Cell security, defying even duct tape
"The proliferation of mobile devices provides a number of new entry points for hackers to gain access to private, corporate and even government networks," said Tony Cooper of Deloitte in an interview in Information Week, where he noted that cellphones significantly outnumber PCs. "As the latest mobile-phone virus attack proves, it's no longer a question of if, but when."
Tony was referring to a version of the Cabir virus that turned up in two Nokia 6600s on display in a store in Santa Monica. The infestation is believed to be the first sighting in the United States of a virus that previously had been spotted in the UK, China and at least eight other countries.
Early versions of Cabir mischievously drained phone batteries. Later variants now target phones with the Symbian and Microsoft operating systems, destroying files and forcing handsets to dial premium numbers.
While the cellular industry has been focused on fancier, multi-purpose phones; building market share, and developing faster networks, it largely has overlooked the seemingly obvious problem of data security.
The next-generation EDGE (Enhanced Data Rates for Global Evolution) cellular platform can deliver data three times faster than a state-of-the-art GSM/GPRS network. But EDGE systems have several security holes, including unauthenticated base stations and no native support for encryption capabilities, according to SC Magazine. Although it is possible to secure mobile transmissions with 64-128 bit encryption, the slow transmission rate will gum up downloads.
Beyond Cabir, the Symbian and Microsoft operating systems are susceptible to such malware as Skull Trojan, Mosquito Trojan, Brador Trojan, Lasco Worm and several more. Doubtless, the list will continue to grow.
Augmented with web, music and video capabilities, cell phones in the future have the potential to become the medium of choice for instantaneous and individualized entertainment and information. But content creators won't turn loose their wares on a leaky network.
Insecure cellular networks also will kill the idea of loading credit card and other valuable information on cell phones to enable instant commerce.
Solve the security problems, and there is a lot of money to be made. Seems like the guys writing the viruses ought to wise up and switch sides.