[LINK] Hackers find cell phones next weak link to exploit

tal tal at pacific.net.au
Tue Nov 30 11:42:28 EST 2004 

     Hackers find cell phones next weak link to exploit
    Virus converts each icon into a death's head
    - Yuki Noguchi, Washington Post
    Monday, November 29, 2004

    Early this month, several Web sites began offering software
promising ring tones and screen savers for certain cell phones.

    But those who downloaded the software found that it turned every
icon on their cell phone's screens into a skull-and-crossbones and
disabled their phones, so they could no longer send or receive text
messages or access contact lists or calendars.

    Security experts named the malicious software Skulls and consider it
an early warning of the damage hackers could do as they turn their
malevolent talents to cell phones from computers.

    "Hackers are simply trying to put it out there that it can be done,"
said Vincent Weafer, senior director of security response for Symantec
Corp., a security software firm in Cupertino. "The motivation is to say
(cell phones) aren't as secure as you think."

    Mobile phones are a tempting target because they've become a part of
everyday life. In addition, consumers are buying more sophisticated
smart phones with Internet connections that provide an easier pathway
for cell phone infections.

    Few phones come equipped with protection against malicious software,
but some companies are starting to install it. Most cell phone users
aren't on guard for attacks like those that periodically take down
computers worldwide, and at this point, there is little they can do to
protect themselves.

    "The impact is potentially larger on the phone because we're not
savvy about that," said Victor Kouznetsov, senior vice president of
mobile solutions at Santa Clara's McAfee Inc., a security software firm.

    Skulls is one of five malicious software programs attacking cell
phones this year, security experts and analysts said. The scale of such
attacks is hard to quantify because the federally funded CERT
Coordination Center at Carnegie Mellon University, which monitors
viruses and other malicious software on the Internet, doesn't separately
tally reports of such problems with cell phones.

    But there are anecdotal reports. For instance, in Japan, cell phones
have frequently been sent junk messages, some of which redirect phones
to Web sites that cause the phones to crash.

    Most basic phones can send and receive text messages, which makes
them vulnerable to some attacks.

    The potential for trouble increases with smart phones. Like a
computer, the newer phones can run e-mail programs and download
PowerPoint slides, games and other applications that can come with
malicious software attached.

    Such advanced phones make up 2 percent of cell phones in the United
States, according to the Yankee Group research firm, which predicts that
share will increase to 17 percent by 2008.

    Software that protects computers from viruses and other bad software
has not been programmed for cell phones.

    John Pescatore, an analyst with research firm Gartner, said
malicious programs will be as big a problem for cell phones in 2006 as
they are for computers now.

    "First, it will be a nuisance," he said. "The next phase will be
crime, like theft or theft of service, and then after that, we'll start
seeing different types of attacks" that take down networks.

    Now, computers are a bigger target. Cell phones use a number of
operating systems, meaning that separate programs must be designed to
disable each one. That makes it harder to design a mass attack. "It's
never going to be as uniform a landscape for hackers," so it's unclear
how broad an attack might be, Yankee Group analyst John Jackson said.

    Still, concerns are growing with cell phone use. There are 170
million cell phones in use, compared with fewer than 116 million
personal computers, according to research firm IDC.

    Experts have tried to anticipate how big a problem malicious
software might be by simulating attacks on cell phones in software labs.
They found that e-mail viruses can multiply by sending messages through
a cell phone's address book.

    Viruses also can allow unauthorized users into a phone to access
passwords or corporate data stored on the device. And they can be used
to manipulate the phone to make calls or send messages at the phone
owner's expense.

    "The nightmare scenario with cell phones is a virus that would
delete the contents of your phone, or start calling (a toll number) ...
or recording every single one of your conversations and sending (them)
somewhere," said Mikko Hypponen, director of anti-virus research at
F-Secure Corp. of Finland.

    Companies are beginning to respond. Nokia plans to introduce two
phones in coming months with built-in anti-virus software.

    "As an industry, it's our responsibility to react very quickly,"
said Laurie Armstrong, a spokeswoman for the Finnish company.

    DoCoMo, Japan's main cell phone carrier, has introduced a McAfee
program that can send software over the cell phone network to combat
problems with malicious software on its phones.

    Dozens of smaller companies are also jumping into the mix. Companies
such as Trust Digital of suburban Washington and Bluefire Security
Technologies Inc. of Baltimore, which is backed by Motorola Inc., are
designing software to help companies protect their wireless phones from
hackers.

    Last year, Texas Instruments Inc. started using security technology
made by SafeNet Inc. of Belcamp, Md., in the chips implanted in Nokia
cell phones.

     URL:
http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2004/11/29/BUGVJA28LL1.DTL
    ©2004 San Francisco Chronicle 

Tim Lister
South Sydney Greens
(02)9557 4050
timlister at webspinning.org
http://ssg.nsw.greens.org.au
"Think Globally, Act Locally"

More information about the Link mailing list