The risk of spam and viruses that attack mobile devices is set to rise, says a report.
Security experts suggest current risks are small, and that attacks will take the same form as PC spam and scams.
End-user protection like anti-virus software is not yet mature in the mobile market, so the issue is being addressed by the network operators.
Mobile users are urged to employ the same safe behaviours familiar from PCs to reduce risks.
New threat
The annual Emerging Cyber Threats Report from the Georgia Institute of Technology Information Security Center (GTISC) in the US has identified mobile devices as particularly vulnerable platform.
It said that as more and more people adopt smartphones, more applications will allow financial and payment infrastructure that employs them, and the availability of such sensitive data will prove to be a draw for cybercriminals.
The growth of mobile spam and viruses has been reminiscent of the early days of PC spam and scam, says Simeon Coney of Adaptive Mobile, a firm that tracks malware and provides security software for mobile firms.
"One of common types we see now runs amok on the Symbian platform," Mr Coney told BBC News. "These viruses work their way through the contact book, sending themselves out to every subscriber who has been called or has called that handset."
Mr Coney says that network operators receive 100,000 virus incidences a day, nearly a 50% rise on last year. However, most subscribers are not infected - in part because mobile viruses are comparatively unsophisticated at present.
"The first generation of these were fairly easy for mobile operators to detect," Mr Coney said.
"Just like the first PC viruses came across as screensavers, in the mobile instance they came across as executable files. No-one was ever sending executable files themselves so it was easy to detect and block that.
"But in the last four months, the majority of viruses we now see are of a new type that either masquerade as an MP3 file, a picture file, or a media file."
People should start to exercise that same caution with their mobile devices that they do today on their PC Simeon Coney, Adaptive Mobile |
Adaptive Mobile has identified one particular virus called Beselo that spreads via MMS or by searching for nearby Bluetooth devices - a true "airborne virus".
For a typical network operator, they find, the virus is responsible for a rise in spam from 0.5% of traffic to 6% over the last 12 months.
The simple solution for users, Mr Coney says, is to employ the same behaviours familiar from computing.
"People should start to exercise that same caution with their mobile devices that they do today on their PC; think twice before running any attachment from someone you don't know, check your bill on a regular basis, and ensure your Bluetooth connection is not set in discoverable mode.
Mikko Hypponen, chief research officer at F-Secure, said statistics it had gathered about mobile viruses suggested there were about 400 in circulation.
"The growth rate is slowing," he says. "This is because the mobile vendors are awake and are installing better built-in security in their new phone models."
"We haven't seen much mobile malware that would use exploits to target vulnerabilities on mobile phones to gain access," he adds. "Almost all of them instead rely on users installing the malware themselves. This could change."
'Missed opportunity'
Up to now, mobile security has largely been in the hands of the network operators, who have taken a very pro-active stance to security for their users.
But the report instead suggests that co-operation between operators, manufacturers and application developers will be necessary.
The report lauds open-source mobile operating systems like Google's Android, which will make it easier for application developers to develop robust security.
The average life-cycle of mobile devices is just two years - compared to 10 years for a PC - so developing security infrastructure for mobiles will happen quickly.
"Because the mobile communications field is evolving so quickly, it presents a unique opportunity to design security properly - an opportunity we missed with the PC," says the GTISC's Patrick Traynor in the report.Original here
No comments:
Post a Comment