Another Hole To Plug

As companies grant more network and application access via handheld devices such as smart phones, securing the devices is moving up the priority list. That explains why McAfee last week started selling a $30 security platform for mobile devices that identifies and removes viruses, worms, and other malicious applications.

Mobile devices are vulnerable to attacks because users usually aren't behind a firewall, says Stacey Quandt, an Aberdeen Group analyst. And many smart phones and PDAs now come standard with advanced functions, including Wi-Fi, Bluetooth, and Web-browsing capabilities, which make them more vulnerable.

McAfee's VirusScan Mobile can scan files, instant messages, Internet downloads, and E-mail attachments for threats as they are received or sent. And it supports lower-end cell phones that don't have an operating system. Other mobile security packages are built around mobile operating systems.

Hackers and virus writers haven't yet caused that much trouble for company IT teams through mobile handheld devices, but the security threat looks real. In the past two years, several mobile viruses have emerged: the 2004 Symbian worm called Cabir replicated through a Bluetooth connection; the 2004 Pocket PC attack called Duts spread through exchanging infected programs; and the 2005 Skulls virus disabled applications and replaced screen icons with skulls, disabling all functions except incoming and outgoing calls.

Symbian phones, which are popular in Europe, are affected by mobile malware most often, but threats to the Microsoft platform are increasing, says Drew Carter, senior product manager of mobile initiatives at McAfee. That includes Microsoft's recently launched Windows Mobile 5.0 operating system. "If you have an operating system or applications with known vulnerabilities, then you're exposed as soon as you're using T-Mobile [services] from a Starbucks," Quandt says.

While security threats to mobile devices are in the early stages, they're likely to become a bigger problem as the devices proliferate, as faster wireless data network speeds let people download files faster, and as mobile hackers become more sophisticated, says Todd Thiemann, director of device security marketing at Trend Micro, an IT security software company that also sells mobile security software.

Mobile security vendors including F-Secure and Symantec have similar offerings. The vendors are pushing the notion that malware is growing faster on smart phones and PDAs than on desktop and laptop computers because they're constantly connected, in similar fashion to an unsecured wireless LAN. "The same can be done with Wi-Fi-enabled mobile devices waiting for a connection," says Antti Vihavainen, VP of mobile security at F-Secure.

McAfee also is selling an enterprise version of the software that's available for Windows Mobile 2003 Pocket PCs. Manufacturers can purchase a different version of the software and embed it into mobile devices. That means in the future more devices could come standard with antivirus and scanning capabilities.

Photo by Zuma Press