Canadian smart phone users are less likely to get hacked on their mobile devices than their Asian and European counterparts, but that may soon change. Security researchers are uncovering more ways that hackers can attack and steal information off these data-rich devices.
User behaviour will also play a huge part in whether mobile malware attacks will increase in North America, according to David Marcus, security research and communications manager at McAfee Inc.’s Avert Labs. Although mobile malware has become more prevalent as mobile devices gain greater computing and storage power, many of the attacks are being seen more in Asia and Europe and less in North America, said Marcus.
Much of that had to do with mobile device functionalities and user behaviour in these other continents, he said.
“(Europe and Asia) already have transactional buying and selling (through smart phones) over there. So they already have a lot more mobile malware problems than we have in North America,” Marcus said.
He added, however, that the trend in mobile security in these countries is “kind of a harbinger of things to come” in Canada and the U.S. as smart phone functionalities are enhanced and users begin seeing their mobile devices more as mini-computers.
“If the users are going to engage in the same kind of behaviour on the phone as they do on the PC, you’re probably going to see a lot of the same types of malware on the mobile phone as you are seeing on the PC,” Marcus said.
McAfee has released a white paper detailing various threats plaguing smart phones, specifically discussing vulnerabilities associated with smart phones and PDAs running Windows Mobile, based on the Microsoft Windows CE platform.
The report, authored by Zhu Cheng, research scientist at McAfee Avert Labs in Beijing, said Windows CE’s open source kernel strategy has attracted more mobile device manufacturers to adopt the operating system.
The open source strategy gives developers of Windows Mobile applications easier access to parts of the kernel.
At the same time, Chen said, this open policy is attracting the bad guys. “Windows CE’s open source kernel policy allows virus writers to gain a deep understanding of the operating system,” he said.
Marcus noted, however, that while that open policy for Windows CE is a security concern for mobile devices, it’s not the greatest concern.
“It’s not like it’s an open source application where the source is available to all. There are still requirements to get a hold of the kernel stuff,” Marcus said, adding the biggest concern around mobile malware is on user behaviour and educating them on safe mobile device usage.
The open kernel policy allows hardware vendors, telecom service providers and third-party application developers to write better performing applications for Windows Mobile-based smart phones, said Bruce Cowper, senior program manager for security initiatives at Microsoft Canada.
“Performance is one of the big issues around customer satisfaction, especially on the mobile devices,” Cowper said, adding that allowing kernel access ensures that the hardware and applications are stable and working properly with the operating system.
The McAfee report listed some smart phone features that are at greater risk of being exploited, including text messages, contacts, documents and buffer overflow.
One form of malware attack, called SMiShing, uses a smart phone’s short message service (SMS) to send fake messages to people on the contact list, similar to e-mail spoofing. But this technique, said Chen, has a higher likelihood of success as recipients are not aware of this type of threat and the text message would seem to have come from a known phone number.
Malware writers could also create new threats by making use of the sample code MapiRule which, according to the Windows Mobile software development kit, could be used by application developers to write code and load it to implement text message blocking, Chen’s report indicated.
“After installation, MapiRule becomes a filter between short messages and the tmail (text mail) mail program. So, a programmer could interrupt the short message handling process by deleting or forwarding messages, or by performing other operations while acting as the man in the middle,” the McAfee paper indicated.