The same week one of the world’s worst spam operations is being shut down, security researchers are warning the next big threat may not be for PCs at all — but rather for cell phones.
A report issued Wednesday by the Georgia Tech Information Security Center says spam and other botnet-based attacks will make the move to mobile in the coming months. The study, called the Emerging Cyber Threats Forecast for 2009 (PDF), was presented at the GTISC Security Summit in Atlanta.
“As Internet telephony and mobile computing handle more and more data, they will become more frequent targets of cyber crime,” the researchers say.
The concern is that hackers will begin stealthily taking over phones the way they’ve taken over network computers, turning them into virtual “bots” to do their bidding (hence the term “botnet”). Because of cell phones’ increasing computing power — not to mention their always-on nature — the researchers fear they’ll soon become an obvious target.
“Large cellular botnets could then be used to perpetrate a [denial of service] attack against the core of the cellular network,” says Patrick Traynor, an assistant professor at Georgia Tech involved in the study. “But because the mobile communications field is evolving so quickly, it presents a unique opportunity to design security properly — an opportunity we missed with the PC,” he adds.
Stumped on Security
The overall lack of cell phone security so far is one of the first issues Traynor and his team are trying to tackle. Right now, they say, proper antivirus protection would drain too much of a phone’s battery and thus prove to be unpractical. Add in the fact that most people tend to be trusting when it comes to voice technology, and you have the potential for disaster.
“Most people have been trained to enter social security numbers, credit card numbers, [and] bank account numbers … over the phone while interacting with voice response systems,” says Tom Cross, an IBM Internet Security Systems researcher also involved in the research. “Criminals will exploit this social conditioning to perpetrate voice phishing and identity theft.”
As intense as it all sounds, there’s likely no cause for panic. The researchers point out that the relatively closed nature of cellular networks compared to the Internet will help carriers combat ill-intended tactics. They also note that they’ve seen no evidence of these types of hacks actually being plotted yet.
Rather, they’re looking at the ripe environment as an opportunity to put up protection before it becomes too late.
“Users want to avoid the spam crisis that has inundated email,” Cross says.