Mobile Security
Since about 2004, when mobile viruses first came onto the scene, the world has become regrettably accustomed to hearing news about threat after threat attacking their mobile phones. The appearance of threats on various mobile telecommunications platforms – Mosquitos on Symbian, RedBrowser on the J2ME, Phage on the Palm OS, and so on – were, rightfully, ‘big news items’ and brought a fair amount of attention to the emergence of malicious programs targeting the mobile phone. Since then, a constant parade of viruses, worms and Trojans has made “mobile malware” a fairly well-known phenomenon to the average mobile phone user.
Interesting New Trends
In recent years however, some interesting shifts in the mobile landscape have occurred. For a start, mobile malware has begun to transition from passively distributed files that required the user to actively download and install them, to malware that independently and aggressively distributes itself. Such was the case in the transition from user-downloaded games such as Mosquitos or trojans such as Skulls, to viruses such as CommWarrior, and the infamous Cabir worm.
Another interesting development is the increasing ubiquity of internet connectivity on ‘smartphones’. Similar to how the widespread adoption of Bluetoothconnectivity around late 2003 soon lead to the rise of Bluetoothworms and trojans, the adoption of internet-connnectivity on a massive scale may potentially act as a new vector, or pathway that malware authors can exploit to get their malicious programs onto the phones.
The addition of a potential new vector is also accompanied by an increase in economic motive for malware authors to exploit it – specifically, the potential data stored on the mobile phone. As mobile phones become more versatile, resembling their computer counterparts, more users are using them for sensitive business and official transactions, and even storing confidential information on them. With the potential wealth of data sitting on the mobile phone units however, it seems quite likely that malware authors will take up the challenge of creating malware targeting this portable ‘gold mine’ of information.
Another potential ‘gold mine’ for malware authors is the increasing prevalence of mobile banking, where certain types of banking services are performed using the mobile phone. Mobile banking has been touted as a customer-friendly solution for a variety of banking services, and has been enthusiastically adopted in a number of countries. Like its online counterpart however, the temptation of ‘easy’ access to a user’s bank account is likely to spur malware authors to creating malicious programs attempting to evade or exploit mobile banking security, leading to some concerns that mobile banking malware may eventually make an appearance.
The Internet Comes To The Phone
These days, Internet connectivity is becoming a ‘must-have’ feature for smartphones, due to the relentless drive among users to perform traditionally computerbased, Internet-related activities on their phones – activities such as surfing (potentially malicious) websites, accessing social networking services, downloading applications and so on. As the smartphone becomes more and more connected however, there is an increase in the amount of risk a smartphone user unconsciously assumes.
One of the most significant concerns is that, much like the introduction of widespread Bluetooth connectivity years earlier, the widespread adoption of Internet connectivity provides another avenue for attackers to get their programs onto the smartphone – and there is little doubt that malware authors are able and willing