Millions of businesses and computer users are at risk from hackers and malware writers targeting wireless internet systems and mobile telephone devices in 2005 according to the latest data for live digital attacks collected by the mi2g Intelligence Unit in Q4 2004.
This trend is likely to be confirmed by government sponsored studies currently underway in the US, UK, Japan and Germany amongst other OECD member countries. The threat is exacerbated by the increased migration of corporations and government departments towards IP (internet protocol) based voice telephony and video communications along with Bluetooth enabled mobile telephone access of fixed lines. As a result, when systems fail or get corrupted, voice, video and data communications may go down together.
Nearly one out of every two recorded digital attacks is now taking place via the wireless route as opposed to one out every ten, at the start of 2004. The quarter by quarter rise of wireless digital attacks is unprecedented as the number of adaptors of wireless internet connectivity grows exponentially in the consumer, corporate and government sectors. The illegal use of other organisation´s wireless internet facilities is also rising as many individuals simply utilise ´free´ internet access through roaming and adopt a carefree attitude when questioned on the ethics of “piggy-backing” on somebody else´s W-LAN (Wireless Local Area Network) without their knowledge or permission.
Mobile phone devices are susceptible to malware because they use operating systems that have turned them into mini-computers. Virus and worm attacks are increasingly infecting mobile phones and this is just the beginning. In the last few days new Trojan horse programs – believed to have originated in Russia – have appeared which render Symbian-based mobile phones useless in terms of being able to make calls. Gavno variants masquerade as patch files and other camouflaged files designed to trick users into downloading them. The variants can infect popular phones such as Nokia´s 6600 and 7610 models using Symbian´s OS version 7. The modus operandi for repair is a global reset which then deletes all personal data like the address book and calendar.
The mi2g Intelligence Unit would caution that the age of mass mobile phone malware in the highly damaging category of MyDoom or MSBlast has still not arrived and may depend on other enabling technologies before such an event could be realistically precipitated. In 2005, as network operators finally begin to offer different classes of voice services, including priority communications and one-to-many or many-to-many services, such as network-based cellular conferencing, mobile phone viruses will be able to spread more swiftly. Japanese phone company NTT DoCoMo already sells phones with built-in antivirus software and similar phones are going to be available in the US, UK and mainland Europe later this year.
Another increasingly common practice is Bluejacking. People are using Bluetooth to send messages to unsuspecting people within earshot or with good line of sight and proximity, a practice commonly known as bluejacking. Unexpected messages on a mobile telephone may lead a user to believe that they are a victim of a new mobile phone virus or receiving cell phone spam.
“The consequences of mobile phone malware proliferation and wireless network hacking include data and identity theft, generation of expensive phone calls and on demand services´ bills, as well as crippled handsets and disconnected computers,” said DK Matai, Executive Chairman, mi2g. “The two dimensional world of network computer security was turned three dimensional by the arrival of internet connectivity and it has now been rendered four dimensional with wireless connectivity and mobile telephony´s convergence on top of the existing computing infrastructure. The possibilities for security breach and damage are multiplying by orders of magnitude not seen before and user awareness is very poor. In our experience, most domestic and many corporate W-LANs in London, New York and Tokyo are running without any basic level of security settings switched on. Entering these wireless networks is effortless because it requires no password at all.”
For corporations and government bodies, the short term solution lies in commissioning independent audits which include full fledged penetration testing focussed on wireless connectivity. Within the domestic environment the vendors of wireless devices and internet services must be obliged to write warnings on the wireless devices they offer to forewarn customers of the liability and potential for online theft that exists if no security settings are invoked. Default settings should include basic security and must prompt for password entry. In the long term, there is a need for 24/7 risk visualisation at the large organisation level and ´neighbourhood watch´ schemes at the small to medium size enterprise and domestic level, because the complexity of maintaining computer and mobile telephone security is far greater in the wireless connectivity era.