Don't Worry Yet; Mobile Worms Won't Show Until '07 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:01 PM

Don't Worry Yet; Mobile Worms Won't Show Until '07

Mobile phone and PDA users have more than two years to get ready for a quick-spreading worm, security research analysts said as they poked holes in anti-virus vendors' hype about the immediate need for defenses.

Mobile phone and PDA users have more than two years to get ready for a quick-spreading worm, security research analysts said Tuesday as they poked holes in anti-virus vendors' hype about the immediate need for defenses.

"Anti-virus vendors see huge potential profits in selling security to billions of cell phone and PDA users," said John Pescatore, vice president and research fellow with Gartner. "In particular, the anti-virus industry sees cell phones as the way to grow sales outside of a flat, commoditized PC market."

Client-side anti-virus software meant for cell phones and PDAs "certainly work," said Pescatore. "They've got the products, but they're not selling them."

In part that's because the threat of a fast-spreading malicious worm or virus has been overblown by security vendors. In fact, the conditions for a real threat -- one that has the ability to infect more than 30 percent of mobile devices used in the enterprise -- simply don't exist.

And won't until the end of 2007.

The three factors that must exist before a Slammer- or MSBlast-style attack hits mobile devices, said Pescatore, are the large-scale adoption of smart phones, ubiquitous uses of wireless messaging to exchange executable files (as opposed to non-executables of today, like photos and ring tones), and the convergence of operating systems to the point where one enjoys a majority share of the market.

Those three conditions won't co-exist until around the end of 2007, said Pescatore and John Girard, another analyst at Gartner, who with Pescatore, authored a recently-published research note.

"There will have to be much better interoperability between mobile devices before a wide attack is possible," said Girard.

Both Girard and Pescatore believe that end-point security solutions for smart phones, cell phones, and PDAs are a waste of time. "Smart phone or PDA anti-virus approaches that rely on device software will always fail to block the most damaging viruses," the pair wrote.

Instead, said Pescatore, businesses need to ask their mobile carriers what they're planning on doing to block worms and viruses at the network level. "By the end of 2006, all wireless service providers should be required to offer over-the-air mobile malware protection," he added.

The one monkey with a wrench, said Pescatore, would be an attack based on a carrier's own over-the-air provisioning capabilities. Newer phone operating systems let carriers do automatic updating using OTA.

"If the OTA path is vulnerable, attackers would not need to use viruses or worms to spread malware, because they could install it directly," Pescatore and Girard wrote in their report.

"It would be like if someone hacked into Comcast," said Pescatore, "or Microsoft's Update service, and used the ISP or an update to install files, either automatically or by pretending to be from the ISP."

Pescatore doesn't discount that possibility. A 13-year veteran of phone giant GTE before joining Gartner, Pescatore said "hackers were like termites in the system even then, and those were 'dumb' phones."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
How COVID is Changing Technology Futures
Jessica Davis, Senior Editor, Enterprise Apps,  7/23/2020
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
Register for InformationWeek Newsletters
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll