Hackers can scoop up calendars, contact lists and other sensitive
information, or turn a mobile phone into a bugging device to secretly
listen in on conversations. Mobile viruses that spread through the air
can disable phones completely.
Few mobile phone users have been seriously harmed yet by security
breaches. But experts say serious threats are likely to emerge as
mobile phones evolve into tiny computers capable of communicating in a
variety of ways.
"There is a very large pool of vulnerable devices already in use, and
inevitably this will lead to issues with the owners of those devices,"
said Adam Laurie, a U.K. security expert who has uncovered several
security holes.
"Problems like this are only just beginning to surface," Laurie said
in an e-mail interview.
Because mobile providers like Cingular maintain tight control over
their networks, users have so far largely avoided the spam, spyware
and other hassles that plague computer users.
But that doesn't mean they're immune from other threats.
Laurie demonstrated last spring that he could copy
the calendars and contact lists of 46 British lawmakers and turn their
phones into bugging devices that could pick up nearby conversation,
simply by hanging around Parliament and waiting for victims to walk
by.
Laurie was able to tap into their phones using Bluetooth, a
short-range wireless technology included on many new phones that
allows users to zap each other their contact information, talk through
their car stereos and sync up with computers without a cable.
LIKE THE COMMON COLD.
Bluetooth also allows viruses to spread through the air like a common
cold.
The Cabir virus that surfaced last June is relatively nontoxic,
antivirus firms say. It requires the user to click "OK" before it
installs itself, it doesn't harm the phones it infects, and it can
only spread to one other phone until the host phone is rebooted.
Cabir has managed to spread to nine countries so far, paving the way
for other, more harmful viruses.
Early computer viruses did little more than flood networks with
unwanted traffic, but more recent viruses like Bagle enable criminals
to secretly take control of infected computers and use them to commit
identity theft or extort protection money from online businesses.
That pattern is emerging with mobile viruses as well.
A virus called Skulls disables phone applications and replaces their
icons with a skull-and-crossbones symbol, while another disguised as a
video game called Mosquito automatically places calls to toll numbers,
according to descriptions by several antivirus firms.
Antivirus analysts at Kaspersky Labs in Russia are currently
investigating a report that Lexus car stereos have been infected with
a Bluetooth virus.
"In the future we can come across viruses for nearly any complicated
device. Imagine your fridge throwing food in the microwave oven,"
Kaspersky spokeswoman Olga Kobzareva said in an e-mail interview.
Some experts say mobile viruses aren't likely to become as widespread
as computer viruses because no single operating system predominates,
unlike the 90 percent of personal computers that run some version of
Microsoft Windows.
Only 1.8 percent of the 164 million mobile phones sold in the last
three months use Symbian, the operating system targeted by virus
writers, said Greg Mastoras, a senior security analyst at the
anti-virus company Sophos.
"We don't think it's a big issue to think about right now," he said.
Nokia and Sony Ericsson offer patches for phones that have proven
susceptible to viruses and Bluetooth hacks, and industry engineers now
check for security holes before releasing new products.
Users can install antivirus software on their phones, or simply place
Bluetooth in "hidden" mode so it is not visible to other devices.
"We're trying to design the future in a way that will prevent as many
hacks as possible," said Joe Farren, a spokesman for the Cellular
Telecommunications and Internet Association, a Washington-based trade
group.
But new headaches are likely to emerge as the industry consolidates
around one or two operating systems and adds Wi-Fi Internet
capability, said Tristan Henderson, a research assistant professor at
Dartmouth College's Center for Mobile computing.
"Once we have cell phones that are connected to the Internet, someone
sitting in China or Russia or anywhere can attack a cell phone in New
York, and that will be fun," he said.
NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . New articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance Reuters News Service.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml