Smartphone malware: Still the next big thing?
Conficker may have dominated security headlines this quarter, but Finnish security company F-Secure says the lesser-known "Sexy View" worm represented a new threat: the SMS and phone-based worm and the mobile botnet.
Sexy View is a social engineering worm which uses a device's contact list to spread. It sends a text message to all contacts with a link to a Web site that installs a malicious application that shares the phone's information (like its serial number) with the virus' creators. It targets devices running Symbian S60 3rd edition and was first found on Nokia 3250 handsets.
"It is the first text message worm ever." said F-Secure's Chief Research Officer Mikko Hypponen. "It's also the first mobile phone worm that circumvents the signature checks that are meant to secure the latest smartphones. And the motive behind it seems to be to collect information for mobile phone spamming purposes. Mobile phone spam is already a big problem in some parts of the world -- eventually it will be an issue everywhere."
But there have already been hundreds of malwares for Symbian besides simple text messaging, and the opportunities for them to be fruitful and multiply extend further than mere spam. Last week, Visa introduced the world's first Near Field Communications technology for "wallet phones," where an NFC chip with the owner's bank information is installed in the phone, allowing simple SpeedPass style use in transactions.
Fortunately, the first handset to use the technology is the Nokia 6212, which runs Nokia S40, a non-Symbian operating system that does not let the user install new applications.
F-Secure is understandably concerned with mobile threats of this nature, as it's been the default anti-virus software provider for a number of Nokia devices since 2004. Hypponen has repeatedly warned the public that the increasing connectivity of mobile devices provides new ingress for malware.
Shortly after signing a deal with F-Secure, Nokia enlisted the help of Symantec for the protection of S60 and UIQ devices, and Trend Micro offers a number of mobile virus protection services, which includes not only protection for Symbian devices, but also for Windows Mobile for both PocketPC and Smartphone.
There's a catch to this, though, and perhaps you've already spotted it.
Most of the alarmist reports of mobile infections in the last few years have come from companies that also happen to make mobile virus protection software, spawning the question: "Are Symbian and Windows Mobile mobile devices actually in danger, or is this simply a case of manufactured demand -- nay, fearmongering -- by security providers?"
Fortunately, there is now more nonpartisan conviction to back up the fear. A recently published study funded by Deutsche Telekom examined anomaly detection in smartphones, and came to this conclusion: "We believe that the evolution of malware for mobile devices will take a similar direction as the evolution of PC malware. Thus, similar problems will have to be encountered, e.g., missing signatures for unknown threats and new malwares appearing at high frequency."
The group tested several different malware classes on a Nokia E61 running Symbian OS 9.1, a Nokia 7610 running S60 7.x, and an HTX TyTN B running Windows Mobile 5. One virus the group tested took a picture through the Nokia E61's front camera when the keypad was being used, guaranteeing a shot of the user. This picture was then sent via MMS to a pre-defined mobile number. Another malware was remotely controlled by SMS messages which could delete the user's entire phonebook when the SMS was opened.
However, these malwares are not likely to be encountered in the wild, as they were created by the research group. The group said that, despite their best efforts, they had to make their own to produce realistic results because there is actually a sufficient lack of available smartphone malware for newer platforms.
Nonetheless, the group finds that protection is absolutely needed, but as is the case with PC anti-virus software, signature-based protection methods are simply not good enough.
[Picture of real micro-worms courtesy of BuyMicroWorms.com]