As mobile data usage grows and Internet connectivity increases, more security incidents are likely to occur on mobile platforms, say experts.
A survey from analysis firm Datamonitor found that a significant percentage of respondents had been exposed, directly or indirectly, to mobile security threats. According to its Mobile Security Report 2008, commissioned by security technology company McAfee, 13.7 per cent. of those polled from Japan, the United Kingdom and the United States were aware that they had been attacked by mobile viruses.
According to the report, 55 per cent. of respondents expressed security concerns relating to mobile payments and banking, while over 40 per cent. had concerns about mobile vouchers, ticketing and mobile multimedia downloads such as ring tones, music and games.
How viruses spread
Mobile viruses typically spread via SMS, installing a script on the handset after the user opens the offending text message. The script then activates the phone to either call or send text messages to numbers listed in the user's phonebook.
The first mobile phone virus, Cabir, was identified in 2005. The worm replicated itself through the phone's MMS (multimedia messaging system) function, "infecting"
Symbian-based phones within range that were detected via Bluetooth. While not usually harmful, the virus reduces the battery life of the host phone because of its constant scanning for Bluetooth targets.
Damage due to mobile viruses currently tends to be limited to small groups of mobile users. They are also limited in their ability to access types of data such as the user's phone book.
Howard Schmidt, former advisor to the White House on cyber security, recently said mobile would become a rich target area for malicious attackers. He said the sheer ubiquity of mobile devices and their greater connectivity to the Internet highlights such devices as the next logical focus area.
Schmidt said the availability of software development kits (SDKs) for mobile devices such as the one launched by Apple for the iPhone, increases the potential of malicious codes designed specifically for the mobile platform.
According to security software maker, Trend Micro, mobile threats that target smart phones generally comprise Trojans and worms, and require user intervention to spread. Other mobile threats that leverage Bluetooth spread without user intervention, and this increases the vulnerability of all corporate mobile devices, as well as the network.
However, according to Datamonitor's survey, while 83.5 per cent. of mobile users in the survey run separate security software on their PCs, a staggering 79 per cent. do not use any mobile protection software.
"Of course, there is still a considerable gap between PC and mobile threat levels", Datamonitor noted in the report. "Despite this, such low penetration of mobile security can be attributed to the fact that the software architecture of the majority of devices prevents the user from installing effective protection tools."