Smart mobile technology is rapidly gaining in popularity – and hackers and crackers are among its biggest fans! Very few consumers know about the vulnerabilities of 3G technology, and only now is the industry waking up to the potential security nightmare.
Smart phone capabilities have evolved through Enhanced Data Rates for Global Evolution (EDGE) platform which delivers up to 7 times faster than a normal 56K Modem. Therefore, smart phones with an integrated PDA not only provide traditional voice communication and Short Text Messages, but also support wireless links to file resources. EDGE is 3 times faster than an ordinary GSM/GPRS network, allowing high speed send and receives data such as digital images, colour internet access, e-mail, downloading audio and video on the move.
EDGE is a new technology that gives capabilities to GSM, but there are major security flaws on GSM such as the base stations are not authenticated, and do not support encryption capabilities by default. Due to the United Nation's restrictions GSM phones do not have encryption capabilities. Some may say this may not be a major security threats, as data is transmitted mainly through wired network using encryption standards such as DES, RSA etc. but, if a large key size typically between 64-128 bit to encrypt and decrypt messages are used then the slow transmission bit rate may be an issue. Although, large key size ensures that a message is secure but the drawback is that it generates a large encrypted message block which requires greater processing power with longer duration of transmission period.
Other security threats from the smart phones come from the actual operating systems used, either Symbian or MS windows CE which are susceptible to malicious codes.
Current identified Malware specific to mobile devices are: Skull Trojan, targets Series 60 phones equipped with the Symbian mobile Operating System and deactivates the links to systems applications by replacing the menu icons with images of skulls. Cabir Worm, is the first dedicated mobile-phone Worm and infects phones running the Symbian operating system. Cabir spreads by disguising itself as a security management utility. Once it has infected a device that is using the Bluetooth Wireless technology the worm scans for other phones and sends a copy of itself to the first vulnerable phone it finds. The worst thing about this worm is that the source code for the Cabir-H and Cabir-I viruses can be found online. Mosquito Trojan is the cracked version of "Mosqutos" mobile phone game which was distributed through P2P. Mosquito affects the series 60 smart phones.
Brador Trojan, affects the windows CE Operating System by creating a file called svchost.exe in the windows start-up folder which allows full control of the device. This small executable file which is conductive to traditional worm propagation vector such as e-mail file attachments. The typical functionality of the Trojan is to send the IP address of the infected device to the virus writer and flagging the device as active.
Lasco Worm, is the first worm released in 2005 and infects PDAs and mobile phones running the Symbian OS. Lasco is based on Cabir's source code. and replicates over Bluetooth connection and arrives at the inbox folder as velasco.sis file. On opening the file the worm is activated and looks for new devices using Bluetooth technology. It is also capable of replication by inserting it self into other SIS files on the devices.
Other known Malwares are Duts virus, Pseudo-virus and Delf-HA Trojan. The security threat is an unknown territory in smart phone technology and with fourth generation technology being adopted, questions should be asked; is the society ready for this extremely advanced and sophisticated technology?, while many of us are still on the transient process of switching form 2, 2.5G to 3G. Industry and Governments together need to educate people and provide greater awareness of the dangers that exists when using mobile devices.