In a nod to the growing chatter around wireless viruses and hacking, Nokia Corp. announced it would install security software from Symantec Corp. in its Series 60 smart phones, devices that run the Symbian operating system. The move is the industry’s latest acknowledgement that hostile software and applications could evolve into a real threat.
“Your smart phone is really a small computer,” explained Todd Thiemann, director of device security marketing with antivirus company Trend Micro Inc. Thiemann said in the near future “there’s a probability that there will be malicious attacks that will cause problems.”
Some in the industry contend that antivirus companies like Trend Micro are hyping security issues in order to sell their products. Indeed, antivirus company McAfee Inc. in 2003 commissioned a report that predicted North American wireless carriers would spend $4 billion in 2004 protecting subscribers from security threats. Although carriers generally decline to break out their expenses, so far there have been only a handful of serious software bugs or security breaches-and a relatively tiny number of affected users.
Trend Micro’s Thiemann agrees that the issue has yet to explode.
“I want to avoid the hype,” he said.
Nonetheless, wireless players have been taking precautions against such concerns. Nokia’s deal with Symantec is the latest outgrowth in the companies’ two-year relationship. Further, NTT DoCoMo Inc. in Japan uses antivirus software from McAfee in its phones. And companies like Bluefire Security Technologies, Credant Technologies and others sell antivirus software to corporate IT managers.
During the past several years, there have been only a handful of notable security issues. A computer hacker scored access to phone numbers, pictures and other information in socialite Paris Hilton’s phone. Further, antivirus firms have identified more than a dozen viruses written specifically for smart phones. The viruses generally target the Symbian operating system, as well as Bluetooth technology.
However, most such viruses are only examples of what can be done, rather than widespread assaults on real phone users.
“What you’ve seen today is mostly proof of concept,” Thiemann said.
The latest proof-of-concept virus to emerge is Symbos_cardtrp.a, which can travel through Bluetooth and resides inside a Symbian phone’s removable memory card. The virus then can affect a user’s computer if the user attaches the card to the computer.
Both Symbian and the Bluetooth Special Interest Group have acknowledged the potential for wireless viruses. But they point out that users can protect themselves against such threats by installing only applications from trusted vendors.
“There is always the potential … for more vulnerabilities to be uncovered,” said Michael Foley, executive director of the Bluetooth SIG.
Other security defenses come from the Trusted Computing Group, which recently announced plans to target mobile phones. The group, founded in 2003, develops security specifications for hardware vendors. Nokia, Microsoft Corp., Texas Instruments Inc. and others are members.
“TCG’s experience, expert members and cross-industry membership make it an ideal organization to drive standards for more secure mobile phones,” said Janne Uusilehto, chairman of the TCG mobile-phone working group and an executive with Nokia.
With all the attention on mobile-phone security, industry players hope to forestall the virus problems that have plagued the computer space. However, Thiemann said the potential for phone viruses will increase as third-generation wireless networks come online and mobile phones grow increasingly powerful.
“I’d say sooner rather than later,” he said.
