First major phone virus less than year away
Mobile operators have six to twelve months to prepare for a major phone computer virus because of the continued proliferation of Java-powered devices.
Link: First mobile phone virus on the loose
Trevor Brignall, director of business development of Capgemini’s telecom, media and entertainment practice believes that as the number of Java phones expands they will become a target for hackers.
‘Increasingly most of the phones coming out will carry Java and once it gets to over 150 million that’s an attractive target for hackers,’ he claimed.
‘Unlike computer viruses you can monitor networks to stop them but with a Bluetooth connection there’s no observable network. They also open the door to new styles of attack – like making the phones dial a premium rate number for example,’ he claimed.
But there are signs that the industry is already moving on the issue. In January telecoms and mobile software companies formed the Messaging Anti-Abuse Working Group (MAAWG). Its job is to examine the total security of mobile infrastructure.
‘Basically we need a three tier approach,’ said Johan Othelius, vice president at mobile application software house OpenWave, one of the founding members of MAAWG.
‘You must have protection at the network edge, then add in filters within the network to pick up unusual activity. Finally user devices should have a protection system internally.’
Eric Chu, director of J2mE business and marketing for Sun, told VNU News Centre that the company was confident over security.
‘According to [analyst] Ovum there 350 million Java handsets deployed and no problems yet,’ he said.
‘Any applications in Java are run within the sandbox so we’re confident that we are as secure as anything can be. Java itself runs on 100s of millions of PCs too and there’s never been a worm targeting those systems successfully.’
Andy Buss, senior mobile and security analyst added Canalys added: ‘Java was designed to be a safe system.’
Resources & Whitepapers
Accounting Software The power of customisation in accounting systems
‘It comes down to what users agree to allow onto their phones and that comes down to education.’
Buss said that many manufacturers keep dialling functions distinct from Java applications, so Brignall’s scenarios with a virus that dials premium rate numbers is unlikely.
‘But this type of design does limit phone functionality on some occasions,’ he said.