Protecting Mobile Devices from Hackers

Mobile users can now read e-mail, communicate with the home office, and surf the Web through wireless handheld devices. But new opportunities for users mean new opportunities for hackers, too.

 By Paul Korzeniowski
Page 1 of 2
Print Article

Wireless networking is emerging as the next big networking wave. With handheld devices becoming more functional, and networks delivering more bandwidth, a raft of both start-ups and established companies have been delivering new software and services so mobile users can read e-mail, communicate with the home office, and surf the Web.

As network managers busily upgrade their networks to support such features, they should also be aware of the technology's downside: Hackers can use these new connections to break into corporate networks, destroy files, chew up computing resources, and force security managers to spend time downloading software fixes. Such problems are a recent phenomenon, one expected to increase along with acceptance of mobile computing. However, there are steps that companies can take to help prevent problems, and analysts recommend they start this process sooner rather than later.

Attacks Are Inevitable

There haven't been a lot of instances yet when hackers have targeted mobile devices; but that should change in the next year or two, so companies should be prepared, stated Johnny Chin, president of Onesimus Enterprises International Inc., a Staten Island, N.Y., network equipment reseller.

The first such attack occurred in May 2000 when a European hacker developed Timofonica, a program that sends bogus messages to cellular phones. Although the software actually runs on PCs rather than phones, it was the first time a virus had been developed to affect the latter.

At the end of August 2000, the first case of harmful code running on handhelds occurred. A software developer posted a Trojan horsewhich enters a device and deletes data but cannot replicate itself like a viruscalled the Liberty Emulator. It attacks the Palm OS, which is used in the popular handhelds from Palm Inc. in Santa Clara, Calif.

Ironically, this problem stemmed from Palm's open source work, where the vendor published information about its software so developers could improve it. The author, Aaron Ardiri, a Swedish developer, said his application was designed to emulate a product he was working on. After he shared the Liberty Emulator online with developers, he discovered someone had misused the software.

The hacker relabeled the program so it looked like an application designed to crack open the Palm's Gameboy Emulator. Unsuspecting video game aficionados downloaded the code and discovered their files were erased. It is difficult to determine the amount of damage the Trojan horse created, because few of the downloaders would freely admit to attempting to crack the Gameboy Emulator software.

"With handheld devices gaining popularity, they are becoming more viable targets for hackers. "

Attacks Limited So Far

To date, attacks on mobile devices have been limited for a couple of reasons. Hackers want to get as much exposure as possible, so they target well known systems like Microsoft's Windows NT and Outlook where their software can create widespread problems, said Caren Nachenberg, chief researcher for the anti-virus unit at Symantec Corp., in Cupertino, Calif.

Another factor is that these systems are well understood. Microsoft publishes information about its products, and an army of third parties tinkers with them, so their inner workings become well known. Although this information helps vendors design add-on products, it also presents hackers with a clear picture of how the software functions so they can attack any vulnerabilities. To date, that has not been the case with handheld devices. Because they are so new, not much documentation exists about them.

With handheld devices gaining popularity, they are becoming more viable targets for hackers. We've seen a progression with other devices: First joke programs arrive, then a few Trojan Horses, and last viruses, said Ryan McGee, a product marketing manager at Network Associates Inc., in Santa Clara, Calif. We've seen jokes and now a Trojan horse for handhelds so I would expects viruses to emerge soon.

This article was originally published on Nov 26, 2000
Get the Latest Scoop with Networking Update Newsletter