Handheld hazards: The rise of malware on mobile devices

Abstract

A quarter of the population of this planet now use mobile phones. In addition, phones are becoming more complicated with more advanced processing capabilities. In effect, they are looking more like PCs. So far phones have not faced the security onslaught undergone by their desktop counterparts. But mobile malware is definitely becoming more feasible. Malware needs a critical mass of potential victims. It also needs functionality to disrupt. Mobile phones can now satisfy these needs. The most prominent strike has been Cabir, which hit Symbian systems and relied on Bluetooth. This worm was held back, however, due to the geographic limitations of Bluetooth reach. Another more sophisticated piece of malicious code, dubbed Commwarrior, looked much more like the massmailers we see affecting desktops. It used the Multimedia Messaging Service (MMS) to spread and selected names from the phonebook to target. The market for mobile devices such as phones and personal digital assistants (PDAs) has grown phenomenally in recent years, with usage of the former more than doubling since 2000. Although slower growth is expected in the future, mobile phone ownership has already reached 1.5 billion users - which represents a quarter of the population on the planet (as well as more than twice the user population of the Internet) 1 . However, it is not only the number of devices that has increased. The processing capabilities are also significantly more advanced than those of the past, and the emergence of smartphones has served to combine the traditional telephony functionality with more comprehensive data-oriented facilities. Of course, mobile phones have had the capability to handle data calls since the arrival of GSM and other second generation standards. However, more recent years have witnessed faster data connections, as well as the ability to download content (such as ring tones, pictures and executable code) that was not built into the device when it left the factory. With the opening of such routes into the devices, and with their processing capabilities now more comparable to the desktop PCs of a few years ago, a key question is whether they will now come to share another similarity with the PC, and become the target of viruses, worms and other malware programs.