Is That a Virus on Your Phone or a New Business Model?

by jeremy on June 29, 2007

This week’s WSJ.com column (subscription only) is about mobile viruses — or the lack of them. First off I talked about CommWarrior, the virus any of you with a Symbian phone and Bluetooth switched no will have been pinged with anywhere in the world.

CommWarrior isn’t new: It has been around since March 2005. But this isn’t much comfort if you find yourself — as a lunch companion and I did — bombarded by a dozen attempts to infect our phones before the first course had arrived. So is CommWarrior just the thin end of a long wedge? Yes, if you listen to the Internet-security industry. “I can personally assure you that mobile threats are reality, and we have to start taking our mobile security seriously,” says Eric Everson, who admittedly has a stake in talking up the threat, given that he is founder of Atlanta-based MyMobiSafe, which offers cellphone antivirus protection at $4 a month.

But the security industry has been saying this for years about viruses — usually lumped together under the catchall “malware” — and, despite lots of scare stories, I couldn’t find any compelling evidence that they are actually causing us problems beyond those I experienced in the Italian restaurant.

For reasons of space quite a bit of material had to be dropped, so I’m adding it here for anyone who’s interested. Apologies to those sources who didn’t get their voices heard.

Symantec, F-Secure Security Labs and other antivirus companies call FlexiSPY a virus (though, strictly speaking, it’s a Trojan, meaning it must be installed by the user, who thinks the program does something harmless). “In terms of damaging the user, the most serious issue at the moment is commercial spyware applications such as FlexiSPY,” says Peter Harrison, of a new U.K.-based mobile-security company, UMU Ltd.

Not surprisingly, however, Mr. Raihan isn’t happy to have his product identified and removed by cellphone antivirus software, though he says his protests have fallen on deaf ears. “We are a godsend to them,” he says of the mobile antivirus companies. “They are fear-mongering as there is not a significant problem with viruses in the mobile space.”

Technorati Tags: , , , ,

{ 2 comments… read them below or add one }

James Seng July 5, 2007 at 5:37 pm

Just catching up my news.

I know you are trying to mock the anti-virus industry :-)

But mobile virus are real and it can be pretty bad: http://james.seng.sg/archives/2005/01/01/bluetooth_virus.html

I have friends in the hacker community and stuff they can do on your symbian phone is amazing. Hide itself so it cannot be seen, intercept incoming SMS and redirect it to another phone to spy on you or send out SMS quietly without you knowing (the latter has interesting phone slamming potential)

no doubt these problems arent available at large yet but it happens.

Reply

Jeremy Wagstaff July 6, 2007 at 8:34 am

James, thanks for this. I have seen some stuff a bit like this, and I agree there is definitely a potential threat there. But I’ve not seen anything (except Bluesnarfing, I guess) that is really a threat right now, that would justify the level of scaremongering among this new crop of mobile security vendors. it’s a bit like viruses for the Mac and Linux: they definitely exist, and the threat is there, but is it worth user buying NAV to protect against it for now?

Reply

Leave a Comment

Previous post:

Next post: