Consumers aren’t the only ones who love the iPhone.

According to one expert that TMCnet interviewed today, the popular device’s familiar Web browser and operating system is giving hackers a leg up in finding entry points to exploit.

Terry McCabe, chief technology officer at Airwide Solutions – an international company headquartered in Burlington, Massachusetts that provides next-generation mobile messaging and wireless internet infrastructure, applications and solutions – also says that in this slower economy, more consumers are using their mobile devices to comparison shop, as well as check their bank balances and portfolios.


Mobile devices become more and more prevalent, and there uses more diverse, as an entire industry rises around Apple’s model for the iPhone App Store and devices such as HTC’s Google Android phone and the BlackBerry (News - Alert) Storm follow that model. As TMCnet has reported, some experts say that text messaging itself will emerge as a core piece of all advertising within five years.

For McCabe, the platforms that support today’s popular devices, such as the Symbian (News - Alert) operating system or Java, while offering high functionality and interoperability – both major plusses – also are vulnerable to malware writers who know their shared source code.

TMCnet had a chance to speak to McCabe about the security threats facing mobile devices. We also discussed which regions of the world are facing biggest challenges when it comes to increasingly prevalent problems such as mobile spamming, and what areas hackers may be targeting next.

Our exchange follows.

TMCnet: Much of what we’re reading about in the IT market these days has to do with applications for Internet-ready mobile devices, as BlackBerry smartphones and theHTC ( News - Alert) Google Android phone follow Apple’s iPhone example in setting up an online “store” for the programs. How is the rapid spread of these mobile devices, and the increasingly large amount of applications now available for them, affecting users’ security?



Terry McCabe (pictured left): Many in the security industry have warned smartphone platforms are ripe for attack – particularly when users lack awareness of potential threats and many will unwittingly ‘go looking for’ the viruses by actively downloading games or other content.

The open source nature of the Symbian OS yields major benefits in terms of interoperability and functionality. However, this same operating system cuts the other way when it comes to security. Due to the shared-source code, malware writers can gain a deep understanding of the operating system.

Additionally, Java while extremely valuable in terms of premium downloadable content like games, and highly functional applications, the technology also poses a major security threat. As mobile phone users download more and more functional content, the risk that they may unwittingly also download a game or application with a hidden bit of code that could attack their phone greatly increases.

According to some industry experts, security breaches that can be traced back to the actions of one individual are not the fault of one uninformed employee but rather a failure to educate and engage the whole workforce around the importance of good security practice. However, small businesses without the benefit of IT training or support will have difficulty running their business and making themselves experts in the latest threats to their mobile devices.

While there as yet have not been high profile examples of this in the press, there is also an increasing risk posed by applications like Mobile Instant Messaging. This requires users to download a client application for use on their handset that has not necessarily been vetted by their operator. While most of these clients are downloaded from a reputable firm like Yahoo or other, there is a possibility that along with the client could be downloaded a virus or other potentially damaging Trojan.

Whereas Java brings functionality and versatility to the world of mobile devices, at the same time it also introduces new security threats. The rapid growth of the number of mobile devices that support Java makes this a pressing issue.

Already mobile malware has evolved from annoying text message spam to snoopware that enables the hacker to listen in on conversations, install spyware that allows him to access phone logs and contacts, and send text messages and multimedia spam to other devices.

However, the most frightening aspect about mobile malware is its potential to use an infected smartphone or other device as a proxy or gateway into an organization’s core network. By hijacking a handheld device, hackers can breeze past a traditional firewall and make their way onto a company’s mail server, customer database, CRM tools, and other critical parts of the network. And this damage may result from something simple, such as an employee receiving a message to download a free game or antivirus update.

Posted by Justin Payton in Adware, Spyware and Trojans at 15:00

PLAINFIELD -- Could your computer become a hacker's storage vault for child porn, unbeknownst to you?

Some say it can happen -- and has.

One Plainfield man facing child pornography charges thinks it happened to him.

Kevin F. Plachta, 45, of 16125 Vintage Drive in Plainfield, said he may have inadvertently downloaded a computer virus, or was the victim of a hacker, but he didn't knowingly download child porn.

About a year ago, the FBI seized his household computers, saying they had reason to believe there was child porn on one of them, Plachta said.

They took three computers and eventually returned two, he said. The FBI refused to return the third because they said there were questionable images on it, Plachta said.

Plachta was arrested Nov. 14 on two counts of child pornography.

The complaint filed with the Will County State's Attorney's office accuses Plachta of having a photo and a partial video depicting child porn on his computer.

In an interview last week, Plachta maintained his innocence and said he was likely a victim of a virus or a hacker that planted the images on his machine.
Virus unlikely culprit
Could an unsuspecting computer user aid a child pornographer by accidentally downloading their handiwork?

It's not likely, according to Dave Margliano, computer crimes investigator for the Will County State's Attorney's Office.

Computer viruses are often accidentally or unknowingly downloaded, he said -- not pictures or movies of child porn.

"I have never found that situation where pictures (or movies) are downloaded to your computer without your knowledge," Margliano said. "I've been doing (computer investigations) since '98 and I've had well over 300 cases. Never, never, never has that happened.

"And, if something was on your computer, you would certainly have knowledge if you were making CDs or DVDs. There's absolutely, positively, 100 percent no way you could have that media and not know what's on it," he said.

In Will County, child pornography cases take some time to build, Margliano said. Evidence of multiple downloads and other investigation is required before authorities will try to bring charges, he said.

"Very few (child pornography cases) go to trial because the evidence is so overwhelming that the defense attorney certainly does not want a jury to see what their client had or was doing," Margliano said. "They certainly don't want a judge to see the evidence."

Posted by Justin Payton in Adware, Spyware and Trojans at 12:30