Mobile phones are likely to be the next target of criminal computer hacking gangs, scientists warned today.
Researchers from the Georgia Institute of Technology said the growing power of phones has opened a new avenue of attack for hackers.
Of particular concern is that as phones get more computing power and better internet connections, hackers can capitalise on vulnerabilities in mobile-phone operating systems or web applications.
Botnets, or networks of infected or robot PCs, are already used to send spam and operate “denial of service attacks,” in which computer servers are overwhelmed with internet traffic to shut them down.
For example, botnets were used against Estonia’s government and financial websites in a devastating wave of attacks last year.
Botnets are so troubling because they have massive computing power and a seemingly endless supply of newly infected PCs to replace old ones that are wiped clean or taken off-line. Millions of PC have fallen victim. The owners typically never know.
The Georgia Tech researchers said that if mobile phones become absorbed in botnets, new types of money-making scams could be born. For example, infected phones could be programmed to call pay-per-minute telephone numbers or to buy ringtones from companies set up by the criminals.
“The question is, can they do it effectively – make a lot of money without much risk?” said botnet expert Joe Stewart, director of malware research with SecureWorks.
“And if they can, then they will do it.”
The Georgia Tech researchers said a big appeal of mobile phones for hackers is that the devices are generally always on, they are sending and receiving more data, and they typically have poor security. Anti-virus software would use massive amounts of battery life, which is a killer on a mobile device.
“This is the perfect platform (for hackers),” said Patrick Traynor, an assistant professor of computer science at Georgia Tech.
One big hurdle hackers will face is learning how the cellular networks work and adapting their attacks. Unlike the wide-open world of internet providers, cell phone operators have tighter control over their networks, which means they could shut down the lines of communication between infected phones much easier.
Researchers have little hard evidence that hackers are already targeting mobile phones. But successfully attacks require a lot of internet browsing and downloading on phones, and that is just starting to happen now.