• Sep 2010
• 
• about asa
• 
• advertise
• 
• subscribe
• 
• Xl Magazine
• 
• contact us
• 
• search

Online CPD Articles
Feeling a bit sick – Mobile viruses

With the launch of new cheaper smart cellphones, people are using more sophisticated devices; using more complicated features such as web browsers; e-mail, instant-messaging and multimedia-messaging capabilities and short-range wireless technology. These features provide new entry points of attacks. Many of these devices are complicated and it is becoming harder to identify the symptoms whether a cellphone is infected, but failing to identify consequences could have dire implications.

Part one (to be published in March hard copy) of the two parts article outlined mobile viruses and the possible avenues of attack. This second part focuses on the risks and consequences you might be exposed to and recommends possible tips to mitigate these risks. As with part one, it is the purpose of these articles to make you aware of mobile viruses. It is neither meant to be a technical explanation, nor is it meant to be comprehensive. It discusses mobile viruses in general terms.

In both articles, the term ‘virus' is used as a general term, although this is used incorrectly. We should be discussing ‘malicious software (better known as ‘Malware')', which encompasses various techniques used by hackers to obtain unauthorised access to a cellphone. There are five major entry points for hackers to obtain access to your data, messaging; WAP browsers; wireless capabilities; USB devices and other removable devices and memory cards and open platforms.

Evolving into a threat: Consequences

Most viruses are released primarily as ‘proof-of-concept' code, so that hackers can show that a phone can be hacked or infected. This is changing. In general, mobile viruses cause harm by disabling phones, increasing a victim's phone bill by automatically sending messages or making long-distance calls. These consequences are discussed below and can be summarised in Table 1.

(Shih, Lin, Chiang & Shih 2008)

• Economic loss: Attackers could skim cash by sending messages to premium service numbers run by an attacker. 
• Information theft and loss of privacy: The uses for cellphones have increased; containing more and more personal and corporate data. Hackers attack cellphones to obtain static information such as address book content, programs stored et cetera. Information may also be edited, deleted etcetera.

With cellphone banking growing in popularity, some cellphone users store their passwords, credit card information and other financial information in electronic wallet software. Hackers could also use the device to log into systems with the cellphone owner's authorisation credentials. An attacker can defraud a victim by using his credentials to transact.

• Functionality: Three consequences arise that could impact on the functioning of a cellphone.
• Theft of service: Some malware may attempt to hijack a victim's cellphone resources, making calls, sending messages, using wireless technologies et cetera in moderate portions without the victim becoming aware of it. The victim carries the cost.
• Denial of service: Deliberate attempts to flood the cellphone and drain resources can occur either by attempting to overwhelm a specific application, such as the Bluetooth facilities by sending repeated pieces of information, corrupted packets and incorrect file formats to applications in order to attempt to crash the phone. Another form is to continually keep the cellphone active to drain power and exhaust battery life.
• Utilisation of resources: Viruses may also take up resources in the form of memory space and affect performance. A form of this is when vulnerabilities in the operating system or other applications are exploited which could result in buffer overflows, when the application sends more data to the phone's memory than the device can hold. This affects the phone's performance.
• Unsolicited information: Information attacks can also work in another direction. Attackers can attack cellphone users with spam, advertising. SMS phising is also on the increase as shown by the extract from The Cape Argus.
• Inconvenience: At a minimum, the virus could take up time and money to remove.
• Alternative access routes: These features, discussed in previous sections, provide a new entry point to computer hackers. Rather than affecting or infecting the phone, a cellphone can also become the medium of transmission, where a PC virus is transferred to the device and then downloaded to the PC.

Heading-off the tiny invaders: Safeguards

Researchers are working on ways to combat mobile threats because in a few years time, smart phones might represent the majority of the world's computers (Lawton 2008). Many of these users would not realise the need for computer-level security. When it comes to protecting against cellphone viruses, remember modern cellphones are computers and should be treated as such. The following tips need to be kept in mind:
Prevention is better than cure

Traditional protection mechanisms and common sense should be implemented and used, such as:

• If your phone has the capabilities to download applications, install traditional measures such as virus scanners, firewalls and employ encryption. These security measures must be updated regularly. Moreover, a full cellphone scan should be performed regularly.
• Scan your memory cards before inserting it into your phone or PC.
• Educate your employees on cellphone security and encourage them to remain informed about the latest threats by subscribing to, for example, newsletters and discussion groups.
• Understand the security features of your phone and those provided by the service provider by reading the manufacturer's guide or visiting the cellphone company's website.
• Use a phone, as a phone. If you do not need a smartphone, do not acquire one.

