When pranksters hacked into Paris Hilton’s cell phone last year, at the most they probably got a peek at some raunchy text messages and steamy pictures of the slinky socialite and her posse. But in the future, hackers could make off with more damaging data like company secrets and corporate passwords, as consumers pack more information into their increasingly feature-rich mobile phones.
For the last two years, security experts have been warning about virus or hacker attacks on these so-called smartphones that can do everything from read email to download programs. So far, those mobile phone attacks have been harmless.
The hack on Ms. Hilton’s phone turned out to be the result of a flaw in the T-Mobile phone security system, and a virus attack in 2004 caused no damage.
But this year could mark an alarming change. That’s because the number of people using smartphones like BlackBerry’s is approaching critical mass. And security experts fear there could well be a big attack on smartphones.
“Attacks on smartphones haven’t reached the critical mass needed but it will happen sooner rather than later,” said Eugene Kaspersky, founder and chief executive of antivirus firm, Kaspersky Lab.
Of course, the experts could be wrong. Many have been predicting a smartphone virus epidemic for some time now without the problem coming to pass. But security experts say it’s best to prepare for the worst.
Smartphone Sales Up
Last year, there were fewer than 5 million smartphone users in the United States, according to research firm IDC. With smartphones, users can also browse the Internet, access email, download and install applications, among other uses.
Just about 6 percent of the 700 million phones shipped in 2005 were smartphones, said Strategy Analytics. But sales of smartphones have been growing. According to In-Stat, the smartphone market jumped 70 percent in 2005 and Strategy Analytics estimates that smartphones represent the fastest growing mobile handset category.
The boom makes smartphones an easy target for virus writers, said Chris Rouland, chief technology officer for Internet Security Systems.
“Mobile phone attacks scale very well for fraud,” he said. “Phone viruses are propagating quickly and they have only been gated by the fact that there are not enough smartphone users today.”
Unlike virus attacks on PCs, those on smartphones don’t have to be widespread to cause losses, said Mr. Rouland. “The big difference between PC and mobile phone attacks is that in case of phone viruses, just a few hundred are enough to cause a problem,” he said.
That’s because cell phone carriers and phone companies will have to bear the price of cleaning infected phones, which could be at least $100 for every infected handset.
First Mobile Worm
In June 2004, security firms warned users about the first mobile phone worm, Cabir, which attacked smartphones made by Nokia, LG Electronics, Lenovo, Panasonic, and Samsung that run the Symbian Series 60 operating system (see Cabir spreads to the U.S., says Security Firm).
Phone users had to have their handsets configured to be in “discoverable” mode, not “hidden,” to catch the worm. The worm caused infected phones to display “Caribe!” and then use the Bluetooth feature to connect to propagate the worm.
Since then, there have been other mobile phone worms like “Mosquito,” which was the first Trojan horse virus for cell phones, and a virus called “Skulls.” But it may be still too early for a widespread attack, said Simon Khalaf, president and chief executive of Vernier Networks, a network security company.
“In Silicon Valley you tend to get the idea right but the decade wrong,” said Mr. Khalaf, who is betting that a widespread virus attack on smartphones is more likely in 2008. “Unless you can walk into a company and see that 30 to 40 percent of the devices are smartphones, I think we can’t say this is the year of the smartphone virus attacks.”
No Financial Gain
One reason that smartphones may not be a prime target is that malware writers are moving away from creating viruses for notoriety and are now focused on profiting from it. With the still relatively low usage of smartphones, there’s no financial gain for virus writers to create threats for smartphones, said security experts.
“Putting a worm on laptops where the objective is to steal financial or personal data is a bigger problem for everyone,” said Mr. Khalaf.
Still, antivirus is a huge business. Gartner expects the antivirus industry to generate about $2.7 billion in revenue by 2007 and it is not surprising that security experts would want to tweak the fear factor up once in a while. Source