After Five Years, Apparently The Mobile Virus Flood Is Really Coming This Time

from the we've-been-waiting dept

For about five years, there's been an effort to whip up hype around the supposed threat of mobile viruses and malware. Pretty much all of that hype's come from anti-virus vendors, so it's been pretty suspect, particularly as this threat they've been hyping for so long has failed to materialize. It's true that there have been quite a few pieces of mobile malware, but they've failed to spread for a number of reasons. The biggest factor is fragmentation: different vendors use different operating systems on their phones, rendering all sorts of software, including malware, incompatible from one handset to the next. Mobile operators also play a part, since it's relatively easy for them to filter out malware traveling across their networks via SMS. In short, the mobile environment is vastly different from the PC world when it comes to security, so it's unreasonable to think that malware will operate in the same way in both.

Some academic researchers are now saying that the only thing holding back a tidal wave of mobile malware is that no single operating system has sufficient market share, but once one hits 10 percent, phones running it are dead meat. But that argument doesn't wash, nor do the researchers' claims that an MMS-based virus could infect an entire population of devices in a matter of hours. First, the market share figure doesn't make a lot of sense, given that platforms like Nokia's Series 40 already feature in hundreds of millions of devices, creating a large target population. Second, MMS messages still have to travel through operators' servers, so they're much easier to scan for malware than PC-based communications. As long as operators' malware filters are working as they should, it won't be too difficult to stop the spread of an MMS virus. But perhaps the biggest factor holding back mobile malware is that there really isn't any money in it for virus authors. Botnets of mobile phones aren't much use for sending out spam, and generally, the money trail created by any sort of premium-message scam can be relatively easily tracked. The closed nature of mobile networks and mobile devices makes them much less susceptible to malware than internet-connected PCs, and no amount of hype will change that.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Apr 23rd, 2009 @ 9:07pm

    So is this an argument for keeping phones in walled gardens?

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Allen (profile), Apr 23rd, 2009 @ 9:12pm

    I agree although I expect that the vector for mobile phone malware of any large volume will be the browser rather than MMS/SMS. And even then I would expect it more to be a case of collateral damage as the malware attempts to exploit a vulnerability in the shared source.

    I'd like to add that as long as usage based billing continues, the first monthly bill after being infected is going to be a pretty strong incentive to address it. I wonder how successful botnets would be if home broadband were charged by the MByte.


    Finally, like MACs, malware for mobiles is going to be a niche market. Why bother when there are so many internet connected WINTEL computers out there connected to all you can eat broadband?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Eadwacer, Apr 23rd, 2009 @ 9:26pm

    So, is the threat real?

    Sounds like the text belies the headline.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Frosty840, Apr 23rd, 2009 @ 11:19pm

    Re: So, is the threat real?

    Based on previous headlines, I took the "Really" to be sarcasm, which makes it fit.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    whitemouse, Apr 24th, 2009 @ 12:28am

    it might not be possiblte MMS wise...

    But "Viruses spread by Bluetooth could reach all users of a given OS in days, whereas those spread by multimedia messages could spread in just hours." BBC News
    Bluetooth is not regulated...
    But yes you'd have to be pretty stupid to let someone you didn't know send you a bluetooth file.
    So I expect it to spread like wildfire

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Andrew, Apr 24th, 2009 @ 12:33am

    Disagree

    > Botnets of mobile phones aren't much use for sending out spam

    Maybe not email spam, but they could be used to send SMS spam.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    femtobeam, Apr 24th, 2009 @ 1:38am

    Mobile Security

    Mobile devices are becoming embedded ones and much smaller. They can be in the material on your clothes or your body. The mobile systems are evolving into broadband terrestrial in addition to satellite systems and many of the MMW antennas are using fiber between them. Thus they are no longer traditional mobile networks but are ad-hoc. Are you ready for remote health, or the ability to massively control heart pacemakers and the like, for the masses? A botnet, bluetooth or not, will become spam and worse directly to your person. We can't afford any system which is not secure.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Ben (profile), Apr 24th, 2009 @ 8:40am

    Bluetooth

    Most people I know leave bluetooth disabled (because of the comparatively massive power drain) unless they're specifically connecting to another device... so any virus using bluetooth as a vector will have a serious constraint over timing and opportunity of transit.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Christopher Smith, Apr 24th, 2009 @ 8:58am

    False premises

    This line of reasoning tends to assume that $PLATFORM will be as easy to write malware for as Windows is. While writing secure software is certainly difficult, it's also entirely possible. (The claim that Windows has the viruses only because of its market share is easily refuted by looking at the Apache Web server...)

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    anymouse, Apr 24th, 2009 @ 11:27am

    following the money

    Okay,

    I think I need to patent the business model of increasing revenue by creating malware/virus/trojans that infect mobile phones, with the real intent being to increase monthly data/message usage, and thus increase those revenue sources in the mobile phone industry.

    When it comes out in a few years that the first 'mobile phone virus' was really created (via contracted outsourcing of course) by the same mobile phone company that sold the phones in the first place, with the only intent being to squeeze more money out of their sheeple(tm), you can say you read it here first.....

    Flips tinfoil hat to shiny side out - it works better that way on sunny days.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Steve, Apr 26th, 2009 @ 8:24pm

    Despite whether you think mobile viruses were a 'within the system' creation to squander revenue or not, the threat is real. As people increase the portion of their banking/etc. they do using smart phones, this is going to be more critical. It's hard to find information on mobile digital security but I did have success here*. Lots of information.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Krevco (profile), Dec 29th, 2009 @ 8:17am

    Is it a virus flood? In my experience it is more of a case of peopel accidentally introducing malware to their devices because of external devices and memory cards, or getting malware from bad apps. I have not heard of any real virus issue on any mobile devices..

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This