Don't Worry Yet; Mobile Worms Won't Show Until '07 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
6/21/2005
03:01 PM
50%
50%

Don't Worry Yet; Mobile Worms Won't Show Until '07

Mobile phone and PDA users have more than two years to get ready for a quick-spreading worm, security research analysts said as they poked holes in anti-virus vendors' hype about the immediate need for defenses.

Mobile phone and PDA users have more than two years to get ready for a quick-spreading worm, security research analysts said Tuesday as they poked holes in anti-virus vendors' hype about the immediate need for defenses.

"Anti-virus vendors see huge potential profits in selling security to billions of cell phone and PDA users," said John Pescatore, vice president and research fellow with Gartner. "In particular, the anti-virus industry sees cell phones as the way to grow sales outside of a flat, commoditized PC market."

Client-side anti-virus software meant for cell phones and PDAs "certainly work," said Pescatore. "They've got the products, but they're not selling them."

In part that's because the threat of a fast-spreading malicious worm or virus has been overblown by security vendors. In fact, the conditions for a real threat -- one that has the ability to infect more than 30 percent of mobile devices used in the enterprise -- simply don't exist.

And won't until the end of 2007.

The three factors that must exist before a Slammer- or MSBlast-style attack hits mobile devices, said Pescatore, are the large-scale adoption of smart phones, ubiquitous uses of wireless messaging to exchange executable files (as opposed to non-executables of today, like photos and ring tones), and the convergence of operating systems to the point where one enjoys a majority share of the market.

Those three conditions won't co-exist until around the end of 2007, said Pescatore and John Girard, another analyst at Gartner, who with Pescatore, authored a recently-published research note.

"There will have to be much better interoperability between mobile devices before a wide attack is possible," said Girard.

Both Girard and Pescatore believe that end-point security solutions for smart phones, cell phones, and PDAs are a waste of time. "Smart phone or PDA anti-virus approaches that rely on device software will always fail to block the most damaging viruses," the pair wrote.

Instead, said Pescatore, businesses need to ask their mobile carriers what they're planning on doing to block worms and viruses at the network level. "By the end of 2006, all wireless service providers should be required to offer over-the-air mobile malware protection," he added.

The one monkey with a wrench, said Pescatore, would be an attack based on a carrier's own over-the-air provisioning capabilities. Newer phone operating systems let carriers do automatic updating using OTA.

"If the OTA path is vulnerable, attackers would not need to use viruses or worms to spread malware, because they could install it directly," Pescatore and Girard wrote in their report.

"It would be like if someone hacked into Comcast," said Pescatore, "or Microsoft's Update service, and used the ISP or an update to install files, either automatically or by pretending to be from the ISP."

Pescatore doesn't discount that possibility. A 13-year veteran of phone giant GTE before joining Gartner, Pescatore said "hackers were like termites in the system even then, and those were 'dumb' phones."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
Commentary
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll