The Long-Expected Arrival of the Mobile Virus
January 17, 2010
It really was only a matter of time.
Tech journalists have actually been waiting with bated breath for the emergence of mobile exploits, viruses and Trojans, but we needed for two things to happen first; firstly that the technology get sophisticated enough to support such malware, but also that the environment reach a critical mass that would allow their spread in the mobile ecosystem.
The first really began with the introduction of phones that allowed the running of third party software. In it's truest form this probably meant on OS's such as Nokia's Symbian, however exploits have been possible since WAP phones first came out over ten years ago. Around then, many phones included rushed and often flawed implementations of the various WAP stack of API's, and in a number of these cases exploits were theoretically possible.
I found one example of this in 2000 with the Siemens S35i, that had implemented the WTAI 'makecall' method (allowing one to initiate a phone call from a WAP application). Problem was that they implemented this without prompting the user to confirm the call, which meant that if you innocently went to a poisoned page, it could cause you to call a premium rate toll number before you realized what was going on. Naturally I informed the mobile operator I was working with at the time about this. After some hushed impromptu meetings the consensus was to "sit on it".
This turned out to be the right decision, for the wrong reasons, because of the second factor that makes such malware viable, which is critical mass: It's all very well having the technology, in theory, to exploit or infect devices, but it's not much use if none of them bite, and this was exactly how things stood in the early days of the mobile Internet - Uptake was slow and of that, few ventured beyond the operator portal (assuming they even could).
The iPhone gave the mobile Internet a long overdue shot in the arm, but in doing so - and grabbing a significant share of the market - it has begun to fall foul to the same curse as Microsoft suffered from the mid-nineties onwards, which is when you're popular to create a target rich environment, everyone is going to write malware for you.
Of course, having a Nokia or an Android-based phone is not going to mean that you're immune. It will just mean that the chances of you getting infected are less, and for how long really depends on whether Apple can maintain their market lead in the smartphone market.
Either way, this long awaited Pandora's box has finally been opened. I can't wait to have my phone run at half speed because of the bloated anti-virus software I'll have to run on it in a year or two...
View all News & Opinion Items |