New Security Threats Target Cell Phones, Mobile Devices

A new breed of security threat is taking shape, targeting cell phones and other mobile devices. Though these viruses and hacker attacks are still in their infancy, solution providers and vendors alike predicted that the threats quickly could become bigger, bolder and badder than anything the industry has seen so far.

"When you consider that there are more cell phones than computers in today's environment, you stop to think about the impact a cell phone virus could have," said Fredrik Lindstrom, senior security consultant at Computing System Innovations, a solution provider in Orlando, Fla. "This really could become a major problem."

Already, solution providers are worried. The world's first mobile phone virus spread to the United States from its birthplace in the Philippines last month. The Cabir virus has been found in about 15 variations so far. It spreads through the Bluetooth wireless technology and drains the batteries of infected phones.

Other security threats are also surfacing. Some experts said that when hackers broke into socialite Paris Hilton's T-Mobile Sidekick device and stole phone numbers and e-mail addresses last month, they did so through a form of spyware created specifically for mobile devices

In November, another virus aimed at sophisticated mobile phones, known as Skulls, was sent to security firms as a so-called "proof of concept" to alert them of the virus writer's capability.

"It's not whether the vulnerability comes. That's absolutely happening. The question is, whose responsibility is it?" said Kevin McDonald, vice president of Alvaka Networks, Huntington Beach, Calif. "Now are we saying that when I buy a phone from Verizon, I have to make sure it's protected [from viruses]?"

Solution providers said mobile carriers need to take a lead role to fix and prevent cell phone security issues. In addition to threats from viruses, cell phones and other devices such as Research In Motion's BlackBerry represent a major security risk for customers on a more basic level, because they are rarely password-protected, even though they house a tremendous amount of data, he said.

While cell phone security in and of itself might not be a huge money-maker for managed service provider Alvaka, as a trusted advisor to its customers, the company is educating businesses about the risks, McDonald said.

David Aminzade, manager of wireless and broadband at Check Point Software Technologies, Redwood City, Calif., said that as smartphones standardize on the same operating system and virus writers get more sophisticated, the number of threats to the cellular environment will only increase.

"Because [cell phone] technology hands over calls from cell to cell, there are a number of points where a virus can attack," he said. "This is probably not something that's going to blow the world apart in 2005, but it definitely could become a bigger problem in the months ahead."

The risks also will multiply as customers use cell phones as full-blown data devices, accessing contacts, sending e-mails and monitoring video surveillance, solution providers said.

Products in Check Point's Safe@Office line incorporate a feature that can be used on the customer side as a cellular firewall, Aminzade said. Last year, the company released a product for protecting the infrastructure of mobile operators' networks from the carrier side: the Check Point FireWall-1 GX. Other vendors offer solutions that handle cellular threats, too. Earlier this month, Trend Micro, Cupertino, Calif., unveiled Trend Micro Mobile Security 2.0, a software solution with enhanced antivirus and anti-spam protection for data-centric wireless mobile devices such as smartphones.

Intrusion-prevention technologies, such as the products 3Com recently picked up through its acquisition of TippingPoint, also will be a key part of customers' defense against threats from mobile devices, said Gaby Batshoun, president and CEO of Global Business Solutions, Newport, Ky. "The ability to quarantine devices that are infected or have the potential to be infected—that will be a solution," he said. "You can't leave anything open because you don't know who's going to bring a threat to your company."

JENNIFER HAGENDORF FOLLETT contributed to this story.