Thursday, April 2, 2009

Don't be the next phone virus victim

Don't be the next phone virus victim
Fri, Apr 03, 2009

By Jasmine Osada

The next time you receive a message on your mobile phone asking you to download something, make sure the message is from a legitimate contact before pressing the "yes" button.

With more consumers adopting smartphones nowadays, mobile phone viruses are on the rise. Smartphones typically allow users to install applications, and this is where viruses and other malicious software can worm their way into the devices.

In January this year, security systems company Fortinet identified a mobile phone attack known as the "Curse of Silence". The attack involves sending a maliciously crafted SMS message which, upon receipt, cripples the affected device's SMS and MMS sending functions.

The attack was linked to the Symbian OS, an operating system used in a number of Nokia phones. However, the Finnish mobile phone maker said it does not believe the issues represent a significant risk to its devices.

But still, Nokia cautioned its users to be careful when receiving applications and messages from others.

A spokesman with the company said, "We also encourage consumers to help protect their mobile device against harmful applications by being careful about accepting applications sent via Bluetooth or when they open SMS or MMS attachments, as they might include software which could be harmful to your phone or PC."

AsiaOne spoke with Mr. Derek Manky, Cyber Security & Threat Researcher for Fortinet on the nature of mobile phone attacks and how users can prevent them:

What are the common mobile phone viruses/attacks found today?

Most attacks found today are denial of service or defacing, which comes from worms that spread through MMS, MMC memory cards and Bluetooth. These typically drain battery life rapidly, and can cause high usage bills due to outgoing SMS/MMS activity. Commercial spyware applications are available for various platforms that when installed, allow users to remotely view incoming/outgoing messages and calls.

Below are a few recent mobile threats that our FortiGuard Global Security Research Team has been keeping track of:

  • CommWarrior is a virus family affecting cell phones operating Symbian OS S60 2nd edition. The virus extracts numbers from the contact list of the infected phone, and sends a MMS carrying an infected installation file. This file usually poses as a recreation (game, ringtones, porn & etc) or utilitarian (antivirus, desktop manager & etc) application. The device will be infected once the target executes the application. Currently, CommWarrior is being reported in over 18 different countries around Asia, Europe and North America.
  • BeSeLo, a virus affecting cell phones operating Symbian OS S60 2nd edition. Unlike Commwarrior, BeSeLo not only extracts numbers from the contact list of the infected phone, but also generates some by itself. It then sends those numbers an MMS carrying an infected installation file.
  • Spyphone is a Trojan Horse that conducts various spying operations on the infected device (including monitoring incoming calls), on behalf of the individual who sent it to the victim. It does not have an automated infection routine: an attacker has to actively send it to the selected victim, on the form of an installation file. Upon execution of this file, the victim is prompted with the following message: "Install Sysapp? Yes / No". Selecting "Yes" will lead to the definitive infection.
  • Finally, a recent SMS/MMS denial of service known as the Curse of Silence/CurseSMS attack, involves sending a maliciously crafted SMS to potential targets, who then are unable to receive SMS/MMS messages.

Are these attacks are common in Singapore and the rest of Asia?

Mobile phone attacks are increasingly common, not only in Asia, but around the world as the adoption of mobile devices continues to increase.

As mentioned, most current attacks are destructive by nature. This is the same path that occurred with PC-based malware in the 1990s.

A recent attack has surfaced with SymbOS/Flocker. Aside from sending SMS messages to premium-rate numbers owned by cyber criminals, new variations are targeting Indonesian carriers that allow balance transfers from an infected phone to an account controlled by the malware authors.

Malicious activity on smart mobile devices like smart phones has been low to date, but the anticipated consumer adoption of 3G and the new and business models it enables will open up a huge market for cybercriminal activity.

3G enables network operators to offer a wider range of more advanced mobile services, such as real-time access to high-quality audio/video transmission, and greater network capacity. This increased scope of potential vulnerabilities calls for a focused approach in securing millions of active handheld devices today.

Shared components, new platforms like Google Android (in which we saw a recent vulnerability disclosure), and increasing functionality/complexity of smart devices combined with 3G and the roadmap to 4G bandwidth will be the next biggest threats to mobile security. There will certainly be a lot of movement on this front in 2009 and the coming years: we are already starting to see some in Indonesia / Asia as mentioned.

What would happen to victims of these attacks, and if they can potentially be victims of identity theft, credit card fraud, etc.?

Depending on the type of infections, victims may suffer inconvenience or minor losses.

Mobile attacks can potentially cause serious consequences whereby personal data or confidential information stored in mobile phones could be hacked or retrieved by cyber criminals, leading to the risk of identity theft and credit card fraud. In particular, commercial spyware can place the victim at the risk of identity theft.

Mobile security is at a tipping point with smart portable devices interoperating with networks flanked by the dynamic threatscape. New vulnerabilities and attacks place mobile device users open to attacks in this environment. Phishing, identity theft, credit card fraud and information pilferage have become reality.

While some viruses are driven to cause damage, others such as CommWarrior and BeSeLo (using Bluetooth as an alternative propagation method) cause victims to experience rapid battery power loss. A simple denial service attack with CurseSMS will cause inconvenience to the user as infected mobile phones will require a factory reset.

Frequent, unauthorized outgoing messages can lead to high bills and denial of service attacks can cause financial damages especially to smart devices intended for enterprise or business.

What are the steps we should take in preventing these attacks?

Mobile phone users should be extra cautious when opening attachments from all sources, as even a trusted connection might be infected without knowing it. Be cautious of file extensions as well, as we saw with the BeSeLo worm. If a media file such as a ".mp3" or ".jpg" extension prompts for application installation, a red flag should be raised.

Secondly, play safe. Always put your mobile phone in Bluetooth-disabled mode to prevent infection of a malicious file or virus propagated through Bluetooth. Additionally, mobile phone users are advised not to install unauthorized software in order to lower the chances of virus infection.

For enterprises, enforce policies for mobile devices which are introduced into the network as this bypasses many security mechanisms. Data encryption and gateway protection to protect mobile devices from the bridged threats mentioned earlier is recommended.

Now is the time to prepare before cyber criminals get more involved in this arms race, which is expected to accelerate, given the increasing reports of mobile malware. Cyber criminals have started to invest and establish their foothold in this area.

In the event of a mobile attack, users can recover their mobile phone by employing the new version of the FortiCleanUp tool released by FortiGuard Global Security Research Team. The FortiCleanUp tool automatically scans and removes malicious elements that prevent proper handset function.

Fortinet also offers the FortiClient Mobile Security which is available for Microsoft Windows Mobile and SymbianOS S60 operating systems.

Can attackers retrieve personal information from handsets, like they would a mobile phone, and if so, are services such as mobile banking safe?

Services such as mobile banking should be treated with the same caution as online banking from your desktop.

Phishing sites targeting popular banks can easily draw a mobile user in, for instance, with a URL supplied through an MMS message. Once credentials are entered, the account will be compromised.

A recent vulnerability with Windows Mobile Bluetooth FTP (Obex) allows an attacker to browse all system files, download any files such as personal information management (PIM) data, and upload files to arbitrary paths such as the system startup folder. While it has not yet occurred in the wild, theoretically this could be used to plant a Trojan on the device that would be used for further attacks.

No comments: