Security Watch | Matt Hines » There's hope for stopping mobile malware

August 10, 2007 | Comments: (0)

There's hope for stopping mobile malware

TAGS: Security

With all the air miles that F-Secure Chief Research Officer Mikko Hypponen has been racking up traveling from his hometown of Helsinki to security events in the U.S. over the last several weeks, he may soon outrank countryman and star F1 driver Kimi Raikkonen as the world's most prolific "Flying Finn."

But if he's wiped from all the travel -- which has included trips to Black Hat and Defcon in Las Vegas last week, a quick dip home to see his family, and a return over the pond to speak at the Usenix Security Symposium in Boston this week, where he presented yesterday -- it certainly hasn't infected his outlook.

Because after years of warning the world about the imposing threat of viruses designed to target mobile devices -- an effort which F-Secure has been involved in since as far back as 1999 -- Hypponen said he actually feels that there's a good chance that the threat of mobile malware may not be as severe as it was once believed to be.

F-Secure jumped on the handheld security bandwagon early in the game because its headquarters is roughly 2 miles away from that of Nokia, said the expert, whose home collection of stand-up arcade video games wowed the Usenix crowd almost as much as the depth of his research.

But all things considered, he said, there may now be more proof than ever that mobile malware will not be as troublesome as the threats that have assailed our PCs.

"The message that I'm passing along is that if we play our cards right, things really might not be so bad on mobile devices," Hypponen said in a sit down with InfoWorld. "There will be attacks, but since the industry hasn't waited ten years to do something about it, as we did with PCs, the problem shouldn't be nearly as bad."

The researcher said he's been spending a lot of time with handset manufacturers and wireless carriers testing for security problems in the field, and that those companies have become very comprehensive in addressing the potential for malware attacks.

Based on what he has observed in those companies' plans, and their existing technologies, he said that the average handheld is actually far more secure today than any other type of widely-adopted computing device.

Even the Symbian operating system -- which has been assailed by far more malware threats than any other mobile platform on the planet -- is far more secure than something like Microsoft's PC-based Windows platforms, and many other less porous technologies, he said. And for the record, so is Microsoft's own Windows Mobile OS.

"I'd compare Symbian favorably to any other OS on any type of device in terms of security," he said. "It has a lot of features that don't exist in other operating systems that make it very effective to that end, such as the fact that there's no capability for applications to install themselves without user interaction by default, which has proven to be pretty effective."

If technology providers continue to make such smart decisions in designing their products-- which he believes to be a reasonable possibility -- Hypponen said that mobile malware might not ever be that bad after all.

"I'm pretty confident that if things continue to progress as they have we might be able to keep this whole issue at bay and keep these devices secure," he said.

Alas, that doesn't mean that mobile devices will get off the hook completely. As with the types of viruses seen already on Symbian, there will be many attempts to fool end users with social engineering attacks that try to trick them into downloading troublesome programs, he said.

The expert believes that many of these will involve scams that try to lure users into paying for pricey text messaging programs or that download automated phone dialers which ring toll numbers controlled by fraudsters. Unfortunately all the good technology in the world can't save people from their own stupidity it would seem.

In parts of Asia where mobiles are already being used as wireless RFID payments tokens, the biggest threat has been physical theft, Hypponen said. As those types of systems arrive in the west, there will be more people who try to steal the handhelds or find ways to hack the payment systems, he believes.

And watch out iPhone users, Hypponen contends that there is a 90 percent chance that there will be viruses developed to target the popular devices based on the amount of security research being devoted to the platform and the knowledge that users of the $500 Apple handhelds probably have something to steal.

Hypponen flew out of Boston Thursday night and he'll arrive back in Finland sometime Saturday morning if everything goes as planned. You can say whatever you want to about the guy's research conclusions, but there's no question that he's an expert in mobility.

Posted by Matt Hines on August 10, 2007 06:20 AM

RATE THIS ARTICLE: