At around the end of 2007, the key conditions should exist for there to be a Slammer or MSBlast-style attack that hits mobile devices, it has emerged. These conditions are the large-scale adoption of smart phones, omnipresent uses of wireless messaging to exchange executable files, and the convergence of operating systems to the extent where one product will dominate the market. In order for attacks to be truly fought, businesses need to ask their mobile carriers to block worms and viruses at the network level.
The one monkey with a wrench, said John Pescatore, vice president and research fellow with Gartner, would be an attack based on a carrier’s own over-the-air provisioning capabilities. Newer phone operating systems let carriers do automatic updating using OTA.
"If the OTA path is vulnerable, attackers would not need to use viruses or worms to spread malware, because they could install it directly," Pescatore and Girard wrote in their report.
"It would be like if someone hacked into Comcast," said Pescatore, "or Microsoft’s Update service, and used the ISP or an update to install files, either automatically or by pretending to be from the ISP."