WSJ -- E-Sabotage Migrates To the Cellphone ......................................
November 7, 2006
E-Sabotage Migrates To the Cellphone
New Products Address Threat Of Mobile Spam and Viruses; Blocking the Escort Services
By JESSICA E. VASCELLARO
Sedef Onder, owner of an advertising firm in New York City, is losing sleep over spam. Late on many Friday evenings, her mobile phone goes off, signaling receipt of a text message announcing the time and place of a hot club party evidently geared toward students. Sometimes the notice comes as a voicemail with a raspy male voice and techno music blasting in the background. "At least with email, there is a junk mail folder," says Ms. Onder, 42 years old.
The indispensable cellphone is becoming more vulnerable. Both wireless carriers and traditional security companies are stepping up efforts to fortify what they say are hackers' next big targets -- the multipurpose cellphones and smartphones consumers keep glued to their hips.
The still-nascent threats are twofold. Mobile spam -- an annoying interruption or, more seriously, a new tool for identity thieves -- is growing more prevalent. The threat has been underscored by recent scams -- sometimes known as "SMishing" -- where spammers use text messages to trick users into disclosing personal information. In one recent attack, a message asking recipients to register for an online dating service attempted to sneak a virus onto users' machines. In addition to virus-types like "worms," which can spread through and disrupt a network, other scams are surfacing, too -- including mobile spyware that once downloaded to a phone can listen in to conversations.
While instances of such threats are rare (there are more than 600 known computer viruses for every known mobile virus, according to Symantec Corp., of Cupertino, Calif.) leading security companies are offering new technology for consumers wanting the added protection. The products are still in their early stages and are available only for certain phones and devices.
Paul Miller, managing director of wireless and mobile for Symantec, talks with WSJ reporter Jessica Vascellaro about new tools to protect consumers from spam and viruses on their cellphones and other mobile devices. (Nov. 6)
Symantec last week launched a new version of its mobile antivirus software for devices running the Windows Mobile operating system. It has new features like scheduled scans, the ability to quarantine suspicious messages and real-time auto-protect, which scans files continuously in the background. Last month, McAfee Inc. expanded the availability of its mobile security suite, which blocks text messages it believes to be malicious and can detect and clean any potentially infected files before they are run, to a broader range of devices. F-Secure Corp., of Helsinki, Finland, will soon launch new antivirus and firewall software for the latest smartphones as well. The firewall software will protect devices by allowing the consumer to select from predefined security profiles. When the security level is set to "high," only business critical applications like email and Web browser are allowed to send and receive data.
Cellphone-service providers are also addressing the problem, hoping to nip it in the bud before consumers consider changing or downgrading their plans. Verizon Wireless, jointly owned by Verizon Communications Inc. and Vodafone Group PLC., recently sued several unknown operators caught sending SMS spam to their subscribers, most recently after an outbreak in October when tens of thousands of subscribers received unwanted text messages advertising discount prescription medicines and pumping a specific company's stock.
Sprint Nextel Corp. has been refining its network filtering technologies, and a spokesman for Cingular Wireless, a joint venture between AT&T Inc. and BellSouth Corp., says the company plans to begin making antivirus software available to customers with certain phones.
The new security products are taking aim at the new threats by being more flexible. Most new software can receive updates about potential new viruses over the air, eliminating the need for customers to download new software every time a new type of threat is detected. Companies are also trying to boost consumer adoption by building their software for a broader range of phones, which vary widely in which types of applications they can handle.
Like similar software for computers, the applications must be downloaded (either from a mobile Web site or through synching with a desktop). The programs then automatically scan file types like emails, documents or text messages that may be infected in the background, typically displaying an icon at the bottom of the screen to indicate they are active. When something trips the system, a window pops up identifying the file as one whose purpose may be to steal information from or crash the device and warning the user not to launch it.
The applications aren't yet as sleek and seamless as their computer counterparts, in part because mobile phones have smaller interfaces, less processing power and lower memory capacity. But with more phones able to run more complex applications with computerlike vulnerabilities, companies and individuals are increasingly realizing that mobile security ought to encompass more than safeguarding data.
Even spam text messages -- of which U.S. consumers will receive about 800 million this year up from 500 million last year, according to Ferris Research Inc. of San Francisco -- are more than an inconvenience. Consumers are charged for receiving text messages and a flurry of fakes can be a persistent interruption causing one's phone to go off with each successive piece of spam. Meghann Marco had to recently switch phone numbers after she found herself barraged with fraudulent messages peddling new home loans or containing just pure gibberish. Cingular allowed her to switch her number at no cost. "It was a huge mess, but it was better than a flood of messages from escort services," says the 26-year-old writer from Brooklyn, N.Y.
The threat of a mobile device catching an unwanted bug is still small. At this stage, many security analysts advise consumers ought not to bother with standalone software, which costs around $30 for a year's license and has to be downloaded to the vast majority of devices separately. Prudence -- like shutting of your phone's Bluetooth reception when you don't need it -- may be caution enough.
Preferring to be safe rather than sorry, Rod Trent recently downloaded Computer Associates' eTrust antivirus software, which costs him around $30 a year, to his $500 Samsung smartphone. But since then, about once a week he gets a pop-up screen telling him he is low on memory and needs to close an application. "It makes me feel protected, but I am thinking of removing it anyway," says Mr. Trent, of Middletown, Ohio, who runs an online forum for computer technology administrators.
Complaints that mobile antivirus software affects device performance aren't unusual, says Sam Curry, vice president of security management for Computer Associates, and new versions will be faster and lighter.
Write to Jessica E. Vascellaro at jessica.vascellaro@wsj.com
Copyright © 2006 Dow Jones & Company, Inc. All Rights Reserved. |
