Just like any computer, smartphones are vulnerable to hackers and their malicious code. Michael House investigates the rise of mobile viruses, and asks if end-users or operators are taking them seriously enough
Computer viruses, in some way or another, have a direct impact on our everyday lives.
The looming threat of these slippery software infiltrators influence the websites we visit and what emails we open.
They are at the back of our minds whenever we sit at a computer – which for the majority of the UK population is part of every day.
But the threat of viruses and the ability of someone to worm their way into the centre of your life has in recent times taken on a new form.
The increasing use of smartphones and with it the reliance the UK population now has on these devices to help us ride out our busy lifestyles, presents a new platform of opportunity for ‘cyber criminals’ to earn their keep.
Viruses gain access to smartphones in a number of ways: emails, Wi-Fi, MMS, text messaging, Bluetooth, and increasingly through ‘trojanised’ smartphone applications.
The danger mobile viruses represent becomes even more disturbing when one considers the level of naivety people have towards such threats.
Errol Finkelstein is the general manager of Lancashire-based smartphone defence company BlackBelt. He’s concerned at how many people are not aware of the threat smartphone viruses pose, and believes this has given device penetrators a leg-up.
“People aren’t aware that a lot of data is vulnerable. Whether they are just storing company emails, or the heavier-duty things like purchasing details, banking transactions, financial services and even their location,” Finkelstein says.
“These are unprotected and simply waiting for an average hacker to find a route to connect with them.
“We are not yet even highlighting the more technical areas applicable to any laptop or smartphone, such as man-in-the-middle attacks, when in public areas and connecting to a Wi-Fi network.
The lack of knowledge among the general public is reflected in research showing the number of smartphones out there that are infected with viruses, according to Finkelstein. Network security research firm SANS found 18.1 per cent of smartphones in the US alone are infected with a virus – double the amount of infected PCs.
But that statistic could be even larger, he says: “As most smartphones are not protected (with antivirus software) and the studies have relied on users reporting infections, the true infection-rate may be much higher.”
It is, Finkelstein says, a potential happy-hunting ground for your average virus developer. A worrying statement, when the next step in the virus production chain is criminal cyber gangs.
According to Finkelstein, most smartphone viruses are created in Russia and China and designed to do one thing: make money.
This is done through a type of virus known as ‘malicious software’ or ‘malware’, designed to disrupt a smartphone or computer without the knowledge or consent of the device’s owner.
The malware can take many forms but on smartphones most commonly poses as an application, downloaded by the user to serve a different purpose – a trojan. It refers to the wooden horse the Greeks used to fool the people of Troy all those years ago.
Smartphone trojans work in two main ways. Firstly, the malware, posing as an application that may be of interest to you, is downloaded onto your phone. This virus is then able to monitor the information you put into your device – leaving, say, your banking information wide open to the virus creator, in the same way as a virus on your PC.
The second way is more common to smartphones. As in the first instance, the trojan, once installed, can use the SIM-card to make expensive calls to premium-rate numbers, intermittently, at times when the user is away from the device.
Mobile App Warehouse director David Hinc is experienced in the mobile viruses department, having previously worked for handset distributor 20:20 as its sales manager, dealing with products that included smartphone antivirus software.
Currently developing a white paper on the risk viruses pose to mobile users in the UK, he believes the technological advancements of these programs are only likely to increase.
“These viruses are becoming far more sophisticated – there has been one on Android that installs itself, then goes straight to ‘sleep’ for any period – anything up to 60 days.
“It then wakes up for a couple of hours and bangs off loads of calls to premium numbers. It’s timed to do this at opportunity times like 2am, when a user is asleep.”
The advancement of viruses is even greater in other cases. Hinc says there have been trojans that can escape even the shrewdest of mobile physicians.
“If you take your phone to someone who knows what they are doing, they can de-install it (the trojan application). But it has already stored [on an external server] all the data. So when you get a clean device back, the web server wakes up, realises it hasn’t spoken to this device for a bit and reinstalls [the virus],” he says.
Full article in Mobile News issue 486 (April 11, 2011).
To subscribe to Mobile News click here