Nokia hacker payment turns spotlight onto mobile malware

Finnish police confirmed they are investigating reports that Nokia was blackmailed by hackers who threatened to expose the encryption code used in the company's now defunct Symbian operating system.

Local TV station MTV reported on Tuesday that hackers extorted millions of euros from the company to stop the leak in late 2007 or early 2008, and that the country's Central Bureau of Investigation is continuing to investigate the fraud.

Detective Chief Inspector, Tero Haapala, said it is unclear whether the hackers were domestic or international, but that the Bureau is treating the incident as a case of blackmail, MTV reported.

The hackers gained access to the encryption code used in Nokia's Symbian software, which would have enabled them to write new code that appeared to be legitimate, but could in fact be malware, Reuters reported.

At the time, Nokia was the clear market leader in mobile phones. MTV stated half of the world's smartphones in 2007 used the company's software, which made the company an attractive target.

Nokia collaborated with the police to trap the culprits when the time came to hand over the cash. However, the authorities lost track of the bag containing the money.

Security experts have warned for years that the increasing functionality of smartphones makes them a lucrative target for hackers. However, most of those reports focus on end-user protection rather than attempts to crack the core code used in smartphone operating systems.

In December 2013, Kaspersky Lab reported that attacks targeting mobile devices have become more mature and sophisticated, with the primary goals being the theft of money and personal data. The success of Google's Android operating system makes it a prime target for cyber criminals, with 98 per cent of known malware targeted at the software at that time.

McAfee reported in August 2013 that Android-based malware grew 35 per cent in the second quarter of that year--a growth rate it said had not been seen since early 2012.

The company said applications including banking malware, fraudulent dating apps, trojanised apps, and fake tools were among the top scams employed by cyber criminals.

In early June, Steffen Paulus, director of product marketing for network management, network analytics and policy control at Alcatel-Lucent, told FierceWireless:Europe the company is developing analytics services that would enable operators to remove malware from individual smartphone applications.

For more:
- see the MTV report [in Finnish]
- see this Reuters article

Related Articles:
Alcatel-Lucent urges operators to move away from 'one size fits all' approach to data
US, Russia top cyber attackers
Mobile malware growing again
Poison Ivy malware makes comeback
Traditional IT security measures failing