Bibhu Ranjan Mishra & Kirtika Suneja in Bangalore
High-end devices become target of virus and malware writers.
Since malware authors are always out to make money and want the biggest bang for their buck, the number of attacks designed to exploit a certain device or platform is often directly related to the market share it commands.
With more than 600 million mobile subscribers, and mobile device sales in India forecast to reach 138.6 million in 2010 (according to Gartner), Indian mobile users have become the ideal target base for spammers, and virus and malware writers.
According to Quick Heal Technologies, provider of mobile anti-virus solutions, the most targeted operating system (OS) of mobile malwares is Symbian (found in most of the Nokia, Sony Ericsson and Samsung handsets), with over 95 per cent malwares being reported on Symbian OS.
“Smartphones are going to pose a greater security risk to corporations as these phones have access to corporate networks in real time just in the same manner as laptops. This presents hackers and cyber criminals with a wider opportunity to use smartphones to compromise corporate network and access sensitive data,” says Kailash Katkar, MD and CEO, Quick Heal Technologies.
The data loss a mobile virus can cause is as critical as a PC virus.
According to an internal study by Google, of about 600 million mobile phone users in India, around 25 million have paid for their data accounts while 55-65 million currently use the free data services provided by the wireless operator.
The number of users with data services is estimated to reach around 100 million by the end of this year.
There have been more than 300 Apple iPhone vulnerabilities to date and around a dozen on the Google’s Android platform. Symantec maintains that while there hasn’t been a massive surge in mobile security threats, the situation can change in near future.
As mobile apps (small programmes for devices), some of which are created by novice programmers using tools such as Google’s new App Inventor for Android, flood the market, security experts claim the security integrity of mobile devices could be affected.
In April, F-Secure Labs had reported about a malicious code inside a Windows mobile game that led to significant phone bills for users of Windows smartphones.
Mikko Hypponen, chief research officer at F-Secure, notes: A Russian malware author manipulated a game called 3D Anti-terrorist action, developed by a Beijing-based software company.
The malware author trojanised the game and uploaded it to several Windows Mobile freeware download sites.
The malicious code, in turn, initiates phone calls to international premium-rate numbers, without any action or intention by the user.
The case is similar to Cabir, a Symbian worm, which came in focus six years back, when it started spreading on handsets over Bluetooth, causing mobile phones to place long-distance calls.
SMSes, too, have been under attack. “SMS attacks or ‘Smishing’ is an attack that comes through an SMS onto a smartphone and is a mobile phone variant of a phishing attack. Much like a phishing attack, where an email is used to trick the user, in a smishing attack, it is a fraud SMS that is used as bait.
The SMS comes with a link, clicking on which causes the Trojan to be installed on the mobile phone,” explains Shantanu Ghosh, VP, India product operations, Symantec.
Quick Heal, which claims to have over 30 per cent market share in the Indian anti-virus market, recently launched a new anti-virus solution called PC2MobileScan that could scan and clean mobile phones and smartphones.
At present, Quick Heal’s PC2MobileScan supports more than 550 mobile phone models, including Sony Ericsson, Nokia, Samsung, LG, Panasonic, Motorola, H-P, HTC and Siemens.
Besides, security software makers like McAfee, F-Secure, Symantec, Trend Micro and Websense offer mobile security solutions that can quarantine viruses in real-time, besides on-demand scanning and auto-updating capabilities.
Venu Palakirti, country manager (India and Saarc), F-Secure underlines: “Even as virus writers increasingly target smartphones, too many people have smartphones with no security at all. People must understand that mobile security is just as critical as it is for desktops or laptops.”