Hardware & Infrastructure
News
12/3/2004
10:13 PM
50%
50%

Dial V For Virus

Hacker attacks and growing use of 'smart' cell phones raise new concerns about information security

When Phil McMurray learned last week that the Cabir Bluetooth worm found an easier way to spread through a symbiotic relationship with the Skulls cell-phone Trojan, he was hardly surprised. McMurray, IT security officer at Advo Inc., a $1.2 billion-a-year provider of direct-mail services, was already in discussions with his security vendors about antivirus software and firewalls for several hundred smart phones and handhelds used by Advo employees. "These types of attacks serve as a catalyst," McMurray says. "We're beginning to take a serious look at these security issues. You don't want to get stuck behind the curve on something like this."

Security professionals like McMurray view the rising number of hacker attacks on mobile phones as much more than a mere annoyance to salespeople, executives, and other employees. The growth in PDA-like smart phones—which offer the ability to access E-mail, word-processing documents, and spreadsheets or, increasingly, to tap into enterprise applications—is creating a new channel for malicious viruses and worms to enter the greater IT infrastructure, risking damage or even harmful leaks of proprietary business information. Add in concerns about the spreading use of the radio-communication standard Bluetooth, and many people are deciding this channel's vulnerability is growing right along with its importance.

Cell-phone security must be taken seriously, says Jeff Nigriny, chief security officer with online exchange Exostar LLC. Photo by D.A. Peterson

Cell-phone security must be taken seriously, says Jeff Nigriny, chief security officer with online exchange Exostar LLC.

Photo by D.A. Peterson
"Lots of corporate data is being held on these devices, and security needs to be taken seriously," says Jeff Nigriny, chief security officer with online exchange Exostar LLC. Nigriny is looking to secure some 20 mobile phones and wireless E-mail devices used by salespeople and senior executives. "These devices are heavily relied upon now," he says.

Security vendors haven't made cell phones a high priority, but they're starting to answer the call. Trend Micro Inc. this week will begin offering Trend Micro Mobile Security, software designed primarily to block spam sent via the Short Message Service standard but also to protect some types of phones from viruses. McAfee Inc. recently began offering a version of its VirusScan as a built-in service on new DoCoMo FOMA 901i series 3G mobile phones and says support for more models will follow. Symantec Corp. offers antivirus and security capabilities for PDAs and says it's developing antivirus and firewall security tools for mobile phones. And Nokia Corp. soon will distribute F-Secure Corp.'s Mobile Anti-Virus with its Nokia 7710 smart phone.

There's also an emerging group of startup companies offering protection for mobile devices, including cell phones. Bluefire Security Technologies Inc. is adding VPN capability to its upcoming Bluefire Mobile Security Suite, which will provide encrypted communications from the phone into the network, as well as integration with corporate identity databases that manage access rights to networked devices and applications, CEO Mark Komisky says. Also included with the suite will be the ability to spot so-called "rogue" devices, such as mobile phones not approved for company network access.

Companies shouldn't exaggerate the threat of mobile-phone viruses, since none has done significant damage and few phones are used as network-linked computing tools. Yet it's also true that the vendor community has a way to go to offer the suite of antivirus and other tools users need to combat a major threat or attack. "As a community, we're simply not ready yet," acknowledges Victor Kouznetsov, senior VP of McAfee's mobile solutions.

The recent hookup between Skulls and Cabir provides a spooky glimpse of what could happen. Early last month, unidentified virus writers posted on shareware Web sites what has since been named the Skulls Trojan, disguising it as a theme manager that offers cell-phone interface features. An undetermined number of people with cell phones running the popular Symbian mobile operating system downloaded Skulls. Rather than getting snappy new backgrounds and icons, their existing icons were transformed into skull-and-crossbones images, and applications on their phones stopped working.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.