Mobile phones are soft targets for virus writers

Malware targeting mobile devices is evolving too fast for security technology to keep up.

Cyrus Peikari, CEO of Airscanner, spoke at the RSA Conference in San Francisco about the emerging threats on mobile devices, especially those using Windows Mobile operating systems.

"The good news is we are seeing mobile viruses evolving the same as malware on PCs did, so we know what to expect" Peikari said. "The bad news is they are doing it much faster. Faster than the devices are evolving to deal with the threats." So while there have been relatively few mobile viruses in the wild so far, the growing sophistication is causing alarm, he said.

For example, Peikari described memory card infectors, able to automatically infect mobile devices if users swap cards, harking back to the floppy disk infectors of old.

"And since then we have seen Dust, which was incredibly sophisticated malware even though it did little damage. It performed the equivalent of Chernobyl's Ring 0 attack on the Windows operating system, but on the supposedly protected Windows Mobile kernel," Peikari said.

"And we recently saw the first polymorphic encrypting engine for Windows Mobile, written by virus writing group 29A," Peikari said. "In Win32, there are ways to detect that, but there are currently no ways to do that on the mobile platform." Police recently questioned former 29A member Benny about Slammer, and the group has been quiet since. "We have no idea if this polymorphic engine is in the wild or not," Peikari warned.

Windows Mobile platforms are not the only targets: viruses have attacked Symbian and Palm devices too, but the tools enabling developers to port applications from Windows PC systems to mobile devices are making the malware authors' lives much easier, Peikari said.

Drawing analogies to the Smallpox infections which ravaged the Americas and Bubonic Plague which nearly halved the population of Europe in the 14th century, Peikari said mobile viruses attacking platforms with inadequate protection could pose a major threat. Brador, one of the very first Windows Mobile trojans, gave full remote access to infected devices. That could blow apart perimeter security if the user accessed their corporate network via a VPN connection, Peikari said.

Coupled with SMS format attacks (using malformed messages to crash devices) and mobile phone spam which is already a major problem in Japan and growing in Europe, the mobile community could be in for a rough time.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.