With many school leaders now using so-called “smart phones” to keep in touch with the central office as they travel from school to school or patrol the hallways, the emerging threats that are targeting these devices–such as cell-phone viruses and mobile spam–should be of growing concern to schools.
Consider the example of Sedef Onder, owner of an advertising firm in New York City.
Late on many Friday evenings, her mobile phone goes off, signaling receipt of a text message announcing the time and place of a hot club party evidently geared toward students. Sometimes the notice comes as a voice mail, with a raspy male voice and techno music blasting in the background.
“At least with eMail, there is a junk mail folder,” Onder told the Wall Street Journal (WSJ) for a story last week.
The indispensable cell phone is becoming more vulnerable, WSJ reports. At the same time, both wireless carriers and traditional security companies are stepping up efforts to fortify what they say are hackers’ next big targets: the multipurpose cell phones and “smart phones” consumers keep glued to their hips.
The still-nascent threats are twofold. Mobile spam–an annoying interruption or, more seriously, a new tool for identity thieves–is growing more prevalent. The threat has been underscored by recent scams, sometimes known as “SMishing,” where spammers use text messages to trick users into disclosing personal information. In one recent attack, a message asking recipients to register for an online dating service attempted to sneak a virus onto users’ machines. In addition to virus-types such as “worms,” which can spread through and disrupt a network, other scams are surfacing, too–including mobile spyware that, once downloaded to a phone, can listen into conversations.
While instances of such threats are rare (there are more than 600 known computer viruses for every known mobile virus, according to internet security firm Symantec Corp.), leading security companies are offering new technology for consumers wanting the added protection. The products are still in their early stages and are available only for certain phones and devices.
Symantec recently launched a new version of its mobile antivirus software for devices running the Windows Mobile operating system. It has new features such as scheduled scans, the ability to quarantine suspicious messages, and real-time auto-protect, which scans files continuously in the background.
Last month, McAfee Inc. expanded the availability of its mobile security suite to a broader range of devices. It blocks potentially malicious text messages and can detect and clean potentially infected files before they are run.
In addition, F-Secure Corp. of Helsinki, Finland, says it soon will launch new antivirus and firewall software for the latest smart phones. The firewall software will protect devices by allowing the consumer to select from predefined security profiles. When the security level is set to “high,” only business-critical applications, such as eMail and web browser, are allowed to send and receive data.
Cell-phone service providers also are addressing the problem, hoping to nip it in the bud before consumers consider changing or downgrading their plans.
Verizon Wireless, jointly owned by Verizon Communications Inc. and Vodafone Group PLC, recently sued several unknown operators caught sending SMS spam to their subscribers, most recently after an outbreak in October when tens of thousands of subscribers received unwanted text messages advertising discount prescription medicines and pumping a specific company’s stock.
Sprint Nextel Corp. has been refining its network filtering technologies, and a spokesman for Cingular Wireless, a joint venture between AT&T Inc. and BellSouth Corp., says the company plans to begin making antivirus software available to customers with certain phones.
The new security products are taking aim at the new threats by being more flexible. Most new software can receive updates about potential new viruses over the air, eliminating the need for customers to download new software every time a new type of threat is detected. Companies are also trying to boost consumer adoption by building their software for a broader range of phones, which vary widely as to which types of applications they can handle.
Like similar software for computers, the applications must be downloaded–either from a mobile web site or through synching with a desktop. The programs then automatically scan file types such as eMails, documents, or text messages that might be infected in the background, typically displaying an icon at the bottom of the screen to indicate they are active. When something trips the system, a window pops up identifying the file as one whose purpose might be to steal information from or crash the device and warning the user not to launch it.
The applications aren’t yet as sleek and seamless as their computer counterparts, in part because mobile phones have smaller interfaces, less processing power, and lower memory capacity. But with more phones able to run more complex applications with computer-like vulnerabilities, organizations and individual consumers are increasingly realizing that mobile security ought to encompass more than safeguarding data.
Even spam text messages–of which U.S. consumers will receive about 800 million this year, up from 500 million last year, according to Ferris Research Inc. of San Francisco–are more than an inconvenience. Consumers are charged for receiving text messages, and a flurry of fakes can be a persistent interruption, causing one’s phone to go off with each successive piece of spam.
Meghann Marco recently had to switch phone numbers after she found herself barraged with fraudulent messages peddling new home loans or containing just pure gibberish. Cingular allowed her to switch her number at no cost. “It was a huge mess, but it was better than a flood of messages from escort services,” says the 26-year-old writer from Brooklyn, N.Y.
The threat of a mobile device catching an unwanted bug is still small. At this stage, many security analysts advise that consumers ought not to bother with stand-alone software, which costs around $30 for a year’s license and has to be downloaded to the vast majority of devices separately. Prudence such as shutting off your phone’s Bluetooth reception when you don’t need it might be caution enough.
Preferring to be safe rather than sorry, Rod Trent recently downloaded Computer Associates’ eTrust antivirus software, which costs him around $30 a year, to his $500 Samsung smart phone. But since then, about once a week he gets a pop-up screen telling him he is low on memory and needs to close an application. “It makes me feel protected, but I am thinking of removing it anyway,” says Trent, who runs an online forum for computer technology administrators.
Complaints that mobile antivirus software affects device performance aren’t unusual, says Sam Curry, vice president of security management for Computer Associates, and new versions will be faster and lighter, he says.
Sprint Nextel Corp.