Article

Future mobile attacks inevitable, researchers say

Robert Westervelt, News Editor

Mobile malware attacks will become a profitable target for cybercriminals in the next year, brought on by more powerful smartphones that make shopping and Web browsing much easier for users.

That was the message from a new report being issued this week by researchers at McAfee's Avert Labs. Mobile malware is not yet a great threat in the United States, but mobile malware in Japan has skyrocketed and is rising precipitously in Europe, according to the report.

The report examined smartphones using Windows Mobile Microsoft operating system. But popular use of the Apple iPhone and rising use of similar Windows smartphones could make cell phone users a target, said Dave Marcus, security research and communications manager at McAfee Avert Labs.

"Once user behavior is more focused on storing credit card information, bank account numbers and other sensitive data, we'll start seeing more mobile malware," Marcus said.

Researchers have been

Requires Free Membership to View

predicting a rise in mobile malware. As technologies converge and more phones have increased storage capabilities and the use of Wi-Fi to enable faster Web browsing, researchers say mobile attacks are inevitable. Mikko Hypponen, director of antivirus research at F-Secure Corp., said he expects mobile malware attacks to escalate thanks to interest in Apple's iPhone. Some mobile operators surveyed by McAfee earlier this year say they were the victims of mobile malware infections.

Hypponen said he's seen over 370 different examples of malware running on smart phone platforms. Almost all of them target Symbian-based phones, because Symbian is the market leader, with over half the smart phones in the world running that operating system.

The iPhone, which launched June 29 sold reached its one millionth sale in the 74th day of its distribution. Like some Windows-based smartphones, the browsing capability in the iPhone makes it easier for users to shop online, sending sensitive data. Phishing attacks also could rise, as links within email messages could send victims to seedy Web sites where their phone could be infected with spyware.

The McAfee report highlights targets of opportunity for attackers, including text messaging, which could be a hotbed for phishing attacks, a contact database, which could be used to spread attacks and weaknesses in Bluetooth technology.

Threat's against Windows Mobile may significantly increase because its current design leaves opportunities for malware writers, McAfee said. During its research of Microsoft's Windows Mobile, Avert Labs found unintended exposure of device contents, such as text messages, email, documents, call records and contact lists.

McAfee's Marcus said technology is already available to turn mobile phones into a remote surveillance device, giving an attacker the ability to record calls or text messages and even use the phone's camera for photos and video. A savvy cybercriminal can send remote commands, which could record periods of time.

Still, Zhu Cheng, a research scientist with Avert Labs and author of the McAfee Avert Labs report, said the mobile threats are "in the early stages." Mobile malware that exists today doesn't pose a significant risk since its used by cybercriminals in such low numbers.

"A lot of risks we're used to dealing with on the PC are going to migrate toward the mobile platform," Marcus said. "Be very aware of sites you go to on your mobile phone and if there's functionality or application that you're not using, remove it or shut it down."