Ever since 2004, when the first mobile virus occurred, I have been accused of scare mongering whenever I wrote anything about the potential of mobile-phone viruses to unleash denial of service attacks on mobile networks, rendering phones useless or dangerous when vital information is involved.
That's because at the time smartphones made up such a small part of the overall mobile device market and the fragmentation of operating systems didn't make it worthwhile for nefarious folks to create viruses--aside from just making them to prove they could. And besides, the only folks sounding the alarm were anti-virus companies that had a vested interest in selling products.
This week, however, Research In Motion's security chief called smartphone viruses an "area of concern," in an interview with Reuters. Scott Totzke, RIM's vice-president of BlackBerry security, gave a scenario where hackers could use smartphones to target wireless carriers with a distributed denial of service, or a DDoS attack. Totzke added that a technique involving data packets could be used to take down a mobile network and that hackers could do so using a relatively small number of smartphones.
Indeed, things are changing. Smartphones are becoming mini computers, allowing users to download virus-ridden software on their devices. Despite the fact that the smartphone OS space is highly fragmented, platforms such as the iPhone, BlackBerry and Symbian are now standouts, and smartphones have become vital business tools.
"In a way, we've already seen more serious vulnerabilities in the iPhone in a year and a half than we've seen in the whole life of Symbian and Windows mobile OSs," F-Secure chief security adviser Patrik Runald said in an article in Network World. "It shows the difficulty of squeezing these operating systems into small phones and making sure you only have the necessary parts that are required for the phone to work."
Last week, some Georgia Tech researchers got their hands on a $450,000 NSF grant to increase security on iPhones, BlackBerrys and other smartphones along with the mobile networks they run on. They also want to find ways they can help mobile operators detect malware on devices and clean them up remotely before they do significant damage. "While a single user might realize that a phone is behaving differently, that person probably won't know why," said Patrick Traynor, assistant professor at Georgia Tech's School of Computer Science, in a statement. "But a cell phone provider may see a thousand devices behaving in the same way and have the ability to do something about it."
Right now, RIM's Totzke said the best method for protecting against attacks is by regularly applying security patches released by smartphone manufacturers as they discover security problems. Few devices today have anti-virus software.
The question is: Will 2010 become the year of the mobile virus? It seems like a perfect storm is finally brewing, and it's another headache IT managers will soon have to deal with as more workers rely on smartphones to perform critical functions.--Lynnette
댓글 없음:
댓글 쓰기