Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
-
   Home
   Archives
 About Us
   Advertise
 Feedback
 Subscribe

Home > Focus > Full Story

How Serious are Mobile Viruses?

Getting mobile does mean opening your enterprise to new security risks. However, it's good to worry about real threats and not get distracted by hype. by C K Mah

Some 65 million years ago dinosaurs ruled the Earth. Scientists believe a meteorite crashed into the Atlantic causing a climatic change of cataclysmic proportions. Plants stopped growing, the dinosaurs died, and man crawled out of the primeval sludge to eventually invent Windows CE.

Today, scientists tell us that meteorites might hit the earth again. But I think most sensible people worry more about everyday threats, rather than fear occurrences that may never surface. Indeed, why worry about meteorites when the threat of getting run over by a car looms everyday?

Is Your Mobile at Risk?
What has all this got to do with mobile device viruses? There has been much discussion recently about the potential vulnerabilities of new wireless technologies, such as WAP mobile phones and palmtop computers. Concern has focused on whether or not these mobile devices can be infected by viruses.

You would imagine mobile devices to be at a great threat, judging by the increased interest of anti-virus vendors on these subjects. The fact is, to date; there is no virus that infects mobile phones, despite the hysterical press releases, media stories and hoaxes stating the contrary.

What has been seen are viruses that are capable of sending text (SMS) messages to mobile phones. For instance, VBS/Timo-A is an e-mail aware worm that can send text messages to mobile phones. Another infamous virus, the LoveBug, is capable of forwarding its code to fax machines and mobile phones via Microsoft Outlook. Of course, neither of these viruses causes any harm to the mobile devices and both are incapable of spreading further.

A growth area for mobile communications is in the wireless application protocol (WAP). WAP is based on the same model as Web communications in that a central server delivers code, which is run by a browser installed on the mobile phone or organizer. It is important to note, though, that there is nowhere on current WAP mobile devices where a virus can harbor itself.

Unlike a PC, a WAP mobile phone is not able to store the applications it uses. Also, there is no way a virus would be able to spread to other WAP users. Current WAP-enabled mobile phones do not allow for communication between 'client' phones. Simply put, code passes from the mobile phone company's server down to your mobile phone, but not vice versa, or from one mobile phone to another.

The bottom line in this case is that mobile phones and WAP mobile devices are simply not sophisticated enough to be infected at the present time. However, consumer demand for increased functionality often means that manufacturers are keen to develop the technology required to meet user requirements. As these mobile devices become more complex, the opportunities for viruses to infect them may also increase.

A real threat: The WLAN weak link
A security weakness in the encryption standard used within IEEE-based WLANs has been uncovered. Three cryptographers have described a practical way of attacking the key scheduling algorithm of the RC4 cipher, in a paper entitled Weaknesses in the key scheduling algorithm of RC4.

The RC4 cipher forms the basis of the WEP encryption that is used in IEEE 802.11b wireless networks. The paper's authors discovered several ways to uncover patterns in packets of information passing over WLANs.
These patterns can be used to figure out the WEP encryption "key" and the number used to scramble the data being transmitted. Once the key is recovered, it can be used to decrypt the messages. According to the authors, using a longer key-128 bits instead of the current WEP standard of 40 bits-does not make it harder for attackers to uncover the process. The paper provides a more practical approach to breaking RC4 than previous publications and lends fresh urgency to the work of two IEEE groups grappling with the 802.11 vulnerabilities.

However, the Wireless Ethernet Compatibility Alliance said enterprise users should continue to use WEP because only skilled crypto analysts would be able to exploit the weakness. Enterprises could also use several existing tools for additional security, such as VPNs, IPSec, and RADIUS authentication servers.

In addition, many WLAN vendors have introduced proprietary encryption schemes because of the known weaknesses in WEP. However, these schemes are not interoperable with each other. There have been
other problems uncovered in the WEP structure but the latest discovery is more significant because an attack could be carried out faster and with fewer resources.

One emerging solution is from the 802.1x group that is focused on overall network security and authentication. Another is the 802.11i group that is making use of some of the 802.1x work to overhaul the identified WEP vulnerabilities. These initiatives are scheduled to be finalized by year end and vendors are likely to have products out soon.

Potential PDAs Problems
What about palmtop computers and PDAs-can they be infected by computer viruses? PDAs run specially written scaled-down operating systems, such as EPOC, PalmOS or PocketPC. They are often connected to home or office PCs to synchronize the data between the two machines. This presents an opportunity for viruses to spread onto them.

Yet, no viruses currently exist for the PocketPC and EPOC operating systems, although there is no technical reason why they could not be written. There is a virus called Palm/Phage, which is able to infect Palm OS, but it is not in the wild and poses little threat.

Nonetheless, it is sensible to keep backups of any Palm applications and data. There is also a Trojan horse known as Palm/Liberty-A, which is able to infect the Palm OS. It deletes Palm OS applications and was distributed in the 'warez' community. Like Phage, it is low risk and you are unlikely to ever encounter it.

Bluetooth Bugs
 Bluetooth is a standard for low-power radio data communication over very short distances. Computers, mobiles, fax machines and even domestic appliances, like video recorders, can use Bluetooth to discover what services are provided by other nearby mobile devices and establish transparent links with them.

Software that utilizes Bluetooth is currently emerging. For example, Sun's Jini technology allows devices to form connections, exchange Java code automatically and give remote control of services. The worry is that an unauthorized user, or malicious code, could exploit Bluetooth to interfere with these services.

However, Bluetooth and Jini are designed to ensure that only trusted code from known sources can carry out sensitive operations. For now, this means that it is highly unlikely for a virus outbreak to occur.

What's To Happen?
Inevitably, the evolution of mobile and PDA technology will bring with it the development of further security. The issue here is where you implement antivirus measures. The most efficient way to protect mobile devices is to check data when you transfer it to or from the device. For mobile phones, the WAP gateway would be a good place to install virus protection. All communications pass through this gateway, providing an ideal opportunity for virus scanning.

As mobile phones become increasingly interconnected, it will be difficult to police data transfer at a central point. In the case of PDAs, one solution would be to deploy antivirus software during data synchronization with a conventional PC. Moving forward, there will be an increasing requirement to put antivirus software on individual phones and PDAs. However, this can only happen when these devices have sufficient processing power and memory.

Nothing to Fear
It is easy to get carried away with the threat of potential viruses on mobile devices. However, much of the hype is unsubstantiated and based on speculation. There have been some ludicrous suggestions about viruses. At the moment, because a virus is limited by the functionality of the platform it infects, mobile devices are just not sophisticated enough to allow widespread virus infection.

The current trend seems to be for people to worry about the potential threats of tomorrow, which may never come to fruition, as opposed to the real risks of today. The best advice to follow is to remain alert to what the dangers are right here, right now and to protect against them. While you're concerning yourself about the future, you could be missing what's right under your nose.

<< >>

- <Back to Top>-  
© Copyright 2001: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by The Business Publications Division of the Indian Express Group of Newspapers. Site managed by BPD