Phone scams and virus ‘epidemic’ could be just round the corner

Boston, MA – Experts are warning that an epidemic of viruses and mobile phone scams could be just around the corner.

Researchers from Northeastern University used calling and mobility data from over six million anonymous mobile phone users to get a picture of the threat mobile phone viruses pose to users. The results indicate that a highly fragmented market has hindered outbreaks in the past. However, their work predicts that viruses will pose a serious threat once a single mobile operating system’s market share grows sufficiently large. This could happen soon, they say, given the 150 percent annual growth rate of smart phones.

“We haven’t had a problem so far because only phones with operating systems, so-called ‘smart phones’, are susceptible to viral infection,” explained Marta Gonzalez, one of the authors of the stydy. “Once a single operating system becomes common, we could potentially see outbreaks of epidemic proportion because a mobile phone virus can spread by two mechanisms: a Bluetooth virus can infect all Bluetooth-activated phones in a 10-30 meter radius, while Multimedia Messaging System (MMS) virus, like many computer viruses, spreads using the address book of the device. Not surprisingly, hybrid viruses, which can infect via both routes, pose the most significant danger.”

The study builds upon earlier research by the same group, which used mobile phone data to create a predictive model of human mobility patterns which was used to simulate Bluetooth virus infection scenarios.

The researchers found that Bluetooth viruses would eventually infect all susceptible handsets, but that there should be sufficient time to take countermeasures such as antiviral software to prevent major Bluetooth outbreaks. In contrast, spread of MMS viruses is not restricted by human behavioral patterns, but is constrained because the number of susceptible devices is currently much smaller.

Graham Clueley, senior technology consultant with security firm Sophos, agreed that if one operating system were to dominate it would make a ‘pandemic’ almost inevitable. But, he said, “The Apple iPhone is selling well, but I don’t see one single operating system dominating – we’ll see two or three.” He added, “They’re making so much money infecting Windows computers that that’s probably where they’ll continue to concentrate.”

 Mats Aronsson, senior busiess development manager for the mobile space with Symantec, agreed. “With the introduction of more open pnhones like Google Android, yes, we think mobile viruses will really spread – but not this year,” he said. He warned of a problem he condisered far more serious – SMS premium number scams. “An SMS message can cost up to £10,” he said. “All they have to do is own such a number for a short time and then get you to send an SMS message to it.”

He said that while such attacks have been known, they have tended to be small in scale. But, he said, he expects them to increase massively in the next year or two. “I think the hackers are testing their methods,” he said. “What’s significant is that now pretty much all of them are in it for the money – and this is the simplest way to make money.”

 The first mobile phone virus appeared back in 2004: called Cabir, it was designed to affect phones running the Seg system and was sent to a number of anti-virus companies rather than released in the wild.