return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Convergence of PCs and smart mobile devices falls prey to a new generation of attacks ]

Convergence of PCs and smart mobile devices falls prey to a new generation of attacks


Watching the convergence of PCs, now that laptops consistently outsell desktops, and the sector of "mobile devices with an operating system" that comprise PDAs and smart phones, it is easy to see miniaturizing notebooks that increasingly communicate begin to blend with the smaller devices, mimicking the characteristics and ultimately falling prey to the same threats that are predicted to afflict the mobile market of PDAs and smart phones in the 2008-2009 period.

The upshot of this convergence is that current architecture of PC antivirus protection will begin to fail this emerging 'mobile majority' and that the excellent but long overdue cooperation between Microsoft and hackers and independent security consultants will have to be accelerated at a rate that substantially exceeds current planning if robust solutions are to be found.

Consider how short a time horizon with which we are dealing. The first viruses for mobile devices, Duts for Pocket PCs and Cabir for devices using the Symbian OS, were written in 2004 as a proof of function "not designed [to] propagate on a massive scale" by the 29A VX virus writing group. Users were told not to worry, that you're "more likely to have a meteorite strike your house" than see infection by these viruses. A year later viruses on Pocket PCs are not yet a significant issue, except in pockets of Asia and Europe, to the point that skilled users I know do not carry virus protection in their base load. (But then these users are disciplined enough to limit their IM traffic to only those whom they trust.)

But the threat migration from email systems currently buttressed by gateway and desktop antiviral tools has begun to move to IM (Instant Messaging), IRC (Internet Relay Chat), P2P (peer-to-peer) and CIFS (Common Internet File System) protocol for remote file-system access use over the Internet. In March 2005, Symantec reported threats "related to P2P, IM, IRC, and CIFS make up 50 percent of its top 50 threat submissions, up from" a third a year earlier.

The key to becoming a target is to have a significant mass of users and an exploitable vulnerability for propagation. (Even Macs will become a target as less skilled users adopt mini Macs.) For mobile devices, the necessary conditions required for propagation will converge about "year-end 2007 [when] smart phones account for 30 percent of all wireless telephones in use":

  • Commonplace "large-scale user-to-user sending [of] complex executables
  • User community of a third or more of the population

I submit that increasingly miniaturized laptops will have the same characteristics and suffer similarly, yet the PC market and the major software vendors are still behaving as if perimeter/barrier tools will suffice. Gartner has already called the mobile market out:

The mobile world should not repeat the mistakes of the PC world. Malware protection services should be built into the network first, and device-side protection should be the last resort."

Thoughtful players are already calling for tools at the network layer that detect behavioral and network traffic anomalies:

Signature-driven antivirus tools are great for hindsight, but we are at a turning point where signatures are not enough…Currently the attackers are testing their tools against the most popular antivirus products [so as to produce immunized attacks].

I find it curious that experts can say that that "desktop antivirus software became largely ineffective [as proactive prevention] as soon as e-mail surpassed floppies as the dominant transmission mechanism" as a means of justifying better network layer tools for mobile devices yet ignore the rise of laptops that will increasingly operate in much the same way.

It should be a reminder to all that attackers move to whatever point in the supply chain or the delivery chain where there is maximum opportunity at minimum risk. Just as we remind clients in Intellectual Property (IP) protection that they must think in terms of total asset protection (wherever that asset appears by tier, application, and location) instead of location solely (where the client fixes on a particular site or facility where they believe that they have exposure), so will crackers migrate to the next weakest point - targets of opportunity - in the software delivery system to the enduser.

If perimeter and desktop deterrents are not going to work as a sustaining architecture and the antivirus vendors are going to be treated as a major exploit targets equal to the applications that they protect, work on intelligent network defenses, regardless of design difficulty, best should get underway immediately lest the growing 'mobile majority' finds itself at grave risk.

Clock's ticking on phone virus outbreak, experts say
By Munir Kotadia
ZDNet Australia
Published on ZDNet News: June 21, 2005

Security tools face increased attack
By Joris Evers
Published on ZDNet News: June 20, 2005

Microsoft asks for help from hackers
By Ina Fried, Special to ZDNet
Published on ZDNet News: June 16, 2005

Skulls Trojan puts on antivirus mask
By Joris Evers, CNET
Published on ZDNet News: June 10, 2005

Expert: Cell phone virus threat is overblown
By Will Sturgeon,
Published on ZDNet News: May 5, 2005

Hackers reach beyond Windows, IE
By Robert Vamosi,
Published on ZDNet News: March 21, 2005

Gordon Housworth

Cybersecurity Public  InfoT Public  Strategic Risk Public  


  discuss this article

<<  |  June 2020  |  >>
view our rss feed