MALICIOUS THREATS CELL PHONE MALWARE - HISTORY & DANGERS
Computer Viruses, Trojans, and other related Malware, designed with the clear objective of circumventing some levels of security, in real time, have been with the computing community since the mid nineteen eighties. In fact in their conceptual form they were documented by Fred Cohen, who demonstrated their potentials on the UNIX Operating System, work which was further progressed by Ralph Burger who wrote Computer Viruses – a High Tech Disease.
In their early incarnations, viruses tended to be very low in their numbers in the wild, and were mostly concerned with infecting Files, or Operating System Boot Sectors on Intel PC's. In fact in the mid eighties, when the considered potential dangers were presented to CESG (UK Government) it was commented that they [viruses] were considered to be just a passing nuisance! However, it was not long before the virus proliferation numbers increased, impacting Business Operations with infections like Cascade, Coffee Shop, and Joshie. Interestingly enough, one of the very first viral outbreaks to impact the UK MOD (Ministry of Defence) was actually the Cascade Virus, which caused the letters presented on the screen to cascade down to the lower section of the VDU – rather annoying. Out of this state of emerging insecurity saw the growth of the Anti-Virus Industry, and organisations like Norton, Shphos, and Dr Solomon's emerging as computing household names, provisioning end user, and business anti-virus solutions. Then came the advent of the Computer Worm, with its wider spread impact, followed by Polymorphic (self modifying code), and then smarter encapsulated methods of delivery intended to avoid detection of the deployed Anti-Virus Solutions, all getting very Cat-and-Mouse.
In the early days of the spread of viruses however, the intent of the originator was largely to boast their creativity with some very overt action by say displaying a message on the computer screen, generating sound, or in the case of some smarter, and more interesting viruses, inviting the user to play a game – if they won, they got to keep their Operating Systems intact, and in a working condition – if they lost their operational system was no more.
Today however the creators of Viruses, Trojans, and Malware have grown to be very business focused, and no longer send out their wares with the intent of simply announcing their presence. The objective now is to infiltrate the local secure logic of the device, embed or connect into some other form adverse code, and then to perform actions such as stealing information, or to say utilise the local resources of the infected systems – say by using its local hard drive to store information, or to use its Internet Connection to attack another computer or organisation! And all without the knowledge of the user/owner.
Today, the Computer Virus, Trojans, and Malware are well known vectors of attack, and in most homes, and businesses one tends to find some form of defence in the form of Commercial, or Free Anti-Virus solutions deployed to provision as level of protection.
Like all trends they tend to increase with the advancement of time, and technology, and in the case of the Computer Virus, Trojans and other Adverse Logic (AKA Malware) this is no different.
SPAM
The early days of SPAM, and the posed threat was again a case of history repeating itself. Around 2005, I raised and alerted the potential security issue of a new protocol, and conduit to support delivery of adverse and malicious content with a number of Government, and Industry focused bodies. The reception of this early warning information was a replication of the early day virus threats – SPAM was at that time concluded to be an annoyance, and was tolerated as something that just had to be dealt with as a nuisance factor! As we now accept, SPAM today is a major conduit and delivery channel to support the delivery of adverse objects ranging from Malware, Trojan Horses, and is a viable tool for utilisation to support the Hacking, and Criminal, and Organised Crime to generate Millions in revenue on an annual basis!
CELL PHONE MALWARE
Go into any Cell Phone Retail Outlet to buy a modern Cell Phone, and it soon becomes very obvious that is much more that a simple device on which the owner can make calls. The average device is now populated with a smart e-mail client, Office Applications, Widgets, Tools, High Capacity Storage, Download Centre, Update Manager, WiFi, Bluetooth, and 802.x Wireless Connectivity., not to mention the always on (area allowing) 3G, and Edge Connectivity, and VoIP – and to put the icing on the cake, all topped off with an Internet Browser.
The upshot here is that our Cell Phone is no longer the simple device which which we called business contacts, friends, and family, but now represents a Micro Hand Held Computer with processing, storage, and smart capabilities that far exceed the early incarnations of the first Desktop Systems running on 68000, and 16-bit 8086 processors. Without doubt, devices running on the latest Symbian, and Android Operating Systems are very smart, and technologically intelligent, and capable devices.
