IP telephony migration increasing hacker threat: report
Jan 28, 2005: IP telephony migration increasing hacker threat: report
Millions of businesses and computer users around the world are at risk from hackers and malware writers targeting wireless Internet systems and mobile telephone devices.
That is according to the latest data for live digital attacks collected by the mi2g Intelligence Unit, which provides security threat assessments and warnings for organisations.
According to the report, the threat is exacerbated by the increased migration of corporations and government departments towards IP (internet protocol) based voice telephony and video communications along with Bluetooth enabled mobile telephone access of fixed lines. As a result, when systems fail or get corrupted, voice, video and data communications may go down together.
Wireless attacks have increased dramatically, with nearly one out of every two recorded digital attacks now taking place via the wireless route as opposed to one out every ten at the start of 2004. The quarter by quarter rise of wireless digital attacks is unprecedented as the number of adaptors of wireless internet connectivity grows exponentially in the consumer, corporate and government sectors.
The report found that the illegal use of other organisation's wireless internet facilities is also rising as many individuals simply utilise 'free' internet access through roaming and adopt a carefree attitude when questioned on the ethics of "piggy-backing" on somebody else's W-LAN (Wireless Local Area Network) without their knowledge or permission.
Mobile phone devices are susceptible to malware because they use operating systems that have turned them into mini-computers. Virus and worm attacks are increasingly infecting mobile phones. In the last few days, new Trojan horse programs - believed to have originated in Russia - have appeared which render Symbian-based mobile phones useless in terms of being able to make calls. The programs masquerade as patch files and other camouflaged files designed to trick users into downloading them. The variants can infect popular phones such as Nokia's 6600 and 7610 models using Symbian's OS version 7. The modus operandi for repair is a global reset which then deletes all personal data like the address book and calendar.
The report does note however that the age of mass mobile phone malware in the highly damaging category of MyDoom or MSBlast has still not arrived and may depend on other enabling technologies before such an event could be realistically precipitated.
In 2005, as network operators finally begin to offer different classes of voice services, including priority communications and one-to-many or many-to-many services, such as network-based cellular conferencing, mobile phone viruses will be able to spread more swiftly.
"The consequences of mobile phone malware proliferation and wireless network hacking include data and identity theft, generation of expensive phone calls and on demand services' bills, as well as crippled handsets and disconnected computers," said DK Matai, executive chairman, mi2g. "The two dimensional world of network computer security was turned three dimensional by the arrival of Internet connectivity and it has now been rendered four dimensional with wireless connectivity and mobile telephony's convergence on top of the existing computing infrastructure. The possibilities for security breach and damage are multiplying by orders of magnitude not seen before and user awareness is very poor."
mi2g advises that for corporations and government bodies, the short term solution lies in commissioning independent audits which include full fledged penetration testing focussed on wireless connectivity. Within the domestic environment the vendors of wireless devices and Internet services must be obliged to write warnings on the wireless devices they offer to forewarn customers of the liability and potential for online theft that exists if no security settings are invoked. Default settings should include basic security and must prompt for password entry. In the long term, there is a need for 24/7 risk visualisation risk at the large organisation level and 'neighbourhood watch' schemes at the small to medium size enterprise and domestic level, because the complexity of maintaining computer and mobile telephone security is far greater in the wireless connectivity era.
Related Article: