Destructive power of mobile viruses could rise fast

The dream of a connected world where PCs and mobile phones can communicate with the digital home and other devices is supposed to make life easier. But it could instead make life far more dangerous if malware developers have their way.

And it's not just the possibility of losing a credit card number. With microchips and software becoming more and more a part of life, such as in cars, homes, and mobile phones, the threats multiply dramatically.

Simple programs available already could be a good start. Mobile phone services in some countries allow people to view what's going on inside their house during the day via a Web cam connected to motion sensors. The Web cam can snap a picture and send it to the user if anything seems awry.

But that same Web cam could be used by a hacker to see if anyone's home. If nobody's in, it may be a good time to break in. Or, a hacker could use the Web cam to take pictures of what's going on in the house, invading privacy. In a more ominous example, what if someone could hack into a user's mobile phone while they're driving and use it to shut down certain automobile systems, like the brakes?

Scenarios like these are becoming increasingly possible as more gadgets, such as mobile phones, become connected to the Internet, said Dhillon Kannabhiran, founder of the Hack in the Box Security Conference being held in Kuala Lumpur, Malaysia, this week.

Part of the problem is that stronger security in personal computers and on servers has made it more difficult to attack such devices.

"These kind of exploits are getting fewer and far between, so people are looking for new platforms to attack," said Kannabhiran, adding that hackers will take far greater interest in 3G (third-generation) phones because being connected to the Internet all the time makes them more accessible.

The threat of malware attacks on mobile phones has already increased dramatically over the past year as smarter phones that use more software, allow Internet surfing and act as personal digital assistants gain popularity.

"Vendors are concerned with the alarming rate smartphone viruses are starting to come out now," said Anthony James, senior product manager at security specialist Fortinet Inc., in an interview.

F-Secure, another antivirus software vendor, says the current total count of known mobile malware stands at 87, up from less than 10 early last year. A total of 82 of those viruses were written to run on the Symbian series 60 operating system.

Symbian is the world's most popular mobile phone OS (operating system). The large number of virus attacks on Symbian don't mean it's less secure than other operating systems, it just shows how popular Symbian devices are, and thus "they are the most interesting target for malware authors," says F-Secure, on its Web site.

The Symbian OS led the global smart phone market with a 62.8 percent share at of the end of the second quarter, followed by Microsoft at 15.9 percent and PalmSource with 9.5 percent, according to industry researcher Canalys.com.

The trouble with the connected world is that faster download speeds for mobile phones and other devices increase the possibility of infection and spreading, said Todd Thiemann, director of device security marketing at Trend Micro Inc., speaking at the 3GSM World Congress Asia in Singapore.

He said the mobile malware seen so far has been done by hackers testing their mettle against current mobile phone security, and that the threat will increase as more virus authors get into the game.

The latest example is the Cardtrap virus, which targets handhelds running the Symbian OS. The virus is slightly more advanced, in that its goal is to infect a user's PC. When the phone's memory card is inserted into a Windows-based PC, which a user might do to clean the virus, a worm on the memory card automatically installs and runs the virus on the PC, according to Thiemann.

Expect viruses like these to become more common and more destructive as devices link up to the Internet.

Most major antivirus software vendors offer software to protect mobile phones. Users can find details on their Web sites, including http://www.f-secure.com/wireless/download/ and http://www.antivirus.com.