The BBC was recently criticised for scaremongering about the threat mobile viruses posed to smartphones, particularly those operating on the Symbian platform.

F-Secure was one of two anti-virus software companies quoted by the BBC – the other was Adaptive Mobile.

So it was interesting for to speak with Samu Konttinen, vice president of mobile solutions at F-Secure, to hear his views on the danger of viruses to smartphones.

To put things in context, he began by saying it was inevitable that some of the PC’s problems would come to mobiles.

This is made ever more likely as increasing numbers of people use powerful multimedia handsets, particularly for mobile browsing.

"When the mobile phone is used to browse the Internet, then users get exposed to the same Internet problems as PCs," he said.

"It is relatively naive to think that threats will suddenly disappear when you access the Internet with a mobile browser," he said. "It’s the very same Internet."

PC or Mobile – The Internet Is Risky

With that in mind, Konttinen described the Internet as a relatively dangerous place – and said the threat is growing.

Between 1986 and 2007, there were an estimated 500,000 viruses on the Internet.

He said that figure has doubled in the past year.

"A lot of things are happening. Before it was mostly students trying to hack into databases to show they could do it," he said.

"The ‘industry’ has changed. Now it’s mostly criminals building viruses to make money."

When it comes to cell phones, Konttinen said the picture is also shifting.

Previously, the problems centred around phones and SMS.

So far only around 400 mobile viruses have been detected – a tiny sum compared to the Internet.

Konttinen said that for this reason it is important not to "hype up" the threat.

But even though the risk isn’t as severe as on the Internet it doesn’t mean people should be complacent.

Earlier this month F-Secure launched a new version of its smartphone security solution, introducing an anti-theft feature that includes easy remote locking and wiping of confidential data if the phone is lost or stolen.

"We think that certain elements, the key foundation of cyber crime in the PC world, will work in mobiles as well," he said.

Konttinen said that convergence made it more likely that security risks found in PCs would be replicated in mobiles.

"It would be foolish to think that the mobile ecosystem will be entirely the same as the PC one, but many of the security issues will be relatively similar," he said.

Bigger Targets, Bigger Risk

The explosion in mobile penetration means it is inevitable that malware writers will gravitate towards them.

"If there are volumes, there is motivation," said Konttinen.

Gartner, the industry analyst, forecasts that there will be four billion mobiles compared with 1.3 billion computers by 2010.

However, Cloudmark, a messaging security company, recently estimated that penetration of smartphones needs to reach 20 per cent to 30 per cent before it becomes worthwhile for hackers to spread viruses.

Another barrier to deter virus writers is the fragmented nature of the mobile industry.

However, with the mobile industry moving towards open operating systems and more harmonisation, such as in the case of Symbian, this could change.

Konttinen said the shift towards open source is likely to create a more "interesting" platform for malware writers.

"The reason why there are only 400 viruses rather than millions is because the industry is so fragmented," he said. "Fragmentation is a security mechanism."

Whatever the current level of risk, Konttinen said the mobile industry – both hardware and software – took the security issue very seriously.

Not least because they recognise the criminals behind the viruses are "worthy opponents", he said.

"The PC has proved that whatever security measures you take, the bad guys find a way around it.

"Some of our analysts and researchers think that cyber crime is the fastest growing part of the IT industry."

Enterprise Preparing For Problems

It’s not just the industry that is addressing anticipated security issues.

Konttinen said many companies were taking the threat seriously, especially now that high-end handsets were becoming an increasingly important tool for everyday work.
He said IT departments have a love/hate relationship with Internet and mobile anti-virus companies.

"They see us as being necessary," he said. "Companies now treat smartphones as part of IT and need similar security for their mobile users as they have for laptop users.

"So already there is a real policy-based demand for this type of security.

"Companies don’t want to be seen as entities that don’t take security seriously."

Good to hear. But as mobile computing does become more mainstream the risk of malware will undoubtedly rise.

How real a threat are viruses to smartphone users? Please send us your comments.

Subscribe to our Newsletter