Mobile viruses “years away”


5 Oct 2005

Viruses that affect mobile phones exist but are years away from becoming a widespread threat, a security expert has said.

David Emm, senior technology consultant with the Russian security software company Kaspersky Lab, said: “We’re not in an era yet where we say to people ‘watch out when you use your mobile’. The threats in the last 12 months have been proof-of-concept; there isn’t a mass market in mobile malware.”

However, he said this was the perfect opportunity for businesses to consider how mobile devices are deployed and used within their organisations and to see how they should tailor their security policies accordingly. “Think about it before it becomes a pressing problem,” he urged.

Many people are still using mobiles with relatively basic functions and these are not affected by the likes of the Cabir virus, which first appeared last year and was written specifically to infect certain mobile handsets. However, fully featured smart phones, which could be more vulnerable, are becoming more widely available. Recent research from Canalys showed the growth rates for smart phones far outstripping those of traditional phones – albeit from a smaller base. These devices are now available to consumers who upgrade their phones to newer models, even though they may not have been specifically looking to buy smart phones.

From a technical point of view, these devices could potentially be affected by many of the security problems now common to PCs. “There’s nothing you can’t do with a smart phone that you can with a laptop,” said Emm. “A converged phone could be used to deliver spam or launch a denial of service attack. There’s even the potential for a Trojan horse program to steal information if for example you’re visiting a banking website via the phone.”

Although all of those events are possible, Emm said there is “no way” to put a date on when they might become widespread. Many in the IT security sector are hotly debating whether mobile viruses and other forms of malware are serious threats or simply industry hype.

“We’ve seen viruses and worms hit a device and look to spread on another, but we haven’t seen them in a widespread way and won’t see them for at least a couple of years,” Emm told siliconrepublic.com. “But I don’t think it’s imprudent to talk about them. I would say to businesses, this is coming and now is the time to look at how it could affect you.”

By Gordon Smith