Page last updated at 08:54 GMT, Monday, 21 April 2008 09:54 UK

Cyber criminals to target mobiles

By Mark Ward
Technology Correspondent, BBC News website

Chinese woman using mobile, BBC
A huge spam deluge hit Chinese mobile users in March

Mobile networks and handsets are becoming more of a target for criminals with a technical bent, security experts are warning.

"There's a real transition from online in to the mobile space," said Simeon Coney, head of business development at Adaptive Mobile, which helps operators keep an eye on the malicious traffic flowing across their networks.

In the PC world malicious programs started with viruses designed to be a nuisance but now they have evolved into software designed solely to help their creators make money.

There is no doubt that hi-tech criminals have cottoned on to the fact that making malicious programs, be they trojans or viruses, can be a very profitable business.

That evolutionary process took, said Mr Coney, about 15 years.

Attack pattern

In the mobile world the change from nuisance to profit has happened far faster.

The attacks patterns used with mobile malware suggest that those behind them are applying the lessons they have learned online.

"In the mobile space they are recognising that to be more effective they must try to slip under the radar," said Mr Coney.

There were few attempts to swamp networks with malicious programs, he said, most attacks were targeted towards specific segments and users.

In a sense, said Mr Coney, it was a surprise that mobile networks have not been targeted before now because almost everything that a handset owner does costs money.

Mouse and keyboard, Eyewire
Hi-tech criminals are taking lessons learned on computers to mobiles

Even better, he said, was the fact that once you possess someone's phone number you have a consistent way of reaching them. By contrast filters on e-mail accounts that spot and stop spam and viruses make it hard to be sure a message has got through.

"Mobiles offer so many opportunities for extracting value from people," he said.

This could explain why the numbers of mobile viruses has remained relatively low.

2008 has seen the release of about 10 new mobile viruses and trojans, said Simon Heron, managing director of security firm Network Box.

"There are about 400 variants of mobile malware compared to in excess of 700,000 for computers," said Mr Heron. The vast majority of viruses written for mobile phones are aimed at the Symbian mobile operating system - a consequence of its early dominance.

New viruses

But these relatively low numbers do not mean that mobile malware cannot cause problems.

Said Mr Heron: "The phones themselves have vulnerabilities and there is tremendous take up of email, internet and texting from mobiles, making this one physical platform that can reach a huge number of people."

In one outbreak logged by F-Secure, one of the few firms that produces anti-virus software for phones, an operator with 14m subscribers had 8,000 devices infected with a virus that resulted in the sending of more than 450,000 multimedia messages (MMS). One handset alone sent 3,500 of those messages.

Figures gathered by F-Secure suggest that for any operator with 9m subscribers or more they can depend on having 5% of their MMS traffic being virus carrying.

Man taking his own picture with a cameraphone, BBC
Mobiles have become the gadget people carry everywhere with them

Among viruses for mobiles what has been growing are trojans that exploit mobile payment systems such as premium rate SMS.

One instructive instance of such a malicious program is known as Viver. This was discovered in May 2007 and hides its malicious code inside three fake applications.

Installing any one of those bogus applications on a Symbian phone starts that handset sending costly premium rate SMS messages to an international number. Each SMS message costs about $7 (3.50).

Spam on mobiles is also starting to become a bigger problem. One of the biggest spam bombardments on mobiles took place in March 2007 in China when about half the nation's mobile phone owners received several unsolicited commercial messages in one day.

Statistics gathered by Adaptive Mobile suggest that the average Chinese mobile user gets about 6-10 spam SMS messages per day. In India spam traffic can make up 30% of the text messages flying around networks.

In the UK spam numbers are lower and high profile problems with premium rate services has given rise to a system that has been adopted across all the operators.

Texting the word "stop" to the company running a premium rate service should cancel any subscription and stop messages turning up.

If it does not then subscribers are advised to get in touch with their operator to report abuse.

A spokeswoman for Vodafone said: "Do not sign up for things if you do not know the source of it."

"Virus outbreaks do happen," she added, "but they usually only affect a very small number of customers."

"There is a combinations of things that have to happen for you to get hit," said the spokeswoman.

For instance, she said, many mobile viruses have to be manually installed once they make their way on to a phone and require people to over-ride settings that warn against installation.

Said Mr Coney the lessons learned from viruses and spam hitting PCs had many most in the West less likely to fall for a mobile virus.

By contrast, said Mr Coney, people fell victim to scams in places where mobiles are becoming hugely popular, such as India and China, people have little experience of malware.

"There is a big demographic of people that have a mobile phone that have never had a PC," he said.

Bluetooth posters target visitors
06 Feb 08 |  Tayside and Central
Nokia debuts mobile gaming system
04 Apr 08 |  Technology
Computer viruses hit one million
10 Apr 08 |  Technology
Mobiles narrow digital divisions
07 Feb 08 |  Technology
Teachers warn over cyber bullying
18 Mar 08 |  Education

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Sign in

BBC navigation

Copyright © 2020 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific