|
Expert
View
March 6, 2006
Are viruses attacking your mobile?
NEW DELHI -- For over a decade, SmartTrust has repeatedly demonstrated its ability to understand the technical and business challenges within today's mobile markets. The company's SmartCore environment allows mobile operators to build comprehensive solutions that meet their particular business requirements. These solutions are implemented over a single highly integrated platform thus inter-working with each other to deliver seamless functionality and services to the subscribers.
Convergence Plus recently spoke to Tim Deluca Smith, communications manager, SmartTrust, on the trend of hacking and viruses on mobile phones in India. Excerpts from the interview.
Convergence Plus: Are hacking and viruses on mobile phones becoming a trend in India?
Tim Deluca Smith: You have to look at the issue of mobile viruses with a certain amount of perspective. There have been several instances of viruses that self propagated and passed between handsets. It is still not considered a mass-market threat. Considering millions of handsets in circulation, the problem is still confined to a small group. Mobile incarnations of viruses, spam and spyware are akin to human viruses; they too need close proximity to replicate, usually via a Bluetooth connection. However, according to industry experts, it is just a waiting game before we see more sophisticated attacks and distribution mechanisms.
CP: Is it correct to say that with IrDA, Blue tooth, and wireless connections, we invite viruses/hackers to mobile phones?
TDS: The mobile phone is fast becoming the holy grail of computing - a truly converged device that allows communication over voice and data channels, access several network channels (from GSM to Wi-Fi) while offering entertainment through games, music and video. A mobile handset's importance to our daily lives, coupled with its possible use as a payment channel, will be a strong temptation for virus writers. Aspects of the technology such as Bluetooth and removable storage cards act as gateways through which a virus could potentially enter a handset's operating system. Hence, more gateways, more risk.
CP: What kind of precautions can one take against such attacks?
TDS: In addition to malicious code, we are likely to see denial of service and system unavailability attacks. Other possible threats include Trojan horses in games and other applications resulting in false billing, disclosure of confidential information and corrupted data. Similar applications can also be used for eavesdropping and unauthorised access to corporate networks. The most worrying malware scenarios come, of course, through organised parties. In the PC world, spam and online crime are behind most of the largest outbreaks.
The same may be replicated in the mobile world. It is a credible scenario that mobile spammers will spread viruses to infect large amounts of handsets. Discreetly sending spam SMS and MMS to all the numbers in the phonebook, the consumer would only realise the damage after seeing the monthly bill. In fact, such scenarios are not as far fetched as some may think. NTT DoCoMo, Japan's largest mobile-phone provider, recently received complaints from customers who were being sent messages that froze their screens and automatically dialed 110, the hot line to the Japanese police service.
CP: Is personal firewall function an effective defense?
TDS: With regards to defense, the first question most people ask is...Whose responsibility is it to protect the mobile consumer? Will we have to purchase our own protection from third-party anti-virus vendors and, if so, will consumers be willing to part with their hard-earned money? Not likely, thinks John Pescatore, an analyst with Gartner, who recently stated that by 2006, all wireless service providers should be required to offer over-the-air malware protection.
This is the most likely outcome and the scenario most akin to the desktop environment where most new PC come bundled with base-level virus protection on a trial basis. In the mobile world it is likely that new handsets issued by operators will also carry similar preventative software. Traditional anti-virus software providers have diversified to include mobile viruses in their portfolio. However, after embedding the software at the point of handset manufacture, they have no way of updating the protection with new patches required to combat new threats.
This is where companies such as SmartTrust enter the picture. By leveraging an OTA (over-the-air) platform such as SmartTrust's, new settings and patches can be pushed out to the handset (when in the hands of the subscriber) for installation. Many mobile operators already use OTA platforms to remotely manage their subscribers' handsets. New settings, software patches and applications can easily be pushed to the handset and installed. This allows the operator to ensure that a handset is functioning correctly, and is able to access the latest services. The same channel is undoubtedly the most appropriate means of keeping mobile devices updated with the latest anti-virus patches.
CP: Which issues need to be tracked to prevent mobile data thefts in the near future?
TDS: Many of the traditional anti-virus vendors are already looking at leveraging operators' existing OTA platforms to maintain preloaded software and deliver new patches when new threats are identified. However, the answer is not always as simple as it first seems. The nature of mobile ownership is changing fast. In Europe and Asia, a growing number of subscribers are acquiring their handsets from third-party sources and not from official operator-owned retain outlets. These handsets, passed between friends and family, purchased via the Internet or simply churned between networks, are often unknown to the operator when they first enter the network.
Being unknown, the operator has no way of detecting existing virus protection or possible threat that device may bring to network and customers. The recently announced partnership between established anti-virus player F-Secure and SmartTrust offers a glimpse at how such problems are being overcome. SmartTrust's OTA platform, already installed across nearly 200 mobile networks worldwide, can allow the operator to automatically detect new device's entering the network, assess their capabilities and scan for existing capabilities. Integrating the platform with F-Secure's mobile anti virus capabilities will enable the operator to guarantee protection across any device registering on its network, scanning its existing protection and updating it as necessary.
Many industry analysts agree that a large-scale virus outbreak is some months away, with corporates initially most at risk. There are, according to Pescatore, two main factors required before viruses and worms wreak havoc. Firstly, feature-rich handsets and smart phones will have to represent at least 30 percent of all devices (the central processing units in the typical mobile phone are only about as sophisticated as those in personal computers five or six years ago.) Secondly, that those users become regular users of applications such as email where executable files are freely exchanged. There are further factors, such as the interchanging of removable storage media that will accelerate the problem.
Once we reach this stage, which seems likely in the timeframe the analyst community predicts, the conditions will become receptive for the propagation for viruses and worms. It is of little surprise that many of the world's largest mobile operators are currently considering their options and the deployment of network and handset based anti-virus solutions. The steady rollout of next generation, 3G services opens up the possibility of faster download speeds and Internet connections. Operators are, of course, keen for their customers to use such high-margin services - downloading music, video and games direct to their phones.
Expensive license costs make 3G a make-or-break service for many in the industry and a rash of viruses might turn users off, not to mention the damage to the operator brand. There is a careful balancing act to be done. Whilst quite rightly not wishing to pander to market hype and cause unnecessary consumer panic, operators realise that they can't rest on their laurels. Remember the old days of the Internet? People only installed anti-virus software after they had been infected. Well, there are more mobiles in the world than PCs and the 'always-on' lines of communication between them faster and more numerous than ever before. That's food for thought.
Contact:
SmartTrust
www.smarttrust.com
|