- Category: September - October 2009
Modern mobile phones have nowadays a wide range of functions, such as a camera, Internet access, MP3 player, navigation equipment or a game console. The coercible conclusion is that a portable "mini-computer" can be abused just as well for the spread of malware, the delivery of unsolicited advertising messages, or identity theft, same as a desktop or notebook. Pests, such as Cabir or Skull, which created a big hype but no serious damage to infected mobile phones, are here the slightest risk. Modern mobile viruses, however, possess virtually all functions of computer viruses, with the only difference being that the computer virus needed for the evolution of this broad range of functions twenty years, the mobile virus only five. So, most probably we have to deal with the most dynamic and fastest class of malicious programs soon and it also seems that we are only seeing the tip of the iceberg at the moment.
Cell phone threats of the future will be targeting identity and password theft as well as phishing for confidential data to fill the wallets of the attackers, allowing for instance Trojans to be embedded in the memory of the phone and to steal data as soon as the cell phone owners connect to their bank Website.
Indeed, mobile viruses are no longer something exotic in the databases of virus laboratories and in order to bring a mobile phone into danger it’s enough to sojourn in a large crowd of people, be it in the subway, in the cinema, or at the airport.
Asian e-Marketing used the opportunity last month to talk to Victor Dronov, product manager Mobile Solutions of Kaspersky Labs’ Moscow Headquarters. He was in Singapore for his company’s launch of their next-generation content-management security solutions, presenting Kaspersky Mobile Security 8.0 that solves those problems that you’d rather not like to deal with. Indeed, with this suite, you can sleep better knowing that your smartphone and its contents have the same level of security as your PC. It’s packed with the richest range of features found in any smartphone security solution, protecting against loss and theft while safeguarding your privacy from prying eyes and cybercriminals.
It was 5 years ago that Kaspersky Labs identified the first virus in mobile devices and I was curious to find out from Victor what has happened since then. His company has definitely succeeded in building a system of monitoring and detecting new mobile virus activity which is now fully integrated in a virus lab. “Every month, we detect up to 30 new mobile malicious applications”, he said, adding that they would in general analyze the scope of problems that could harm today’s smartphone users, including loss or theft of a device, SMS and voice spam, parental control issues and encryption, so that as a result, Kaspersky Mobile Security users today are 100% protected against these risks.
According to Victor, one possible reason for the rapid spread of malicious mobile devices is to some extent the poor computer know-how among mobile phone users. On the other hand, even experienced users barely realize the mobile virus threat to mobile devices and believe it will probably be more a problem in the future. And as long as only a small number of people became victims, mobile anti-virus protection won’t become a must, as it is a must for PCs today, he believes.
Talking about Asia he said that “unfortunately it has become a “homeland” of a very big part of mobile virus writers” and explained that the latest round of mobile threats that spread globally came from Indonesia and was a J2ME (Java-based) Trojan stealing users money by sending premium SMS without the mobile user’s knowledge. Another mobile virus with the same goal that caused an epidemic in Spain in 2007 is the mentioned “Comwar.
As to which countries are the ones where most mobile viruses and threats are created and designed, Victor identified China, South East Asia, and Russia.
But although sophisticated mobile users understand the importance of security, many still have misconceptions about the actual risks. Customers are very concerned with identity theft based upon information obtained from their phones and individuals with scanners listening to conversations, but the real risk comes, according to Victor, from users losing phones and poor password discipline. One of the challenges to overcome is that it is a rare occurrence which lulls cell phone owners into complacency. Significantly, smartphone users, the very users whose devices cost more and that have greater access to corporate databases, tend to lose their phone 40% more frequently. So why are most mobile users unwilling to support even basic efforts to secure data if it involves any degree of inconvenience and instead hold others, such as carriers and their service provider responsible for improving security?
The future of the small gadget looks rosy and nobody doubt that it will play a significant part in the time to come. Victor told me at this point an experience he had some years back: “I saw a presentation of Nokia’s VP at their event. He predicted that we all will be sending and receiving emails, surfing webs, making bookings and purchases right on the phone, use a phone as a payment tool. Some of these forecasts came into reality, some still not”. What was amazing to him was the fact that during the presentation, 100% of the visions, seemed to be very doubtful and came reality only 3-4 years later. The drivers here have been all major players that invest a lot, like Nokia, Apple, Microsoft, and Google. And from the mobile security perspective, he argues: “When a mobile platform exceeds 20 - 30 % market penetration, it becomes very lucrative to attack it in order to make some money. It’s the same scenario as seen on infected PCs.” Victor added-on: “The more abilities there are to run 3rd parties applications, the less secure is the platform.” Talking with having Windows Mobile, Symbian and Apple in mind, he admitted that in the past years all these vendors are monitoring and checking apps designed for their devices.
Isn’t it time you make your mobile experience even greater by ensuring you are safeguarded here?
For more information please visit: http://www.kaspersky.com/kaspersky_mobile_security
By Daniela La Marca