Cell phone worms and VoIP fraud are among the top 10 security threats to watch next year, according to a panel of experts assembled by the SANS Institute.
The panel’s findings were released Sunday at the SANS Network Security 2006 conference in Las Vegas.
Cell phone worms will infect at least 100,000 phones in 2007, jumping from phone to phone over wireless data networks, the experts noted.
“Cell phones are becoming more powerful, with full-featured operating systems and readily available software development environments,” they said. “That makes them fertile territory for attackers fueled by cell phone adware profitability.”
Hackers Looking for Value
Malware aimed at mobile phones has been seen in the past, but it has not been considered a serious problem. That will change, contends SANS Director of Research Alan Paller.
“No one could figure out why writing a cell phone worm would be useful,” he told TechNewsWorld, “but it turns out that it is extremely useful, because people are now doing their e-mail on their cell phones.
“So a worm in a cell phone can be a way to do phishing exercises, for example, to steal people’s passwords and user names,” he continued. “It can also be a way to launch denial-of-service attacks.”
Hard to Attack
However, cell phone malware may be years away from becoming a problem.
“The challenge with cell phones is that there isn’t a ubiquitous operating system,” Gregg Mastoras, a senior security analyst with Sophos, told TechNewsWorld.
“We’re not talking about computers where Microsoft owns 95 percent of the world,” he continued. “Cell phones have plenty of different operating systems, and for that reason, they’re much harder to attack on a large scale.”
To date, only 100 cell phones that have been attacked have become infected, he estimated.
Not Where the Money Is
“Attacks happen because people want to go where the money is,” Mastoras asserted. “I’m not sure that cell phones are where the money is right now.”
There aren’t a lot of mobile malware varients appearing on a weekly basis, added David Marcus, security research and communications manager for McAfee Avert Labs.
“But, prevalence will grow as more and more people use their phones for data and confidential information,” he told TechNewsWorld.
Stealing Dial Tone
Another trend to watch next year is compromising Voice over IP (VoIP) phone systems.
Hackers have begun penetrating VoIP servers and selling dial tone as if they were a phone company, noted Paller. “The hackers collect the money from the people that use it, while the company operating the servers gets the bill,” he said.
“A lot of medium-sized companies are putting in Voice over IP,” he observed. “They are doing it without any sense of security, so they’re easy pickings.”
Lag in Niceties
As they do with any new technology, vendors are concentrating on getting VoIP onto the market with the desired features, asserted Robert Richardson, director of the Computer Security Institute.
“The protocols for setting up telephone calls were designed without very much attention to security threats,” he maintained.
One thing that traditional telephony systems have is a really good call accounting system, he added. A company with a traditional switch can pull up a report that will show anomalies in usage.
“On the VoIP side, those kinds of niceties have lagged,” Richardson said.
In addition to cell phone viruses and VoIP attacks, other trends SANS recommends watching next year include the following:
- Laptop encryption will be made mandatory at many government agencies and other organizations that store confidential data.
- Targeted attacks will be more prevalent, in particular on government agencies.
- Congress and state governments will pass more legislation governing the protection of customer information.
- Spyware will continue to be a huge and growing issue.
- Zero-day vulnerabilities will result in major outbreaks resulting in many thousands of PCs being infected worldwide.
- The majority of bots will be bundled with rootkits.
- Network Access Control will become common and will grow in sophistication.
- Theft of PDA smartphones will grow significantly.