When Hackers Go Mobile
A newly-created Trojan virus, Comm Warrior, had been charging mobile phone users $5 to send a message they didn't request, before the virus was identified by mobile security product firm F-Secure, based in Helsinki. The program was originally a lighthearted "proof-of-concept attack" sent by the company's engineers to test a system's capabilities, but in the end, became retooled by hackers to rip off mobile phone users.
"The Trojan gets your phone to send an SMS to a premium-rate number and then sends an authority (code) that they can charge you without you knowing about it," says F-Secure manager Richard Hales.
F-Secure says that those using Bluetooth software, which allows phones and other devices to automatically interact, are open to attack whenever they use unsecured Bluetooth connections.
Mobile viruses are still in their infancy, but as more mobile devices flood the market -- the ubiquitous BlackBerry being perhaps the most prominent -- hackers are expected to turn their attention in this direction. To date, the most famous mobile virus is Cabir. This virus originated in the Philippines in 2004 and has infected Bluetooth-enabled mobile phones and some other devices running the Symbian operating system, common in many cell phones. Cabir replicates itself over Bluetooth connections and arrives to a phone messaging inbox as a file named caribe.sis, which contains the virus.
When a user clicks on caribe.sis and chooses to install the Caribe.sis file, the virus activates and starts looking for new devices to infect over Bluetooth. When Cabir finds another Bluetooth device, it starts sending infected SIS files to it, too.
Mikko Hypponen, director of anti-virus research for F-Secure, has been tracking the spread of Cabir in some 30 countries worldwide, including the United States. "We've now seen the first medium-scale internal infection of a company that was caused by a mobile virus," he says. "We were working on a case where a single company had a serious run-in with the Commwarrior.B virus. Several dozen employees of the company received Bluetooth or MMS transmission of the virus during the day-long outbreak, and over 20 of them actually opened the message on their phones and got infected with it."
Such an incident can affect the operation of any company by causing mobile users to lose connectivity, thereby impacting productivity, especially for workers in the field or on the road. Such incidents highlight the importance of writing clear guidelines on Bluetooth and MMS operation for corporate use, so that devices are not constantly open to threats. Bluetooth recommends that mobile users who discover that their phones are vulnerable to hackers gaining access to data or commends should contact the phone's manufacturer to see about a software patch. In addition, the company recommends that wireless users turn their device to the non-discoverable mode when not using Bluetooth or when in unfamiliar areas. The company also discourages "pairing" with unknown devices.
Other ways mobile devices can be infected outside of Bluetooth use are through use of a memory card with a virus, a download via a custom ring tone or game, or via a Multimedia Message Service (MMS) virus such as Commwarrior. Unlike the Bluetooth-based Cabir, which requires victims to be within range (usually measured in feet), you don't have to be near a smart phone to be infected by Commwarrior. An infected phone can send it to anyone in the world.
F-Secure, McAfee, and Symantec have partnered with Nokia and other smart-phone manufacturers to provide pre-installed protection. However, the rule of thumb is that someone should never open an attachment sent by a stranger over your Bluetooth, no matter how many times it requests such action. If a phone becomes infected, it should be turned off your phone and the virus killed using software available from most cell phone providers.