After Five Years, Apparently The Mobile Virus Flood Is Really Coming This Time

from the we've-been-waiting dept

Thu, Apr 23rd 2009 8:20pm — Carlo Longino

For about five years, there's been an effort to whip up hype around the supposed threat of mobile viruses and malware. Pretty much all of that hype's come from anti-virus vendors, so it's been pretty suspect, particularly as this threat they've been hyping for so long has failed to materialize. It's true that there have been quite a few pieces of mobile malware, but they've failed to spread for a number of reasons. The biggest factor is fragmentation: different vendors use different operating systems on their phones, rendering all sorts of software, including malware, incompatible from one handset to the next. Mobile operators also play a part, since it's relatively easy for them to filter out malware traveling across their networks via SMS. In short, the mobile environment is vastly different from the PC world when it comes to security, so it's unreasonable to think that malware will operate in the same way in both.

Some academic researchers are now saying that the only thing holding back a tidal wave of mobile malware is that no single operating system has sufficient market share, but once one hits 10 percent, phones running it are dead meat. But that argument doesn't wash, nor do the researchers' claims that an MMS-based virus could infect an entire population of devices in a matter of hours. First, the market share figure doesn't make a lot of sense, given that platforms like Nokia's Series 40 already feature in hundreds of millions of devices, creating a large target population. Second, MMS messages still have to travel through operators' servers, so they're much easier to scan for malware than PC-based communications. As long as operators' malware filters are working as they should, it won't be too difficult to stop the spread of an MMS virus. But perhaps the biggest factor holding back mobile malware is that there really isn't any money in it for virus authors. Botnets of mobile phones aren't much use for sending out spam, and generally, the money trail created by any sort of premium-message scam can be relatively easily tracked. The closed nature of mobile networks and mobile devices makes them much less susceptible to malware than internet-connected PCs, and no amount of hype will change that.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: mobile viruses

13 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 23 Apr 2009 @ 9:07pm

So is this an argument for keeping phones in walled gardens?
[ link to this | view in chronology ]
- Mac support, 20 Apr 2018 @ 5:01pm
  
  I want to get the reply on this website
  I also face the same problem while I open my website, want to get the answer to the website.
  [ link to this | view in chronology ]
Allen (profile), 23 Apr 2009 @ 9:12pm

I agree although I expect that the vector for mobile phone malware of any large volume will be the browser rather than MMS/SMS. And even then I would expect it more to be a case of collateral damage as the malware attempts to exploit a vulnerability in the shared source.

I'd like to add that as long as usage based billing continues, the first monthly bill after being infected is going to be a pretty strong incentive to address it. I wonder how successful botnets would be if home broadband were charged by the MByte.

Finally, like MACs, malware for mobiles is going to be a niche market. Why bother when there are so many internet connected WINTEL computers out there connected to all you can eat broadband?
[ link to this | view in chronology ]
Eadwacer, 23 Apr 2009 @ 9:26pm

So, is the threat real?
Sounds like the text belies the headline.
[ link to this | view in chronology ]
- Frosty840, 23 Apr 2009 @ 11:19pm
  
  Re: So, is the threat real?
  Based on previous headlines, I took the "Really" to be sarcasm, which makes it fit.
  [ link to this | view in chronology ]
whitemouse, 24 Apr 2009 @ 12:28am

it might not be possiblte MMS wise...
But "Viruses spread by Bluetooth could reach all users of a given OS in days, whereas those spread by multimedia messages could spread in just hours." BBC News
Bluetooth is not regulated...
But yes you'd have to be pretty stupid to let someone you didn't know send you a bluetooth file.
So I expect it to spread like wildfire
[ link to this | view in chronology ]
Andrew, 24 Apr 2009 @ 12:33am

Disagree
> Botnets of mobile phones aren't much use for sending out spam

Maybe not email spam, but they could be used to send SMS spam.
[ link to this | view in chronology ]
femtobeam, 24 Apr 2009 @ 1:38am

Mobile Security
Mobile devices are becoming embedded ones and much smaller. They can be in the material on your clothes or your body. The mobile systems are evolving into broadband terrestrial in addition to satellite systems and many of the MMW antennas are using fiber between them. Thus they are no longer traditional mobile networks but are ad-hoc. Are you ready for remote health, or the ability to massively control heart pacemakers and the like, for the masses? A botnet, bluetooth or not, will become spam and worse directly to your person. We can't afford any system which is not secure.
[ link to this | view in chronology ]
Ben (profile), 24 Apr 2009 @ 8:40am

Bluetooth
Most people I know leave bluetooth disabled (because of the comparatively massive power drain) unless they're specifically connecting to another device... so any virus using bluetooth as a vector will have a serious constraint over timing and opportunity of transit.
[ link to this | view in chronology ]
Christopher Smith, 24 Apr 2009 @ 8:58am

False premises
This line of reasoning tends to assume that $PLATFORM will be as easy to write malware for as Windows is. While writing secure software is certainly difficult, it's also entirely possible. (The claim that Windows has the viruses only because of its market share is easily refuted by looking at the Apache Web server...)
[ link to this | view in chronology ]
anymouse, 24 Apr 2009 @ 11:27am

following the money
Okay,

I think I need to patent the business model of increasing revenue by creating malware/virus/trojans that infect mobile phones, with the real intent being to increase monthly data/message usage, and thus increase those revenue sources in the mobile phone industry.

When it comes out in a few years that the first 'mobile phone virus' was really created (via contracted outsourcing of course) by the same mobile phone company that sold the phones in the first place, with the only intent being to squeeze more money out of their sheeple(tm), you can say you read it here first.....

Flips tinfoil hat to shiny side out - it works better that way on sunny days.
[ link to this | view in chronology ]
Steve, 26 Apr 2009 @ 8:24pm

Despite whether you think mobile viruses were a 'within the system' creation to squander revenue or not, the threat is real. As people increase the portion of their banking/etc. they do using smart phones, this is going to be more critical. It's hard to find information on mobile digital security but I did have success here*. Lots of information.
[ link to this | view in chronology ]
Krevco (profile), 29 Dec 2009 @ 8:17am

Is it a virus flood? In my experience it is more of a case of peopel accidentally introducing malware to their devices because of external devices and memory cards, or getting malware from bad apps. I have not heard of any real virus issue on any mobile devices..
[ link to this | view in chronology ]