When you get your new cellphone

Set-up your cellphone carefully, alternatively deactivate unnecessary functions, such as Bluetooth, WAP applications, if the functionality is not required. A couple of settings to consider include:

• Avoid the use of device pairing, otherwise set all paired devices to “unauthorised”. This requires that each connection request is approved by the device owner. If device pairing is used, re-configure the pairing password and change it regularly.
• Change your cellphone's visibility settings to hide your Bluetooth visibility to only appear to authorised devices.
• Limit the access other Bluetooth devices are allowed to designated folders.
• Lock your cellphone calling availability by password protection.

Using your new cellphone and running applications

Most new cellphones allow the downloading of files, executing of applications amongst others. The following need to be kept in mind.

• Do not download files and applications, Warez or shareware and content from questionable sites. Rather use known, approved reputable sites or your service providers. Similarly, do not subscribe to services for ringtones, wallpapers et cetera unless approved by a service provider.
• Do not open SMS's and MMS's from unknown, suspicious or untrustworthy sources and be cautious of messages that, for example, contain jokes, picture downloads. Similarly do not accept attachments unless you have requested it and know the provider, know what it is. Thus do not believe messages to download, install or open files. Moreover beware of clicking on links.
• If a request to install a file or message is received via Bluetooth, do not accept the request or message.

Take two of these and give me a call in the morning, if you are still infected

When an attack takes place, it is better to identify the threat and react swiftly.

• Notify your cellphone provider immediately if you suspect your cellphone has been hacked or contains a virus.
• Review you phone bill for unusual numbers, calls and charges.
• Users can protect themselves from data-loss by synchronising their phone with their PCs thus making backups.

Conclusion

Today, cellphone viruses are not a big deal. But if you think your phone will always be safe... Think again. Alternatively...avoid technology and stick to a simple cellphone that won't become sick.

Reference

Barnes, C. 2008. MTN probes scam SMSes offering 2010 prize. The Cape Argus. 23-Dec-08.

Lawton, G. 2008. Is it finally time to worry about mobile malware? Computer. May-08. pp. 12-14.

Leavitt, N. 2005. Mobile phones: The next frontier for hackers? Computer. Apr-05. pp. 20-23.

Lemos, R. 2006. A Moving target. PC Magazine. Jun-06. p. 124.

Meserve, J. 2005. Is your cell phone at risk? Networkworld. Apr-05. pp. 48-50.

Shih, D., Lin, B., Chiang, H. & Shih, M. 2008. Security aspects of mobile phone viruses: a critical survey. Industrial management & Data systems. Vol 108(4) : 478-494.

Riaan Rudman and Elza Johnson, Stellenbosch University 

• Print this article
• View more articles from the 'in brief' section.

Submit a comment
First Name:	*
Comment:	*
	Items with * are required.
Anti-Spam Policy
To complete your post please type in the words that you see in the image below. (Note: The image is case sensitive.)  Generate new Code

Comment(s)

• No comments have been made.

• CPD Verifiable Articles
• EXECUTIVE COMPENSATION (15min)
• ENGAGEMENT QUALITY CONTROL REVIEW (15min)
• CONSUMER PROTECTION ACT (30min)
• COMING TO TERMS WITH ISA 265 (15min)

• Additional CPD Articles
• ONLINE CPD ARTICLES
  The turnover tax party - are you invited?
• ONLINE CPD ARTICLES
  Keeping sane in Dilbert's world
• Online CPD Articles
  Feeling a bit sick – Mobile viruses
• ONLINE CPD ARTICLES
  Conflict between shareholders and management: Can share options align their interests?
• ONLINE CPD ARTICLES
  Proposed Companies Bill to Ease Audit Requirements for Non-public Companies
• ONLINE CPD ARTICLES
  Accounting for minority BEE transactions?

• Latest Comments
• i'm currently studying for a corporate law diploma and had to do an essay on the strenghts and weaknesses of business rescue. the article has been of great help since I didn't have enough time to do research due to my work overload and keeping my 18 month old boy happy. I got 82% on the essay. thanx a million
  read more
• I would like to be part of the learnership for accounting for next year i am available at any time convinient to you.
  read more
• A warranty on a repaired item becoming void if it is abused or if normal wear and tear is determined should apply to new items as well and not just repaired items
  read more
• Awesome article, this has been very helpful!
  read more
• The argument blaming directors of insider trading based on the fact that share prices traded lower after the directors hedged their shares does not hold water. Correlation does not automatically imply causation. A likely reason for the share performance drop is the signalling effect of the act of the director hedging their shares. This action would lead investors to be sceptical about the prospects of the shares and hence those shares would trade lower.
  read more

• Latest What to Watch