Associated Press
NEW YORK – For malicious computer hackers and virus writers, the next frontier in mischief is the mobile phone.
A phone virus or “Trojan horse” program might instruct your phone to do extraordinary things, computer security experts say.
It might call the White House or the police with a bizarre hoax.
Or it could simply eat into the phone’s operating software, shutting it down and erasing your personal information.
Similar nasty hijinks have already dogged cell phone owners in Japan and Europe.
“If a malicious piece of code gets control of your phone, it can do everything you can do,” said Ari Hypponen, chief technical officer of Helsinki-based F-Secure Corp., a computer security firm. “It can call toll numbers. It can get your messages and send them elsewhere. It can record your passwords.”
As cellular phones morph into computer-like “smartphones” able to surf the Web, send e-mail and download software, they’re prone to the same tribulations that have waylaid computers over the past decade.
“We should think of cell phones as just another set of computers on the Internet,” said Stephen Trilling, director of research at antivirus software maker Symantec Corp. “If they’re connected to the Internet they can be used to transmit threats and attack targets, just as any computer can.”
In Japan, deviant e-mail messages sent to cell phones contained an Internet link that, when clicked, caused phones to repeatedly dial the national emergency number – equivalent to 911.
In Europe, handsets’ short message service, or SMS, has been used to randomly send pieces of binary code that crashes phones, forcing the user to detach the battery and reboot.
In the United States, relatively primitive cell phone technology keeps users immune from such tricks, for now.
Phone hacking is nothing new. In the 1970s, so-called “phone phreakers” made free phone calls – and even gained control of major phone trunk lines – by whistling certain tones into the receiver.
Now, at least three software companies have released personal security software for emerging smartphones, girding for a new wave of phone viruses and tricks.
Hypponen’s F-Secure is one such firm, selling antivirus and encryption software for smartphone operating systems made by Palm, Microsoft and the Symbian platform common in Europe.
Thus far, there have been no publicized reports of phone hacking or viruses, although viruses have attacked handhelds running the Palm operating system. Microsoft predicts deviant code will soon emerge for handhelds running its Pocket PC software. Both operating systems are expected to be used increasingly in smartphones.
A virus is a piece of malevolent code that self-replicates, while a Trojan horse does not but can be just as destructive. The pranks in Europe and Japan created virus-like havoc, but did not propagate like a full-fledged virus.
For virus writers who crave notoriety by wreaking maximum havoc, there are still too few smartphones, and no widespread software platform to attack, Hypponen said.
That is starting to change.
Until recently, cell phone operating systems were “closed,” unable to download software. But new smartphones – like the Nokia Communicator, Handspring’s Treo, Motorola’s Java Phone and Mitsubishi’s Trium-Mondo – are open to such third-party downloads.
At the same time, software developers’ tools available for designers of such programs as games and currency converters can also be used to create malicious applications, Hypponen said.
Cell phone users can avoid this, of course, by sticking with their old “dumb” phones, said Alan Reiter, a wireless consultant in Chevy Chase, Md.
“There are trade-offs,” said Reiter. “Do you want a phone with a tiny monochrome screen where you can only make phone calls? That’s much more secure.”
Copyright ©2002 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.