Cyber criminals to increasingly target mobile devices

VoIP and WiFi are also risk areas

PDAs will be the future targets of cybercrime

Cyber criminals will increasingly target smartphone and PDA devices, according to the latest Global Threat Report from security vendor McAfee.

The global smartphone market is expected to exceed $250bn (£126.5bn) by 2011, according to research firm In-stat. With more people using such devices to access personal and financial information, there will be more instances of phishing attacks, spyware, and identity theft, according to the report.

'Unfortunately, the inconveniences — including unsolicited messages — that most people detest on their PCs today will also storm mobile devices,' says the report. 'Cyber thieves follow the money. This is too large an opportunity for criminals to ignore.'

The report says mobile spam has the potential to explode as spam-Trojan authors develop mobile malware. Trojan authors and hackers are likely to benefit from mobile security research and open source documents that describe ways in which devices can be compromised.

Voice over Internet Protocol (VoIP) is another messaging medium ripe for spam. VoIP revenues will reach nearly $20bn (£10.1bn) in 2009, according to Infonetics Research.

'During the next few years, VoIP spam—also known as Spam over Internet Telephony (SPIT)—could rejuvenate the telemarketing industry in states and countries that have adopted do-not-call legislation,' says the McAfee report.

'Spoofed VoIP phishing attacks will likely be more successful than their email counterparts because anti- SPIT technology is far behind that of antispam, and many VoIP users will not expect attacks to come from names and numbers that match those of their banks.'

Unlike traditional phone lines VoIP allows spammers to place a large volume of calls virtually free. Calls can also be forged to fool more victims. VoIP technology itself is vulnerable to eavesdropping, recording, and hijacking and VoIP software is already suffering from vulnerabilities.

The report highlights the combination of VoIP and WiFi technology as another potential danger. WiFi VoIP allows people to make calls from any hotspot around the world to any VoIP, cellular, or landline number, the same as if they were calling from home.

Direct attacks allow attackers to send exploit traffic directly to vulnerable Wi-Fi devices and bypass the access point itself to take complete control over host
computers.

'With multiple municipal WiFi projects under way the door is opening wider. In years to come, this mechanism may prove to be a significant vector of attack for cybercriminals,' says the report.