Feature-rich "smart phones" are proving to be nearly as dumb as personal computers when it comes to fending off viruses, hackers and other security headaches familiar to Internet users.
Hackers can scoop up calendars, contact lists and other sensitive information, or turn a mobile phone into a bugging device to secretly listen in on conversations. Mobile viruses that spread through the air can disable phones completely.
Few mobile phone users have been seriously harmed yet by security breaches. But experts say serious threats are likely to emerge as mobile phones evolve into tiny computers capable of communicating in a variety of ways.
"There is a very large pool of vulnerable devices already in use, and inevitably this will lead to issues with the owners of those devices," said Adam Laurie, a UK security expert who has uncovered several security holes.
"Problems like this are only just beginning to surface," Laurie said in an e-mail interview.
Because mobile providers like Cingular maintain tight control over their networks, users have so far largely avoided the spam, spyware and other hassles that plague computer users.
But that does not mean they are immune from other threats.
Laurie demonstrated last spring that he could copy the calendars and contact lists of 46 British lawmakers and turn their phones into bugging devices that could pick up nearby conversations, simply by hanging around Parliament and waiting for victims to walk by.
Laurie was able to tap into their phones using Bluetooth, a short-range wireless technology included on many new phones that allows users to zap each other their contact information, talk through their car stereos and sync up with computers without a cable.
Like the common cold
Bluetooth also allows viruses to spread through the air like a common cold.
The Cabir virus that surfaced last June is relatively non-toxic, anti-virus firms say. It requires the user to click "OK" before it installs itself, it does not harm the phones it infects, and it can only spread to one other phone until the host phone is rebooted.
Cabir has managed to spread to nine countries so far, paving the way for other, more harmful viruses.
Early computer viruses did little more than flood networks with unwanted traffic, but more recent viruses like Bagle enable criminals to secretly take control of infected computers and use them to commit identity theft or extort protection money from online businesses.
That pattern is emerging with mobile viruses as well.
A virus called Skulls disables phone applications and replaces their icons with a skull-and-crossbones symbol, while another disguised as a video game called Mosquito automatically places calls to toll numbers, according to descriptions by several anti-virus firms.
Anti-virus analysts at Kaspersky Labs in Russia are currently investigating a report that Lexus car stereos have been infected with a Bluetooth virus.
"In the future we can come across viruses for nearly any complicated device. Imagine your fridge throwing food in the microwave oven," Kaspersky spokesperson Olga Kobzareva said in an e-mail interview.
Some experts say mobile viruses are not likely to become as widespread as computer viruses because no single operating system predominates, unlike the 90% of personal computers that run some version of Microsoft Windows.
Only 1.8% of the 164 million mobile phones sold in the last three months use Symbian, the operating system targeted by virus writers, said Greg Mastoras, a senior security analyst at the anti-virus company Sophos.
"We do not think it is a big issue to think about right now," he said.
Nokia and Sony Ericsson offer patches for phones that have proven susceptible to viruses and Bluetooth hacks, and industry engineers now check for security holes before releasing new products.
Users can install anti-virus software on their phones, or simply place Bluetooth in "hidden" mode so it is not visible to other devices.
"We are trying to design the future in a way that will prevent as many hacks as possible," said Joe Farren, a spokesman for the Cellular Telecommunications and Internet Association, a Washington-based trade group.
But new headaches are likely to emerge as the industry consolidates around one or two operating systems and adds WiFi Internet capability, said Tristan Henderson, a research assistant professor at Dartmouth College`s Centre for Mobile Computing.
"Once we have cellphones that are connected to the Internet, someone sitting in China or Russia or anywhere can attack a cellphone in New York, and that will be fun," he said.
Share