Cell Phones Increasingly Attractive To Hackers

A look at the ways hackers are moving from attacking computers to attacking phones, the next big target


Early this month, several Web sites began offering software promising ringtones and screensavers for certain cell phones. But those who downloaded the software found that it turned every icon on their cell phones' screens into a skull-and-crossbones and disabled their phones, so they could no longer send or receive text messages or access contact lists or calendars.

Security experts named the malicious software "Skulls" and consider it an early warning of the damage hackers could do as they turn their malevolent talents to cell phones from computers.

"Hackers are simply trying to put it out there that it can be done," said Vincent Weafer, senior director of security response for Symantec Corp., a security software firm. "The motivation is to say [cell phones] aren't as secure as you think."

Mobile phones are a tempting target because they have become a part of everyday life. In addition, consumers are buying more sophisticated "smart phones" with Internet connections that provide an easier pathway for cell phone infections. Few phones come equipped with protection against malicious software, though some companies are starting to install it. Most cell phone users aren't on guard for attacks like those that periodically bring down computers worldwide, and at this point there is little they can do to protect themselves.

"The impact is potentially larger on the phone because we're not savvy about that," said Victor Kouznetsov, senior vice president of mobile solutions at McAfee Inc., a security software firm. "Also, the profile of a mobile society is a cross-section of society who are potentially less [technically] savvy than computer users."

Skulls is one of five malicious software programs attacking cell phones this year, security experts and analysts said. The scale of such attacks is hard to quantify because the federally funded CERT Coordination Center at Carnegie Mellon University, which monitors viruses and other malicious software on the Internet, does not separately tally reports of such problems with cell phones.

But there are anecdotal reports. For instance, in Japan, cell phones have frequently been "spammed" with junk messages, some of which redirect phones to Web sites that cause the phones to crash.

Most basic phones can send and receive text messages, which makes them vulnerable to some attacks. And new ways of using cell phones encourage the spread of viruses. For instance, cell phones can transfer infections when users participate in a dating service that allows them to contact strangers in the same room via text messages or play online games.

The potential for trouble increases with smart phones. Like a computer, the newer phones can run e-mail programs and download PowerPoint slides, games and other applications that can come with malicious software attached. Such advanced phones make up 2 percent of cell phones in the United States, according to the Yankee Group research firm. But Yankee Group expects that share to increase to 17 percent by 2008.

Software that protects computers from viruses and other bad software has not been programmed for cell phones.

John Pescatore, an analyst with technology research firm Gartner, said malicious programs will be as much a problem for cell phones in 2006 as they are for computers today. "First it will be a nuisance," he said. "The next phase will be crime, like theft or theft of service, and then after that we'll start seeing different types of attacks" that bring down networks, he said.

Now, computers are a bigger target. Cell phones use a number of operating systems, meaning that separate programs must be designed to disable each one. That makes it harder to design a mass attack. "It's never going to be as uniform a landscape for hackers," so it is not clear how broad an attack might be, said John Jackson, an analyst with the Yankee Group.

This content continues onto the next page...