Mobile Phone Virus Found In U.S. Could Be Harbinger of Attacks To Come

A security analyst warns that a mobile phone virus found in two Nokia handsets at a store in California could be the beginning of a wave of malicious attacks.
LONDON — The mobile phone virus that appeared during the weekend in two Nokia handsets at a store in California could be the beginning of a wave of malicious attacks, a technology partner dealing in telecoms security at London based consultants Deloitte has warned.

"The proliferation of mobile devices provides a number of new entry points for hackers to gain access to private, corporate and even government networks.

"There are already more mobile phones than PCs in the world, meaning that a widespread attack on mobile devices could have major consequences. Factor in the rapid spread of WiFi " which hackers consider an open network " and the risks become all too evident," said Tony Cooper of Deloitte.

He warned businesses face the greatest risk, and could collectively lose millions of pounds a year to hacking, viruses and other malicious intrusions.

"As the latest mobile phone virus attack proves " it's no longer a question of if, but when," said Cooper.

He was referring to a version of the Cabir virus that turned up in two Nokia 6600s on display in a store in Santa Monica, California, in what is believed to be the first 'on-the-ground' sighting of the virus in the U.S.

The Cabir virus has been spotted in over 10 countries over the last year, as far apart as the UK and China, and in a number of variants. Early versions only succeeded in draining the battery of mobile phones, but later variants, that can target phones with all the most popular operating systems including those from Symbian and Microsoft's Windows Mobile, can destroy files and force handsets to dial premium rate numbers.

Security experts like Copper have been warning of worse impacts as such viruses spread and their creators become more sophisticated.

"The security business will be booming in 2005, with entirely new lines of business springing up from mobile operators, handset makers, services providers and systems integrators," suggested Cooper.

Security was at the forefront of the recent launch of Symbian's latest OS, version 9, and many operators are now highlighting the fact that they offer antivirus programs for their subscribers.

OS 9 for instance includes security protection to restrict an application's ability to access data and services it should not, using a digital signature.

And last week at the 3GSM World Congress in Cannes, France, as Nokia launched the latest version of its Series 60 smartphone software, the Finnish company urged industry to co-operate closely on strategies to combat virus attacks and improve security procedures.

There was no indication of how the handsets in the Santa Monica phone shop were infected. Most recent test cases and proofs of concept blame the inappropriate use of Bluetooth capability in phones as a means of attack.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing