to this,” said Dean Carey, security systems engineer at McAfee Canada. “Anything that’s IP-connected is susceptible to worms, viruses, hacks, Trojans, you name it.”

McAfee has a security deal in place with NTT DoCoMo, a Japanese cell carrier with about 47 million customers, and has done since 2002. McAfee submitted its DoCoMo security specs to the Open Mobile Alliance, with a view towards creating some standards.

“Hopefully, there can be some kind of standardardization around it, so whether its Nokia or whomever, they can look at a standard API that anti-virus vendors can adhere to so that it’s easier to develop code,” said Carey. “With all the different platforms, it takes some time respective to (security) solutions around them. You target what you can.”

Symantec has a partnership with Nokia and makes firewall and anti-virus software for smart phones. Those features must be activated by the Nokia users, said Weafer.

“The reality is, you’re more likely to have your mobile phone lost or stolen than have a virus or other type of security threat hit it,” he said, adding the Cabir virus can be easily avoided. It can only be transmitted if the Bluetooth feature is in discovery mode. It should only be turned on if the user actually wants to connect to other device.

“A lot of it goes back to best practices. With Cabir, you had to receive an attachment, you get multiple warnings, including the fact that it was unsigned, untrusted content coming in to you,”” he said. “”Much like we say with PCs, watch out for content coming in to your device.””

Threats to cell phone security are rare and limited right now, with the largest problems being reported in Asia. The threat to Canada in particular is low, according to Chan. But that’s largely a result of how far Canada lags behind Europe and Japan in terms of network and device sophistication.

“There’s been talk of viruses for the last year or two,” said Chan, “but we’re slowing getting there.”

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+