Mobile malware, should we be worried?

GLOBAL – There’s been lots of talk of criminals targeting mobile phone users with malware recently in the news (here, here and here, for example), so it’s something that we should all be aware of. But how does malware work, why do people target you with it, and how does it get onto your smartphone? Let’s find out.

Malware – or malicious software – was originally created by programmers for the purposes of creating havoc, but over the years criminals have increasingly used it to turn a profit. Malware installed on a computer can turn an ordinary home PC into a zombie computer, sending hundreds of thousands of spam emails to people all over the world, without you realising, or could even see your computer playing a part in distributed denial of service attacks (DDoS).

So malware only affects desktop and laptop computers, right? Unfortunately not. The first mobile phone virus appeared in 2004 when a company named Ojam created the game Mosquito, which sent a text message to the company without the user’s knowledge, costing them money in the process. Several weeks later, computer hobbyists created a proof-of-concept virus named Cabir that constantly sent itself to anybody within a 10 metre range using Bluetooth. However, it would only be installed if the other person accepted the installation.

Although sending Bluetooth files is annoying as it eats up your battery life, the arrival of Commwarrior-A in 2005 saw a new wave of attacks that cost people money. It would replicate by sending itself using the Multimedia Messaging Service (MMS) to your entire phonebook, and then again from the recipients’ phones and so on.

Here’s a video from AVG showing a number of people explaining the evolution of malware and the threats:

While this is all old news, Cisco has recently released the Cisco® Annual Security Report, collecting threat information and trends between January and December 2010, then offering some insight into the next 12 months.

What they’ve noticed is the trend for criminals to target mobile users has risen, stating that in 2009 the Zitmo trojan had been found in the wild which captures the information sent between your phone and your bank via SMS, using the information for their financial gain.

Security software vendor Symantec agrees, remarking upon the growing attractiveness of mobile devices to cybercriminals in its April Internet Security Threat Report. It notes that, as it becomes more likely that credit card information might be stored on mobile phones, for use with online shopping apps or wireless payments, so thieves have become increasingly interested in testing their vulnerabilities.

Google recently found some apps in its Apps Marketplace that had the DroidDream malware hidden within them, prompting the removal of the more that 50 offending apps. Several pieces of malware have also been found on iPhones, but these were only on jailbroken devices where security had been knowingly compromised by their owners. Variants of the ZeuS virus targeting Blackberry, Symbian and Windows Mobile devices have been spotted. It seems that no-one is immune. So should we be worried?

Looking forward, Cisco suggests that the Android and iOS operating systems are likely to be the biggest mobile targets for the year ahead, but while Nokia prides itself on the security features on its devices and Symbian isn’t viewed as a prime target, we shouldn’t just forget about the risks. Here are some steps we can take to ensure we play it safe and don’t make it easy for the would-be thieves:

Don’t use modified/hacked software.
Make regular and multiple backups.
Download apps or games from official channels.
Enable your phone’s security settings – such as the security code – to stop people getting hold of your phone and installing dodgy software.
Don’t accept Bluetooth connections from anybody you don’t know. Be cautious even if you do know them – their “hilarious” new app might turn out to be anything but.
Turn off the Bluetooth on your phone if you’re not using it.
Only log onto trustworthy websites when using your mobile phone for Internet browsing.
Be wary of logging into public WiFi hotspots unless you can verify that they’re legitimate with the owners.

These tips ought to be familiar to anyone who’s used a computer. Now that our smartphones are just as powerful as the desktops we used only a few years ago, the same standard precautions need to be taken.

Although this is a threat that may be growing, we’d just like to add that malware threats remain a rare occurrence at present: if you follow the tips above, then you’re very unlikely to get caught out. Ovi Store has some apps to protect you from malware such as the five security apps we showed you last month, so check that out if you’re worried.

image credit: Nils Geylen.

Related stories