High-Tech Handsets are Hacker Bait

(page 2 of 3)

The study also predicts that revenue from mobile data and file encryption products will outstrip the PC market in four years.

The growing worldwide popularity of Wi-Fi is yet another factor in the security equation. New data released in December by In-Stat and the Wi-Fi Alliance predicts Wi-Fi chipsets sales in devices such as PCs and mobile phones will hit 200 million units by the end of 2006 and 500 million units annually by 2009.

"Wi-Fi has continued to be a networking technology of choice both in the home and at work," said Gemma Tedesco, In-Stat senior analyst. "The 25% growth rate seen in 2006 reflects the technology's expanding usefulness for a wide variety of applications and devices, as well as ongoing user enthusiasm for the technology."

However, many Wi-Fi networks are not totally secure. Couple that with more sophisticated wireless devices, most embedded with intelligent features, used on those networks and a major security issue emerges, security experts point out. They view PDAs and cellphones as an especially enticing entry point - and one that is more difficult to protect - for hackers, spammers and malware enthusiasts.

"We are ending up with end points [to the network] that are much less capable of defending themselves," warns Keith White, managing principal for security in Asia-Pacific for Alcatel-Lucent. "These devices don't contain enough power for adequate defensive software. Our view is that the service providers are going to have to take more responsibility."

"There is going to need to be a more holistic approach to security," warns SSH's Adams. "You need to provide security all the way to the end device and protect both ends of the network."

White said a recent survey conducted by Alcatel-Lucent of 4,000 mobile users in Australia found that security could be a differentiation point for service providers - and that users might be willing to pay for it. "There is so much malicious code and other bad things out there," said White. "We found that 86% of the respondents believe the service providers have to provide more protection. And 72% said they would be willing to pay for it."

White sees wireless security as a growing threat propelled by applications such as wireless VoIP and the mobile operating systems themselves. He notes that between 1999 and 2003 there were between 2,000 and 3,000 network vulnerabilities identified annually; between 2004 and 2006 that figure jumped to 5,000 annually.

"IP networks are the Wild West," warns White. "Anybody with the knowledge has the capability of being a hacker."

He is already seeing more attempts to intercept wireless traffic through "main-in-the-middle attacks" where hackers try to sniff out users' passwords on Wi-Fi networks. There have also been more malicious denial-of-service attacks. "Hackers are becoming much more focused," says White. "There are a range of new attacks focused on financial gain."

"Mobile devices are becoming digital wallets and identities," says Symantec's Miller. "Mobile attacks are happening now more for financial gain than simple notoriety." He notes that premium SMS attacks can drain users' accounts, especially as mobile devices become payment instruments, a trend he calls Pranking4Profit.

White also warns that as mobile devices are used for applications as vending machine scanners, toll tags and other e-commerce uses, their attractiveness to hackers and spammers will only grow. "When a mobile phone becomes an object of stored value, people will look at it differently," he says.

Trend Micro's Thiemann notes that currently most mobile handheld attacks are centered on the Windows Mobile and Symbian operating systems because they are the most widely used. "The most popular handset platforms are the most likely to have vulnerabilities exploited," he says, drawing a parallel to the PC world, where hackers concentrate on Windows vulnerabilities.

However, he and other security experts warn that it isn't just the simple consumer transactions that malware enthusiasts are interested in - it's access to corporate networks and individual identities. Symantec's Miller points to the sudden rise of "snoopware,"