Mobile hacker gets sacked

Spanish authorities are reporting the arrest of a hacker believed to be responsible for creating several well-known threats designed to attack mobile devices.

According to a statemSymbian OS.ent released by Spanish police (and passed along by researchers working for security software maker Sophos), authorities in Valencia have taken custody of a 28-year-old man after pursuing him during a seven-month-long investigation for carrying out mobile malware attacks.

The individual, whose name has not been released, is specifically being held on the suspicion of creating the Cabir and Commwarrior worm viruses, which specifically targeted users of wireless devices running on the Symbian OS.

Spanish police estimated that as many as 150,000 phones were eventually laced with the threats.

Alas, love appears to have played a role in the ingenious hacker's downfall, as part of the manner in which he was identified was through the repeated use of the name "Leslie" in his malware code -- purportedly the name of his fiancé.

While mobile viruses are still considered to be far less prevalent than desktop computer threats -- with Cabir and Commwarrior among the few attacks that have actually been discovered and publicized by security experts -- researchers contend that the hacks will become far more prevalent in the coming years, especially as more powerful handhelds such as smartphones gain adoption, along with wireless-based payment systems, and users subsequently carry more valuable data on the devices.

In a 2007 survey conducted by Sophos, some 81 percent of business IT administrators said they were nervous that malware and spyware aimed at attacking mobile devices would become a significant threat in the future. Some 64 percent reported that they currently have no technology in place specifically aimed at defending smartphones or PDAs.

"The concept of mobile viruses is very real. As most mobile devices connect via the desktop to network computers for syncing purposes, these viruses present a very dangerous risk to the network as a whole," Ron O’Brien, senior security analyst for Boston-based Sophos, said in an e-mail.

Perhaps unsurprisingly, and in light of the fact that desktop threats remain a much bigger problem, Sophos is recommending that customers buy into integrated security applications that offer extended protection for mobile devices -- such as the one that it currently markets.

Despite a lack of well-known mobile threats, some experts have said that as more end users adopt devices that run on the same operating systems -- versus the hodge-podge of smartphone OS software on the market today -- there inevitably will be more attacks leveled at the handhelds.

"As the addressable market for smartphones expands, there will be more attacks, as malware activity always moves to the areas of greatest impact, but the activity isn't comparable to the desktop today," said Jan Volzke, head of marketing for Mobile Security at San Jose, Calif.-based McAfee. "The number of operating systems in use today has likely had an effect on slowing attacks, as there is no single platform to write malware code to."

Posted by Matt Hines on June 25, 2007 09:03 AM