It was always only going to be a matter of time before it happened: the world’s first mobile phone worm has arrived.
Fortunately, the worm, known as ‘Cabir’, was not released into the wild, but was emailed anonymously to antivirus software companies by a group of international hackers known as 29a. Primarily based in Spain, they specialise in creating worms and viruses to demonstrate that no technology is reliable and safe from attack. But if it had been released, the consequences could have been devastating, say experts.
The worm is capable of infecting smartphones and other mobile devices running the Symbian operating system (eg Nokia and Motorola). It propagates via the Bluetooth short-range connection technology and drains the battery by constantly scanning for other devices to infect. Security specialists have for some time warned about the vulnerability of mobile phones, particularly the new breed of smartphones that boast many PC-like capabilities. However, vendors have been slow to act, mirroring the errors that made Windows a relatively insecure platform. For example, although Bluetooth is switched off by default in some devices, in many others manufacturers ship phones with it turned on.
“Historically, the more functionality that emerges on any device, the more the hacker will take advantage of it,” says Sal Viveros, a wireless ‘evangelist’ at security vendor McAfee. “With the advent of 3G and increased rollout of sophisticated devices such as smart phones, we’ll see all the same threats in mobile that you have in the PC space.”