Your Phone is at Risk

Most people think about computers as the vulnerable technology in their life. However, your mobile or smart phone is often overlooked as a possible risk. In some cases, phones may be even more vulnerable since they typically don’t carry the firewall or antivirus programs that many of us utilize on our computers. Additionally, people are more likely to click on links, downloads and attachments from our phone. These can all be clever malware attacks. Attacks can gather personal information, obtain your contact list, and disable messaging and phone services and more. Other attacks can even impact battery life, and create high usage bills. A recent article on research findings in this field highlights some of these attacks:

CommWarrior is a virus family affecting cell phones operating Symbian OS S60 2nd edition. The virus extracts numbers from the contact list of the infected phone, and sends a MMS carrying an infected installation file. This file usually poses as a recreation (game, ringtones, porn & etc) or utilitarian (antivirus, desktop manager & etc) application. The device will be infected once the target executes the application. Currently, CommWarrior is being reported in over 18 different countries around Asia, Europe and North America.

BeSeLo, a virus affecting cell phones operating Symbian OS S60 2nd edition. Unlike Commwarrior, BeSeLo not only extracts numbers from the contact list of the infected phone, but also generates some by itself. It then sends those numbers an MMS carrying an infected installation file.

Spyphone is a Trojan Horse that conducts various spying operations on the infected device (including monitoring incoming calls), on behalf of the individual who sent it to the victim. It does not have an automated infection routine: an attacker has to actively send it to the selected victim, on the form of an installation file. Upon execution of this file, the victim is prompted with the following message: “Install Sysapp? Yes / No”. Selecting “Yes” will lead to the definitive infection.

Cell phone users should be cautious about opening attachments from all sources, even it is appears to be coming from your best friend. Be cautious of file extensions and if it prompts for an application installation, you should be concerned. Always put your mobile phone in Bluetooth disabled mode when not in use, and if you use your cell phone as a wireless modem, be sure to utilize security features that lock down your connection. Don’t download ringtones, applications, games or other software- only use a trusted company such as your phone provider for these products. Explore data encryption methods and additional password protection for the files on your device. Keep checking this blog for more information on cell phone security.