Working in the capacity of Academic Research, the issue of Cell Phone Security, and Threats were raised by Nottingham Trent School of Computing and Informatics as far back as 2005. However that observations of next generation of risk were again discussed at Conference in 2007, and 2009, and these new vectors of insecurity, and exposure were again considered not realistic. In fact in 2007, whilst presenting at a Conference in the East Midlands, it was the wide and considered opinion of some well known researchers that e-Crime was actually on the decline – and opinion which I contended at that time.
Cabir: So where are the real threats today? One of the first programs originated to target the HHMC was Cabir. In this case it was a produced as proof-of-concept Malware carrying no intended payload to cause adverse impact or damage to the target host. However, Cabir was made available on the Internet, and within approximately eight weeks it had been released into the wild, and spread to a global audience! In fact if one cares to look today, Cabir is available for download from multiple locations for free download – for whatever purpose.
So just what are the current levels of threats in relation to the Cell Phone? Well in basic terms it is a manifestation of the early threats posed at the Desktop PC. For instance, as they have access to a wide range of connectivity protocols, and can access the web, they are open to potentially the same (or similar) vectors of threat that are encountered at the desktop. Whilst the take up may be slow for on-line Banking, I am nevertheless aware of people who do do it. When working in public places, or travelling on WiFi enabled Public Transport such devices may connect to, and remember previously connected networks – thus with such configurations in place, by simply being in range, the device will hand-shake, and connect without any intervention by the owner! Added to this set of risks, there is the potential to socially engineer a target user to send him of her a link like:
Hi – long time no see. It was great meeting you last year at that Conference. I was really impressed with your background, and know the link below will be of interest:
With a little smart research, it can be easy to work out some basic facts about interests, event attended, and with a simple bit of Crafting, the attacker may then send out the hook – what is at the end of connection is of course very much down to the intent, and imagination of the sender – but one thing is for sure, connection could be bad for both you logical, and financial health.
Within the last 12 month period the criminal, and hacker interest, and for that matter research into the area of Cell Phone centric Malware has intensified, and is now considered by a growing number to be the next, and new vector of attack on personal, and business use of mobile assets. Consider the prospect of going to where the money is – Cached and stored credentials, notes, contacts information and possibly some locally stored business information assets, and Corporate IPR intelligence, all of which have an intrinsic value. It could also be that there is the core objective to infiltrate, and circumvent Cell Phone Security to install some form of Trojan object to gather, or use the devices personal space, connectivity, or whatever else the attackers has in mind – don't forget, as with the aforementioned cases of Viruses, and SPAM, just because it is not a high volume threat today should not be interpreted as something that may be discounted. In fact, this is now far from the case, where organisations like McAfee have written papers on the subject, with other Anti Malware Researchers such as Symantec, and Kerpersky Labs now developing, and making available Anti-Malware solutions for some derivatives of the Smart Cell Phone, or should I say HHMC (Hand Held Micro Computer).
CCONCLUSION
As with the outlined history of viral, and malicious threats, they have started small, and grown exponentially over time to present the current day threat the every computer user, and business alike potentially encounter each and every day at both home, and at work. With the advent of Cell Phone Malware, whilst these threats are in their early days, given proven mobile infection have been demonstrated to present threat to the device, then it may be assumed that the Criminal Fraternity, Hackers, and the Malicious will start to maximise exploitation to their own interest and end. In fact, according to the well respected Mikko Hyppoonen (F-Secure) there are now well over 300 types of Malware that have been crested for the HHMC, including Trojans, Worms, Spyware, and Viruses.
Where Cell Phone Anti-Malware is concerned, granted they is in its early incarnations, nevertheless it may be again concluded that, dependent on the users quest to achieve security, and to provision a reduction of risk to their HHMC, they may choose such a solution to provision such increased assurance.
The overall conclusion is, whilst these threats are currently at their bleeding edge, they should be expected to grow, and thus for business, and the end user of any such HHMC, no matter their Operating System upon which they reside, it is highly recommended that they at least remain tuned into any emerging threats.
