Forget Bluejacking Or Bluesnarfing, Watch Out For WAPjacking
By Mike Masnick, Wed Jun 02 22:15:00 GMT 2004
Mobile security issues are becoming more common every day. They still get more attention than the damage they cause, but the trend is clear. WAPjacking appears to be the latest security headache for the industry.
It's safe to assume that the wireless data industry has lost its innocence. For years, as computer viruses, worms, trojans, spyware, adware and plenty of other malware became common, mobile phone systems remained a nice safe haven where no one had to worry about those things. It wasn't until last year that many people really started to take the concept of mobile phone OS security more seriously, and began to realize that (especially as phones got smarter), the same problems would quickly move to become mobile.
In the past few months alone, there have been stories about Bluejacking and Bluesnarfing, though they both seemed to be hyped well beyond any real threat. There's now a new one to add to the list. While it doesn't seem to have an official name yet, it should be called WAPjacking.
Taking a page from the still popular redialer scam on PCs - where a secretive trojan tries to disconnect your modem (assuming you're using dialup) and reconnect you secretly to a premium rate phone number in some distant country - the WAPjacking scam basically does the same thing. It involves an SMS message that overwrites the WAP settings on your phone, replaces the standard WAP home page with something else - and then switches the call to a premium rate number.
Of course, as with so many of these types of scam warnings, there's little to no data given on how widespread this is or how big a problem it really is and not a single quote from an end-user bitten by the scam. In the meantime, rest assured that it won't be long before we'll all need to install (and maintain) anti-virus, anti-spyware, anti-spamware and more on our mobile phones as well.