As cell usage climbs, unfamiliar threats are heading our way.

More than one billion mobile handsets are shipping annually. And there are more than 2.7 billion mobile telephone subscriptions. Any way you slice it, global mobile communications services are quickly expanding. Increased connectivity and impressive new device capabilitiesemdash;such as gigabytes of memory capacity and true multimedia supportemdash;are driving growth in the mobile market. And the criminals are newly inspired by the lack of consumer awareness, ubiquitous usage, the sensitivity of stored data, and huge industry revenues. Although current mobile phone service is generally considered safe, we are seeing rapid growth in mobile attacks with increasingly technical diversification. And that causes concern for the future.

Criminals explore new technologies
In 2006 we saw threats begin to move from PCs and networks into the mobile space. Simple mass-mailing worms (such as VBS/Eliles.A) containing malicious attachments suddenly turned into phishing attempts targeting Nokia Series 60 phone users. Viruses manipulated mobile phone operators/carriers' SMS gateways to send text messages trying to trick users into following a malicious mobile Internet link. (This trick is called "SMiShing" due its SMS-based method.) Yet some may ask, "What’s the big deal?" Mobile Internet usage is currently very low, right? Ah, but on the other hand we just saw a run on new top-level mobile domainsemdash;.mobiemdash;which are expected to improve the browsing experience on mobile devices. PC-tophone crossover viruses (such as MSIL/Xrove. a ) have used Microsoft Intermediate Language and have demonstrated the potential to run on many devices and platforms. As more and more mobile device internals are discovered and published, we expect to see hacker tools for the mobile market continue to improveemdash;just as they have on every previous platform.

Malware writers are already attacking commercial programs for mobile devices. For instance, SymbOS/Mobispy was the first mobile spyware: It can remotely activate infected phones and turn them into eavesdropping devices—sending secret copies of text messages to the author. And it gets worse: Because mobile phone users have to pay the bill, no matter what, financial crime has become a new driver for malicious software. We’ve examined several malicious programs (including J2ME/RedBrowser) for smartphones that send text messages to costly premium-rate service numbers without alerting the user. Because such criminally motivated malware causes considerable financial damage to subscribers, mobile network operators are starting to seriously treat security as part of their critical infrastructure.

Operators/carriers face increasing risks
A whopping 30 percent of subscribers change carriers each year. Customer satisfaction (or dissatisfaction) is a primary driver, and is also therefore a focus for carriers wishing to maintain and build market share. The impact of spreading mobile malware, inappropriate content (phone-crashing programs, adult services), unsolicited messaging (spam, phishing) and network vulnerabilities represents a significant threat to mobile operators’ business. Not only does the brand suffer from its association with incidents, but the costs of network or device cleaning, customer service, and revenue disruption can also be huge.

Consider this: The cost of dealing with an infected subscriber completely eats up a customer’s average annual revenue contribution. The effective protection of networks, devices, applications, and content is necessary to safeguard the user’s current and future experience and to lower adoption barriers. New services such as mobile payments or mobile localization require multiple levels of security before they are launched to the market.

What’s next?
Mobile threats are already showing an unwelcome level of maturity—a shift from mere vandalism to sophisticated and increasingly socially engineered malware. We expect the number of mobile malware attacks targeted at smartphones and wireless PDA devices to double by the end of 2007. And, in parallel, we foresee the rapid development of new threat vectors that attack commonly used mobile services and cause considerable costs for mobile network operators. More than 95 percent of all phones worldwide support SMS/text messaging. Java runtime environments (J2ME) have been deployed in 1.2 billion of the devices around the globe and almost half of the global subscriber base uses voice mail. The history of PC malware development shows that malicious forces always gravitate to the areas of highest impact. We anticipate that mobile threats will both continue to grow in the smartphone market (which represents less than 5 percent of the global device base) and expand into more widely deployed mobile technologies. Mobile network operators must adopt risk management measures to stay on top of these developments—not only to prevent costly disruptions but also to enable their environments for new, more secure services. If they don’t, they will face increasing abandon rates and support costs that exceed revenue contributions. If they do, they will have a competitive advantage of customer satisfaction.