Nancy
Hendrickson's
Clips
"One of the ridiculous aspects of being a poet is the huge gulf between how
seriously we take ourselves and how generally we are ignored by everybody else."
Billy
Collins
Trouble
May
Be
Calling
(Smart
Computing)
Computer
viruses,
once
the
bugaboo
only
of
unprotected
PCs,
have
found
a
new
breeding
ground
in
cell
phones
that
combine
PDA
(personal
digital
assistant)
functions
with
wireless
access
to
the
Internet.
Several manufacturers, including Kyocera, and Samsung have released
the hybrid devices which can make phone calls, manage appointments, and
even play a hot game of golf. One of them—the Nokia 7650—can even take your
picture!
The upside of the cell phone/PDA morph is consumer convenience—who
wouldn’t love carrying one less gadget. The downside is an open door to
the dark side of the ‘Net—computer viruses.
Mikko Hypponen, manager of anti-virus research at Finland-based F-Secure,
says “The dangers of cell phone viruses are almost identical to the ones
on typical Windows desktop systems today, with the added catch that if the
malicious program is capable of making phone calls it can either generate
costs to the infected user, income to the author of malware, or both.”
The threat to the new cell phones—many of which incorporate the Palm
Operating System—is due in part to their ability to download third party
software, and to receive e-mail attachments. And, as phones become more
sophisticated—meaning more computer-like—the more inviting a target they
are to virus attacks.
If you own a cell phone/PDA hybrid, should you be worried about nasty
critters lurking inside? Maybe. We take a look at the potential
dangers, current problems, and how you can stay protected.
Malware
Malware—or malicious software—are programs designed to do something
on your machine that you don’t know about and don’t authorize. Types of
malware include viruses and Trojans (also known as Trojan horses).
A virus is a file which can attach itself to other files, and repeatedly
replicate itself. Some viruses bury themselves in a computer’s memory and
infect files as the computer opens them. Others attach themselves to files,
and execute every time the infected file executes. A common virus is one
that attaches itself to a word processes sing document, then sends itself
as an e-mail attachment to everyone in your address book.
Trojans are a type of malware that pretend to be something they aren’t.
For instance, you could download software which appears to be a datebook
but once launched it would begin deleting files. Technically, Trojans
are not viruses because they do not replicate. Another example of a Trojan
is a program that will dial up your network password information and send
it to a preconfigured address using TCP/IP over the Internet.
The majority of the hybrid phones use a modified version of the Palm
Operating System, so any Palm-based virus could be downloaded onto your
phone. However, to date, only a handful of Palm OS malware has been
detected. And, for the most part, Palm malware has been more of an annoyance
than a true system-crashing virus experienced by desktop users.
One of the first Trojans for the Palm was Liberty-A, also known as
Liberty Crack. Liberty was distributed in the warez (pirated software)
community as an application which would emulate a Nintendo Gameboy on a
Palm OS PDA. However, once launched, Liberty attempted to delete all of
the user’s PDA programs. The Trojan was transmitted from host computers
during a HotSync operation, however it could also be transmitted via an
infra-red beam, or sent as an e-mail attachment over a wireless network.
A second Trojan was discovered shortly after Liberty, and was called
Vapor. When Vapor was run, all third party application icons appeared to
disappear, as if they had been deleted.
The first true Palm virus, Phage, was discovered by McAfee AVERT (Anti-Virus
Emergency Response Team) in September 2000. Phage’s origin was an IRC chat
room. When the user attempted to launch an infected application, their
PDA screen would fill with a dark gray box pattern, and the program would
terminate. Phage was a true virus, in that it replicated itself repeatedly,
and infected all third-party applications on the PDA.
McAfee considered Phage, Vapor and Liberty to be low risk because
they are not easily spread, and virus attackers want to infect as
many machines as possible. However, as more cell phones incorporate PDA
features, the number of potential targets increases.
The Rain in Spain
The first malware to threaten cell phones was the Timofonica worm,
created as a politically-based attack against Spain’s leading telecommunications
company, Telefonica.
Timofonica (timo is Spanish for ‘prank’) was introduced via a desktop
system, and used Microsoft Outlook to send itself to all addresses stored
in the Address Book. For each infected message it sent, it also sent a
message to a randomly generated telephone number at the Spanish cell phone
operator’s Web site. That site then sent the infected messages to cell
phones, with a text message which criticized Telefonica’s monopoly in the
telecommunication industry.
Although the attack was benign in nature, industry analysts took notice
because it signaled the fact that virus writers were turning their attention
to mobile phones.
Although Timofonica was little more than a nuisance, spam e-mails
can financially impact a phone user. Nagaraja Srivatsan, Senior Vice President,
Client Solutions Group, Silverline Technologies says "Viruses in
the wireless space are mainly spams - namely information that was not solicited
but delivered. The problem in the United States is that, because users
pay for incoming calls, the virus hits them right in the wallet.”
Unfortunately, the next virus to target mobile phones wasn’t so benign.
DoCoMo and the 110 Headache
In the summer of 2001, Internet-connected phones in Japan started
calling 110—the Japanese equivalent of the 911 emergency number.
The phones all belonged to the DoCoMo company’s i-mode service, which
is an always-on service delivered over a mobile phone. The service allows
users to wirelessly access e-mail, Web sites and other ‘Net services.
i-mode is one of the world's most successful services offering wireless
web browsing and e-mail from mobile phones in Japan. In all, over 13,000,000
mobile phones were susceptible to the programming code.
DoCoMo’s problem was caused by an e-mail message that contained a
line of code which directed the phones’ software to dial 110 if the user
opened their e-mail. DoCoMo acknowledged that a security hole in the phone’s
software allowed a programmer to create a string of code that would control
the phone’s ‘call’ and ‘mail’ functions. Worse yet, the code was embedded
into the text of an e-mail, and not as part of an e-mail attachment.
