JavaMites: Serious Wireless Industry Threat in an App Driven Mobile Market

JavaMites: Serious Wireless Industry Threat in an App Driven Mobile Market


Author: Eric Everson, Mobile Security Expert

Is your mobile phone really as safe as you think it is? The fact is that handset-level security remains as the greatest vulnerability throughout the global wireless industry. In an industry where service providers have invested heavily to protect their network investments, little is being done to secure wireless handsets. As apps are quickly becoming the driving force behind the future of the wireless industry, the risk handsets face to JavaMite attacks is growing exponentially and few of us are immune.

The world media is fairly consumed with legitimate concerns of the next “superbug”, especially considering the pandemic spread of H1N1 in recent months. These superbugs are frightening to us all because they can infect humanity as a whole and cannot be quarantined very effectively. What does a communicable superbug disease have to do with mobile security you may ask? The reality is everything! In the past year the mobile security industry has seen the debut of a unique threat that is a superbug in its own right: the JavaMite. This innocuous sounding JavaMite is in fact anything but innocuous and may quite simply become one of the most pernicious threats to the mobile industry as we know it.

What is a JavaMite? As defined in my whitepaper published by CBS Interactive this year, “In its most basic form, a JavaMite is any executable software or script written in (or with) the aid of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” While that definition may sound overly technical, the root concern of this mobile malware is that if implemented effectively it could infect upwards of 90% of the wireless handsets in use today. By nature JavaMites are mobile executables designed to attack Java-enabled handsets (which most of us use every day). The earliest JavaMite malware attacks on the public targeted mobile banking and the first widespread attack using JavaMites was carried out in Indonesia on February 7, 2009. In this specific attack, a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account.

As the demand is increasing for more Apps in the wireless community, the prevalence of JavaMite attacks is certain to grow in stride. As we download new Apps to our mobile handsets this opens the door to unbeknownst threats and since the majority of the mobile phones in service today are Java-enabled, this has created a unique opportunity for JavaMite developers (hackers) to take advantage of your limited handset-level security. As too few people opt to protect their handsets with a third-party mobile security solution, a perfect storm is brewing which could put the entire wireless industry at risk. As our service providers have invested millions of dollars to protect their own networks, little to nothing has been done to introduce security protocols at the handset-level to counter JavaMite attacks. At this point users of wireless handsets must elect to protect themselves because let’s face it, if your handset gets compromised this represents an opportunity for your cell phone company to profit by selling you a new phone. While the service providers stand to profit exponentially from the mobile malware superbug of JavaMites, it is you and I that will pay the price one way or another – pay to protect your handset via a third party mobile security product or pay for a new handset once yours (and your private data therein) have been attacked.

At MyMobiSafe, LLC we have started working directly with the mobile app developers that create new apps for both the iPhone and Google Android handsets in effort to create a more secure mobile environment for everyone. While it is not an industry cure all our efforts are sure to become a valuable vaccine of defense in an app-driven mobile future. If you have not added a security solution to your handset, use caution when downloading any new app. You might just be downloading more than you’re bargaining for.

Your expert in mobile security and innovative technologies,

Eric Everson – The MobileTech

Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.