Handheld Security Threats: Mobile Devices
by Carl Bayer

Savvy hackers and virus writers are getting even more personal by attacking mobile phones and mobile devices.

As the former IT director at NACS, I was tasked with protecting the NACS computer systems from attacks by hackers and stopping the proliferation of computer viruses throughout our operating systems. At times, I felt as if I could not escape news about virus threats or companies shutting down their computer systems because of hackers stealing valuable and oftentimes sensitive information.

Today, these attacks still take place, but they have become much more difficult thanks to security and virus protection advancements. In fact, as security and virus protection evolves, hackers and virus writers look to other technologies to attack. One vulnerable area is the technologies I personally cannot live without: the mobile phone and mobile devices.

A New Security Hole
An article in Hacker Quarterly opened my eyes to just how significant the threat to mobile phones can be. (Don't get the wrong idea. I like to keep my enemies close.) The creation of smart phones and personal digital assistants, or PDAs, has opened a new security hole that most people completely ignore. Mobile phones can access the Internet and have Bluetooth communications that link phones with other devices. Smart phones have the processing capabilities of a small computer. However, unlike most of today's computers, these devices do not come with virus protection or built-in firewalls.

The first known mobile phone virus, the Cabir virus, showed up in 2004. The virus was innocuous and sat in the phone trying to replicate to other phones. Since that time, the number of viruses has grown exponentially, which can cause both hardware loss and financial loss.

The most common threat today is the viruses that target short message service (SMS) messages such as text messages. Such viruses propagate through SMS message attachments or are broadcast as a message to all Bluetooth devices in range. Once the attachment is activated, the phone will be infected. Once infected, the phone will start to send out SMS messages to all contacts in the phone, therefore increasing your bill with text-messaging charges. Applying what we have learned with e-mail messages, we see that the key to keeping a device free of viruses is to delete attachments from senders we do not know.

Bluetooth exploits are also a concern. Hackers can gain access to your device via the Bluetooth connection and steal information stored on your phone. In addition to stealing data, a hacker can use the commands of the device without the user knowing and therefore can listen in on phone calls, place calls or even send text messages. Bluetooth exploits are well known, so a user can keep the device fairly secure by having up-to-date firmware, patches and fixes.

Open Internet Connections
With the ability of smart phones to obtain an IP (Internet protocol) address, hackers can exploit another avenue of attack. The operating systems contain software flaws and security holes that will eventually get exploited on the open Internet connection on a mobile device. According to Hacker Quarterly, the first Java2 ME viruses started to appear in March 2006. It is only a matter of time before viruses propagate to mobile devices over IP. (To learn more about how cell phone viruses work, check out http://electronics.howstuffworks.com/cell-phone-virus.htm.)

Protect Yourself
Although nothing is 100 percent foolproof, there is hope for mobile devices and smart phones security. Some software companies offer antivirus protection and firewalls for mobile devices, and users should do their research on which applications will work best for them. Most mobile device viruses are coming as attachments, so by deleting the attachments, you can defend against viruses. You can protect against Bluetooth exploits by keeping Bluetooth turned off until you need it and never leave a Bluetooth device in discoverable mode.

As people pursue more connectivity, mobile devices are the next vulnerable devices for increased exposure to viruses and faster spreading of infections. By taking the necessary precautions, users can protect their mobile device from viruses and attacks.