30 Minute Interview

Securing mobile phones

Amit Nath, Country Manager – India and SAARC, Trend Micro, talked to Nivedan Prakash about the threat environment on mobile platforms

Amit Nath

With mobile phones and other handheld devices becoming more complex and powerful, how difficult is it to secure them?

As the consumers lead busy lifestyles, they rely on mobile devices such as smartphones and personal digital assistants (PDAs) to help them keep up with the demands of both their personal and professional lives. Employees use these gadgets to stay productive and carry out tasks without their desktop or even their laptop computers. The introduction of both the Apple’s iPhone OS and Google’s Android is likely to foreshadow a unified platform that lessens the difficulties for malware authors.

Business users are now using their mobile phones for important e-mail. Loss or leakage of this could prove calamitous. Faster data connections via EVDO, HSDPA, etc., could permit spamming, phishing, denial of service (DoS) attacks, and [allow crackers to] initiate other malicious operations normally associated with PCs, this time using the mobile platform. It is getting tough to secure these devices.

Are mobile operating systems susceptible to viral infection?

Of late, the use of smartphones has increased manifold. People have already started using the phones for banking, e-mailing and other Internet-related activities. Even, the number of people using smartphones as a work tool has been increasing. Within the next few years, a large chunk of workers will be using their mobile phones to connect to the corporate network. This is a huge opportunity for cyber criminals to spread viruses and malware.

As smartphones cater to information transfer through different means including e-mail, MMS, SMS, Bluetooth, the Web, and IM it is hard to imagine a single device better suited for malware propagation. The blurring of the distinction between the handheld and the desktop also signifies an increase in the threat risk of mobile malware.

Mobile phone virus can spread by two mechanisms—a Bluetooth virus or a Multimedia Messaging System (MMS) virus. In the future, we will see hybrid viruses, which can infect a phone via Bluetooth or MMS.

Could you highlight the various kinds of viruses that exist in the mobile device space?

Trend Micro researchers have encountered a fair number of mobile threats in the past two years, but it would be a stretch to call any of them—except one—anything truly problematic. That exception is WINCE_INFOJACK, which has capabilities that are similar to those of the most dangerous information-stealing malware seen on the desktop.

WINCE_INFOJACK.A is a worm that runs in the Windows CE environment and steals information such as the serial number, OS version, model, platform, and host’s name then relays it to the malware author. The worm also changes security settings on the affected phone. It originates from an infected memory card on a mobile device or through SMS.

Another recent virus was the Curse of Silence that initiated a denial-of-service attack preventing incoming SMS from reaching the inbox once the user received a specially formulated text message.

What has been the contribution of Trend Micro in this space?

Trend Micro offers two different solutions for mobile users: Trend Micro Mobile Security 3.0 for consumer/small business users and Trend Micro Mobile Security 5.0 for enterprise/medium business users. Both offer anti-virus protection, a firewall, and intrusion detection systems that protect users from the current spectrum of mobile malware threats, as well as future ones proactively. The latter versions also include device management that many IT departments will find useful in ensuring the proper usage of company assets and resources.