By Clint Swett, The Sacramento Bee, Calif.
Oct. 23--Talk about a tempting target.
With 219 million cellular phones in use in the United States, a cyber-attack could potentially wreak as much havoc as a virus on PCs.
That's where Hao Chen comes in.
Along with two graduate students, the assistant professor of computer science at UC Davis is studying the vulnerabilities of cellular phones, hoping to fend off potential attackers.
"Cellular phones are part of our critical information infrastructure," said Chen, talking in his spartan office on the UC Davis campus. "In some ways, they're more important than the Internet. We rely on cell phones for everything from emergency response and rescue to military operations."
Anti-virus researchers, such as Symantec Corp. and Trend Micro Inc., are working on products to keep viruses from attacking "smart phones" like the Treo, which are as much like PCs as phones.
Chen and his team, however, are concerned about a broader kind of attack.
Most cell phones work in a closed network operated by a cellular phone company, making them seemingly more secure than an Internet-connected PC.
But as more phones link up to data networks for sending e-mail and browsing the Web, there are more avenues for attack. Chen and graduate students Denys Ma and Radmilo Racic demonstrated that vulnerability earlier this year when they found a way to drain cell phone batteries using tiny bits of data sent from a PC.
The researchers showed that it's possible to use an Internet connection to stealthily bombard multiple cell phone numbers with junk bits and bytes of data. Such activity keeps the phone from going into standby mode, draining the battery up to 20 times faster than normal.
"We discovered we can drain a battery in as few as five hours," Chen said. "There's no indication to the user that something fishy is going on."
Chen's research showed that one PC with a DSL connection potentially could attack 5,000 cell phone numbers at one time.
Anyone with the skills to hook up a network of "zombie" PCs could increase that number dramatically, Chen said. Zombie are computers that -- unbeknownst to the user -- have a small virus infestation that allows outsiders to control the PCs.
A determined hacker, Chen said, could set up a "zombie" attack on tens of thousands of cell phones, the same way that "denial of service" attacks are designed to crash a Web site.
Though their focus has been primarily on battery issues, Chen and his team also are looking into other cell phone security issues.
They believe, for instance, that a skilled hacker could disrupt the data networks used by business travelers to send e-mail from their cell phones and other portable devices.
"We're doing experiments and have found it possible to disrupt the network protocols," Chen said. "We are just looking at the scale of how disruptive. ... It's all very speculative, but we could possibly make the quality of a data connection very bad."
Chen's group isn't the only one researching cell phone vulnerabilities. Last year, a team at Penn State University presented findings showing that one person with a cable modem could flood phones in a metropolitan area the size of Manhattan with enough text messages to knock out voice service to 70 percent of a carrier's customers.
Such an attack wouldn't be easy because the attacker would have to determine which phones in the area would be on and receiving text messages when the assault took place. But it is possible, said Tom La Porta, director of Penn State's Networking and Security Research Center.
"Mobile voice and text messaging have become indispensable tools in the lives of billions of people across the globe," the researchers wrote. "The problems (uncovered by the research) must therefore be addressed in order to preserve the usability of these critical services."
The cell phone industry takes such threats seriously. "We have the benefit of learning from the open Internet," said Joe Farren, a spokesman for CTIA -- The Wireless Association, which represents the major cellular phone carriers. "Our filters and fire walls are constantly being refined to address what is an evolving threat."
He said that while academic researchers may be able to disable phones in small numbers, a massive data attack on a phone network would trigger filters and quickly choke off the assault. "Doing it on four phones is a lot different from doing it on 400,000," Farren said.
Both Chen and La Porta contend that large-scale attacks would be possible but acknowledged that phone companies might already be installing better defenses.
"It's hard to know," La Porta said. "Most of the response we get from the carriers is that they have solutions in place, but they can't talk about them."
While Chen and La Porta's research teams continue their work, others are moving in a different direction.
At anti-virus maker Trend Micro Inc., experts are tracking new families of computer viruses made to attack the operating systems of smart phones. With more wireless companies offering high-speed data networks, those viruses are even easier to spread as users download to their phones everything from games to business software.
The viruses typically infect phones that use the Symbian and the Microsoft Windows Mobile operating systems, Trend Micro spokesman Todd Thiemann said. Such viruses could cause only minor annoyances, such as making all the icons on a computer screen appear as skulls.
Or they could cause serious financial distress. Thiemann described one virus that instructs a phone to automatically dial a 900-number and quickly rack up charges totalling thousands of dollars.
Financial gain would likely be a greater motive for hacking cell phones than a cyber-terrorist attack, he said. But regardless of motive, the threat is likely to increase.
"We haven't seen widespread damage yet. It's more proof of concept," Thiemann said. "But if you look at the growth of high-speed networks and the wealth of technical knowledge out there, it's bound to turn virulent."
-----
To see more of The Sacramento Bee, or to subscribe to the newspaper, go to http://www.sacbee.com.
Copyright (c) 2006, The Sacramento Bee, Calif.
Distributed by McClatchy-Tribune Business News.
For reprints, email tmsreprints@permissionsgroup.com, call 800-374-7985 or 847-635-6550, send a fax to 847-635-6968, or write to The Permissions Group Inc., 1247 Milwaukee Ave., Suite 303, Glenview, IL 60025, USA.