Ten years ago, mobile phones and Personal Digital Assistants (PDAs) were luxury items with limited functions. Now more than 84% of American adults have mobile phones (CTIA, June 2008), and they use them to keep calendars and phone books, send email, browse the Web, send text messages, and even occasionally make phone calls.
These email and Web browsing features are possible because many phones and PDAs are equipped with wireless technologies such as Wi-Fi and Bluetooth that let them connect to other devices and the Internet. Unfortunately, these wireless technologies make these devices vulnerable to the same kind of threats that laptops and desktop computers face, such as malware and data theft.
Malware on your mobile phone
Malware attacks on mobile phones are a rising trend, and the number of attacks doubled between 2004 and 2006. Malware attacks on mobile phones are a relatively recent phenomenon, but they are increasing more quickly than attacks on laptops or desktops. Most malware for mobile phones only affects smartphones, which are phones that have special computer-enabled features such as wireless email and Web browsing, graffiti-style data entry, and scheduling software. These smartphones use operating systems such as Windows Mobile, Linux, BlackBerry or Symbian. Currently, smartphones are quickly growing in popularity among mobile devices.
The first malware attack on phones occurred in 2004, when a worm called Cabir appeared that spread itself through Bluetooth. In 2005 the Skulls virus appeared, which disabled all phone functions except for incoming and outgoing calls. Since then, many worms, viruses, and Trojan horses for mobile phones have appeared. By 2007, McAfee Avert Labs had identified about 450 different kinds of malware-related threats to mobile devices.
Trojan horses are a form of malware that trick users into installing them by appearing to be useful software. Several Trojan horses have recently appeared for mobile devices that allow attackers to listen to your conversations, log your email messages, and rack up charges on your phone. One such Trojan pretends to be a program called RedBrowser that lets you visit WAP sites without using a WAP connection. Unfortunately, it does this by sending text messages to premium rate numbers that charge you $5-$6 per message.
Malware on your PDA
Malware attacks on PDAs are less common than attacks on mobile phones, but this does not mean that the threat doesn't exist. In 2000, three malware applications that attacked Palm OS PDAs appeared, one that deleted programs from the device, one that hid all applications, and one that physically removed all applications from the PDA's memory. Viruses can be transferred to your PDA through syncing, which is the process of coordinating data on your PDA and your PC. If you download an infected program from your PC onto your PDA, your PDA will become infected. You can also get infected by opening email attachments that have viruses, just as you can on a PC.
Data theft: The real threat
The greatest threat to mobile devices currently is data theft. This can happen by somebody getting a hold of your device or using your wireless connection to access your data. The greatest threat to mobile devices currently is data theft. This can happen by somebody getting a hold of your device or using your wireless connection to access your data. One way they can do this is through bluesnarfing, which is when an attacker takes advantage of weaknesses in Bluetooth technology to enter your device. The best way to protect yourself against these threats is to encrypt your data and use a password to lock your device. You should also turn off your Bluetooth connection when you are not using it. For more information on how to do this, see the encyclopedia entry on bluesnarfing.
What you can do
As mobile devices become more popular, the number of attacks on them will only increase. In response to these threats, many software manufacturers are creating anti-virus and security software for mobile devices. Such products are a good first line of defense against attacks, but there are also some simple things you can do to protect yourself and your device:
- Be careful about opening email on your mobile device. Don't open attachments that you aren't expecting or that come from people you don't know.
- Don't accept Bluetooth messages from unknown users.
- Remember to sync your PDA with your PC regularly so that you have a backup of your data in case you are attacked.
- Don't install applications on your phone or PDA unless they come from a source you are sure you can trust.
- Lock your mobile device with a password. In most cell phones there is a Settings option in the main menu with a Security/Password configuration under it. Check your mobile device manual for instructions on how to enable password protection.
- Encrypt sensitive information on your device. Programs like DataViz's Passwords Plus
and eWallet can help you encrypt your data.
References
- CTIA
- Is Your Phone Catching a Virus (Yahoo! Tech)
- Threats to PDAs (Symantec)
- Cell Phone Use (Pew Internet & American Life Project) PDF
- Mobile Phone Viruses: What Have We Learned? (TechNewsWorld)
- Portable Microbes (Smart Computing)
- Decoding Mobile Device Security (Computerworld)
Share your comments, feedback or questions about this article by sending an email to: help AT mysecurecyberspace DOT com
Print view
Email to a friend
Submit to Reddit
Save to del.icio.us
Submit to Digg.com
Stumble It!