This was the second occurrence of a malicious e-mail directing the
i-mode phones to call 110. In fact, there were so many fake emergency calls,
the Japanese Police Agency warned DoCoMo to improve the security of their
phone’s software. As a result, all new phones sold after July 2001, contain
more secure software.
Security concerns have grown, particularly since the announcement
in December 2001, of the expansion of i-mode services in the Netherlands
and Germany.
Vincent Weafer, Senior Director of Symantec Security Response, said
the United States needs to “look toward Japan and the Java-enabled i-mode
phones, which are a generation ahead of U.S. phones, to see the potential
for malicious threats.”
Attacking the Infrastructure
Most experts agree that while malware and malicious e-mail codes are
problematic, they are minor dangers compared to the ability of infected
cell phones to pave the way for an attack on an enterprise system which
the phone can access.
Weafer notes that while viruses can spread on the phones themselves,
an attacker is more likely to want to get inside an enterprise infrastructure.
To do this, they can write a replicating virus for the cell phone OS,
in hopes that the phone can connect inside an organization’s system.
Weafer believes one of the big stories in the coming year will be
how businesses are beginning to manage and protect against PDAs
and PDA/cell phone hybrids that can connect into the infrastructure. “Most
likely they will install a gateway system to scan for problems coming out
of these devices, as well a putting protection on the devices themselves,”
he said.
Dr. Avi Rubin, a Principal Researcher at AT&T Labs, added
that the Palm architecture doesn’t have the same level of built-in security
as a desktop system. And, once a Trojan gets onto a phone, and the phone
can connect to a business infrastructure, the possibility of denial of
service attacks—just like those seen with desktops—will then be possible.
“As more features are added to the phones, the problem to worry about
is programmability from the Web. Let’s say a service provider gives the
user the option of going into their Web browser and changing their call
forwarding settings on their phone. In that case, you’ve set up the possibility
of a massive denial of service attack. Because once someone can program
another person’s phone from the Web, they can launch an automated attack
that would get cell phones to all forward to one particular place, and that
could bring down a cellular network.”
“The general rule of thumb,” he says, “is the more functionality is
added to the phones, and the more they start to act like computers on
the Internet, the more dangerous they become.”
Experts agree, however, that the potential of denial of service attacks,
or bringing down an entire network is better done through the infrastructure
than from the phones themselves. But, of course, the phones can be the
virus carriers that infect the infrastructure.
What’s a Consumer to Do?
First, don’t panic.
Cell phone viruses do pose a threat to consumers, very similar to
the viruses that already exist for handheld devices. The most immediate
threat is from malware that already exists, like Phage or Vapor. The level
of damage they can do is low, although they do have a high annoyance factor.
Experts believe one of the most immediate dangers—with far wider consequences
than Phage or Vapor—is a Trojan which can steal data from your hybrid
phone. This can include personal and business phone numbers, passwords,
and both street and e-mail addresses.
As the importance of information stored on the phone goes up, so does
the need to add more and more security. “First and foremost,” says Weafer,
“use encryption software to encode sensitive data.”
Another threat that can originate from a Trojan is software which
lets a hacker gain access to your cell phone account. The most obvious
consequence is someone using your cell phone to make unauthorized calls.
A worse scenario occurs if a hacker wrote a code that programmed cell
phones flood a business with calls which would then tie up their phone
lines.
A higher level threat comes if you unknowingly introduce a lethal
virus from your phone into an enterprise infrastructure. This is the level
of threat that experts worry about the most because it can cause the most
damage. “Hackers want to get inside an enterprise,” says Weafer,
“and most likely these phones will serve as a vector of delivery.”
What can you do to protect yourself?
Fortunately, the leading developers of anti-virus software like McAfee
and Symantec are working on solutions for managing potential threats. Software
companies have begun creating anti-virus programs for service providers.
The software will allow wireless-related companies to prevent viruses from
being sent to their users.
In addition, anti-virus software has been developed which will scan
for viruses being downloaded onto a hybrid phone. Lisa Smith, Senior Product
Manager for McAfee’s Consumer Anti-Virus Products, says their software
includes PDA-level scans. During the installation of the McAfee product,
if the Palm Desktop software is detected, extra software is automatically
installed which scans during HotSync’s.
The McAfee software also scans “both ways”, meaning it checks for
viruses on anything going down into the device, and anything coming back
up from the device. The “up direction” scan keeps any virus that may have
been transmitted via a wireless Web connection or an infra-red beam from
getting into your desktop system.
Virus Prevention Tips
o Don’t open any e-mail attachments from unknown
sources.
o It’s possible that a friend’s device has a virus
and they are unknowingly sending it to everyone in their Address Book.
So, don’t open e-mail attachments unless you know what it is, even if you
know and trust the sender
o Install virus software and regularly update virus
definitions. Over 500 viruses are discovered each month, so have the latest
protection.
o Back up your files regularly.
o Include the file extension .prc to be automatically
scanned.
o Be cautious about downloading files from the Internet.
Make certain your virus checking software is configured to automatically
scan downloaded files for viruses.
o If you detect a virus on your phone, make sure
you delete the *.prc file from your Palm backup folder so it isn’t re-synched
onto your phone.
o Make sure your wireless phone company or Internet
service provider has anti-virus programs.
o Purchase encryption software to protect sensitive
data.
In the next few years, more hybrid phones will come onto the market,
and, according to the Wireless Application Protocol (WAP) Forum, by 2003,
75 percent of them will be Internet enabled.
Experts predict that the biggest area of virus concern will be in
the area of wireless networking. However, if you use common sense about
what your downloads, and install and use updated anti-virus software, you
won’t have to worry about an invasion of the nasties.
|
