Last June, when anti-virus researchers reported the discovery of the first proof-of-concept cell phone virus, analysts and experts immediately predicted a coming wave of malware targeting high-end mobile devices.
Since then, the warnings have been coming fast and furious. According to the experts, the original proof-of-concept code quickly evolved into Cabir, a worm capable of bluejacking nearby cell phones running the Bluetooth-enabled Symbian Series 60 operating system.
Then came reports of mutants and Trojans and weekly warnings that the worm had spread to 17 countries around the globe. New reports that an underground virus-writing group called 29A had released the Cabir source code pushed the story onto the pages of the mainstream press, prompting anti-virus vendors to roll out plans to combat the threat.
But not everyone is convinced that the risk is high enough to justify the investments. On security discussion forums, there have even been suggestions that research firms are overblowing the threat to create an artificial market for cell phone anti-virus software.
“A lot of this is hyped to create a market that doesnt exist,” said Neil MacDonald, group vice president and research director at Gartner Inc. “The market will exist eventually because the devices are becoming more powerful, but the threat today is minimal and overblown.”
Gregg Mastoras, senior security analyst at Mass.-based Sophos Inc., echoed MacDonalds thinking. “Were not trying to be prognosticators and say mobile viruses will never be a big threat. But right now, it isnt and shouldnt be something an enterprise administrator should worry about. The level of the threat does not warrant all the headlines,” Mastoras said in an interview with eWEEK.com.
Sophos has no immediate plans to create—or market—anti-virus software for cell phones, but rival companies insist that there is a legitimate market to be served.
One such company is Kaspersky Lab, the well-known Russian anti-virus company that recently opened shop in the United States. “Malware for smart phones is now evolving, and seems likely to become a growing threat as smart phones gain popularity,” the company said in a statement announcing the launch of a beta anti-virus product for Symbian-powered cell phones.
Kasperskys beta is likely to evolve into a paid product, much like F-Secure Corp.s Mobile Anti-Virus software that promises “real-time on-device protection with automatic, over-the-air antivirus updates.”
Symantec Corp., Trend Micro Inc. and McAfee Inc. also have invested in mobile anti-virus products.
Steve Orenberg, a former Sophos executive who now runs Kasperkys U.S. unit, defended the companys push into the mobile anti-virus market. “Our philosophy is to be prepared. There is evidence that this will become a big problem, and we are positioning ourselves to be ready with a product,” Orenberg said.
He dismissed suggestions that Kaspersky was a party to overblowing the risk. “Were not telling people that theyre currently at severe risk. Compared to other problems with malware, the cell phone issue is not a high-priority issue right now. But if this problem were to accelerate like we think it will, we will be ready with a solution.
“The threat is there. Its up and coming and its in the wild. Theres no sense in waiting for something bad to happen to be able to react.”
Gartners MacDonald was blunt in his assessment of the immediate risk. “I havent had any clients call up asking for advice on dealing with a cell phone virus problem. And I dont know anyone in the real world who has been affected,” he told eWEEK.com.
If and when cell phone malware becomes a legitimate threat, MacDonald said he thinks the anti-virus vendors should focus their investments in a different direction.
“They are trying to replicate the desktop anti-virus model to the handset devices, and I dont think thats an efficient way to address the problem,” he said.
“The place where this threat should be addressed is at the network level. With handsets, the only way malware can get to the device is to go through the network. It would be more efficient and effective to have the wireless service providers do the scanning within the network,” MacDonald said.
Sophos Mastoras downplayed the threat entirely. “When you read the alerts and the news stories, you get the impression that virus infections are happening every day. Thats just not true. We dont think its the threat its been made out to be,” he said.
“We just dont see the market demand or need for it at this moment,” Mastoras added. “There are more pressing security issues that folks should be concerned about.”