Wireless phones bigger target in next two years

As cell phones and handhelds add Web functions, they'll also become more attractive to virus writers.

This Content Component encountered an error

The first big virus to strike wireless phones and handheld computers was Phage four years ago. Since then, hackers have saved their most malicious handiwork for personal computers and company networks.

Mobile technology experts say the reason is simple: A lot more people depend on the PCs and company systems to cruise the Internet and exchange e-mail, making them easier, more tempting targets. Most people may have cell phones, but the fancier models with e-mail and Web access are not yet enjoyed by a majority of the population.

That'll change in the next couple of years as wireless phones and palm-sized computers with Web and e-mail access become more affordable and available, so IT vendors and security firms better start thinking about how to broaden their defenses, experts say.

"Technology is moving so fast that the pathways for infection outstrip our protection," said David Juitt, chief technology officer of wireless gateway provider Bluesocket of Burlington, Mass. "What's changed over the last two years is that you have all this interoperability of technology. It's a dangerous kind of computing where it's going to get easier for the bad guys" to infect handheld devices and the bigger company networks in the process.

Live editorial Webcast:
"New developments in wireless LAN access control"

Users love it, road warriors demand it, and enterprises are installing it! We're talking wireless LANs, popular with everyone except the beleaguered IT security manager. IT departments have been scrambling to keep their networks safe from crackers, war drivers and rogue access points. However, strategies for securing wireless LANs could be about to change with this year's release of the new IEEE802.11i security standard. In this live webcast on Tuesday, June 8 at noon EDT, guest speaker Jon Edney explains why IEEE802.11i is significant and how it can change the face of enterprise wireless security solutions.

>> Pre-register for this webcast

Matias Impivaara, business manager for mobile security services at Helsinki, Finland-based F-Secure, agreed.

"You need enough volume to make it an interesting target, but with the more advanced cell phones and Palm Pilots, there's not enough volume yet," Impivaara said. "But we know there are people trying to find holes. Even if they've found the holes, they may simply be testing and finalizing malware for wireless devices. With cheaper wireless phones and handheld computers becoming more common, we have to start thinking ahead."

Impivaara added it's going to take time to build up the security infrastructure for wireless technology, and that this is the time for vendors and hardware companies to decide how they're going to respond to future threats so plans are in place "when the first calls start coming in."

"If you start investing in solutions now, you'll have less of a problem later," he said.

Dan Nadir, vice president for product management at e-mail management firm FrontBridge Technologies Inc. of Marina Del Rey, Calif., said analysts estimate that 62% of large U.S. corporations will deploy mobile wireless devices over the next two years, and that 79% of those companies cite e-mail as the driving force. While cell phones aren't getting strangled by worms and viruses the way larger computer systems are, he said wireless users are starting to see more spam -- not much overall, but enough that companies ought to be broadening defenses.

"Spammer techniques rely on a lot of HTML and graphics that you can't apply to plaintext messages, so problems are more limited right now," Nadir said. "But it's only a matter of time" before the level of sophistication on wireless phone monitors becomes such that spam and other attacks will be easier to mount.

While he expects more attacks on wireless devices in the future, Nadir is optimistic there will be better ways to identify spoofed e-mail carrying malicious code. One standard he said companies like AOL are already adopting is the Sender Policy Framework. SPF aims to crack down on e-mail address forgery and distinguish malware-laced messages from legitimate mail by verifying the envelope sender address against client IP before any message data is transmitted.

Such methods probably won't deflect every future attack, but, Nadir said, it's a good example of how the wireless community can be better prepared when the hackers and spammers decide to strike.

Dig deeper on Web Server Threats and Countermeasures

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close