The Hindu Business Line : InfoJack – the latest malware to hit handsets with Net connectivity

Pune, March 16 As mobile connections increase every month, users are unaware that there are 400 different malwares that can enter their handsets, jam them and even wipe out the data that has been painstakingly stored in it.

And with many of the handsets being used for connecting to the Internet using a wi-fi network or using bluetooth or infrared technology to transfer the data, mobile security has now become the buzz word.

Mr Wing Fei Chia, Security Response Team Manager, F Secure SecurityLabs, told Business Line that it all started in 2004 when the first virus, Cabir was found. Damage at that point was not very evident and all it did was to lessen the battery life.

“After that there has been a widespread increase in the number of malwares attacking the mobile phones and the favourite phones for attack seem to be the Symbian OS. About 389 malwares have been found in this,” he said.

He said that the latest to hit the mobile segment was the WindowMobile Trojan – InfoJack, detected as Trojan: WinCE/There have long been malicious downloaders on PCs, but this is the first to be discovered for mobile devices, he added.

InfoJack is a trojan affecting Windows Mobile devices that leak information from the device to a home server when the device connects to the Internet.

As a part of its activity, InfoJack alters the security settings on the device. This causes all software installations to complete without any warning of possible safety precautions.

The first part is attached to many (.cab) installation files containing legitimate software such as games, mapping software, etc. InfoJack pretends to be an additional set up programme. Once InfoJack has infected the device it waits for the device to make an Internet connection.

When the device is connected, InfoJack connects to its home server and downloads additional parts for its functionality. While doing so, it leaks information from the device to the server.

As a component of its functionality, InfoJack changes the security settings on the device to allow all software installations to complete without any warnings. InfoJack. was discovered in February.

Survey

A survey was also conducted by F Secure where over three quarters of the mobile users are aware that malware can infect a mobile device through the bluetooth but fail to have security software installed. On average, 28 per cent of all respondents said they use their mobile device to access the Internet, 86 per cent admitted to having no mobile security.

The UK had the highest percentage (47 per cent) of users accessing the Internet through their mobile device, while at the same time being the least likely to have a security product installed on their mobile phone.

Security risks

Most users are aware of the security risks involved with using the connectivity features on their phone: only 21 per cent regarded Bluetooth connections safe, and a mere 15 per cent were under the impression WiFi connections were safe.

Over half of those questioned felt it was up to the individual user to ensure that his phone was protected. A third expected this to be taken care of by their mobile phone carrier, with the US putting the greater emphasis on third-party responsibility.

Only 11 per cent of Germans believed their mobile phone provider should be in charge of security, compared with over 32 per cent in France.

Geographically the sources of mobile threats are spread around the globe with activity originating for instance in South-East Asia, Russia and South America. While the threat from mobile viruses remains low, there has been increasing activity with spyware applications for mobile phones.

Such applications make it possible to get covert access to all the functions of the affected phone, including recording of phone calls, access to messages and switching on the phone’s microphone for listening.

Mr Fei added that with smart phones increasing their presence in the market, F Secure was watching the Apple iPhone with a hawk’s eye.

About four lakh phones have already made their presence in the Asian market, though they require to be unlocked first. While smart phones represent less than 5 per cent of the total cell phone base, and form a small part of the 1 billion phones sold annually, the first virus has been created to abuse JAVA technology, which is used in more than half of the phones sold each year.

More Stories on : Viruses | Telecommunications | Internet

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page