Mobile hacker attacks will damage business in 2011

Businesses cannot afford to ignore mobile hacking attacks as they are proving extremely lucrative over shorter periods, a study of mobile threats has found.

Criminals are rapidly turning to sophisticated compound threats that use text messaging, multi-media messaging, e-mail, web and voice channels, according to the 2011 Global Security Insights in Mobile report by security firm Adaptive Mobile.

Returns on mobile fraud are roughly 40 times greater than e-mail-based scams, said Gareth Maclachlan, chief operating officer at Adaptive Mobile.

"A typical e-mail scam nets about $25,000 (£15,570) according to Symantec studies, but we have seen a mobile scam net $1m in four days," he told Computer Weekly.

The attack used missed-call alerts that appeared perfectly legitimate, but anyone responding to them was connected to a premium rate number which played a recording of a dial-tone.

The mobile network operator paid termination charges of $1m before the fraud was discovered, said Maclachlan.

Adaptive Mobile is also seeing a rise in mobile man-in-the-middle attacks, where hackers are tricking people into loading variants of the Zeus Trojan onto their mobile devices, which then capture their bank details and redirect one-time passwords from the bank directly to them, he said.

"McAfee recently published a report saying malware targeting mobile devices rose 46% in 2010, but the threat should not be measured only in terms of volume, because fewer attacks are already proving to be more damaging," he said.

In addition to the fact that it is much easier to make money exploiting mobile devices than desktop PCs, there are several other factors attracting criminals to focus on the mobile platform, said Maclachlan.

First, mobile transactions are growing in number. According to the report, mobile subscriptions are expected to hit the five billion mark in 2011 and smartphone global penetration is predicted to increase from 20% to 37% in Europe by 2012.

Other factors attracting cyber criminals include the fact that bulk text messaging has become much cheaper and the ease of developing and distributing mobile applications.

"Makers of mobile devices and operating systems eager to promote their use are providing a great deal of support for developers of applications, but not all are good," said Maclachlan.

The only way to maintain trust without generating onerous additional costs or destroying the mobile marketplace is to tackle the problem at a network level, he said.

This approach is far more cost effective than deploying and managing agents on every mobile device, according to Maclachlan.

"Using network management services, businesses are able to set policies for every user and define exactly what each SIM can and cannot do at a much lower cost than they would be able to achieve such control using their own resources," he said.

Businesses should take action on mobile threats in 2011, not based on volume, but on the much greater potential financial and reputational risk, said Maclachlan.

"The report is aimed at helping businesses understand the threat of mobile attacks because not many realise the damage that can be done," he said.