> Focus > Full Story
Serious are Mobile Viruses?
mobile does mean opening your enterprise to new security
risks. However, it's good to worry about real threats and
not get distracted by hype. by C K Mah
65 million years ago dinosaurs ruled the Earth. Scientists
believe a meteorite crashed into the Atlantic causing a
climatic change of cataclysmic proportions. Plants stopped
growing, the dinosaurs died, and man crawled out of the
primeval sludge to eventually invent Windows CE.
Today, scientists tell us that meteorites might hit the
earth again. But I think most sensible people worry more
about everyday threats, rather than fear occurrences that
may never surface. Indeed, why worry about meteorites when
the threat of getting run over by a car looms everyday?
Is Your Mobile at Risk?
What has all this got to do with mobile device viruses?
There has been much discussion recently about the potential
vulnerabilities of new wireless technologies, such as WAP
mobile phones and palmtop computers. Concern has focused
on whether or not these mobile devices can be infected by
You would imagine mobile devices to be at a great threat,
judging by the increased interest of anti-virus vendors
on these subjects. The fact is, to date; there is no virus
that infects mobile phones, despite the hysterical press
releases, media stories and hoaxes stating the contrary.
What has been seen are viruses that are capable of sending
text (SMS) messages to mobile phones. For instance, VBS/Timo-A
is an e-mail aware worm that can send text messages to mobile
phones. Another infamous virus, the LoveBug, is capable
of forwarding its code to fax machines and mobile phones
via Microsoft Outlook. Of course, neither of these viruses
causes any harm to the mobile devices and both are incapable
of spreading further.
A growth area for mobile communications is in the wireless
application protocol (WAP). WAP is based on the same model
as Web communications in that a central server delivers
code, which is run by a browser installed on the mobile
phone or organizer. It is important to note, though, that
there is nowhere on current WAP mobile devices where a virus
can harbor itself.
Unlike a PC, a WAP mobile phone is not able to store the
applications it uses. Also, there is no way a virus would
be able to spread to other WAP users. Current WAP-enabled
mobile phones do not allow for communication between 'client'
phones. Simply put, code passes from the mobile phone company's
server down to your mobile phone, but not vice versa, or
from one mobile phone to another.
The bottom line in this case is that mobile phones and WAP
mobile devices are simply not sophisticated enough to be
infected at the present time. However, consumer demand for
increased functionality often means that manufacturers are
keen to develop the technology required to meet user requirements.
As these mobile devices become more complex, the opportunities
for viruses to infect them may also increase.
real threat: The WLAN weak link
A security weakness in the encryption standard
used within IEEE-based WLANs has been uncovered.
Three cryptographers have described a practical
way of attacking the key scheduling algorithm
of the RC4 cipher, in a paper entitled Weaknesses
in the key scheduling algorithm of RC4.
The RC4 cipher forms the basis of the WEP encryption
that is used in IEEE 802.11b wireless networks.
The paper's authors discovered several ways
to uncover patterns in packets of information
passing over WLANs.
These patterns can be used to figure out the
WEP encryption "key" and the number
used to scramble the data being transmitted.
Once the key is recovered, it can be used to
decrypt the messages. According to the authors,
using a longer key-128 bits instead of the current
WEP standard of 40 bits-does not make it harder
for attackers to uncover the process. The paper
provides a more practical approach to breaking
RC4 than previous publications and lends fresh
urgency to the work of two IEEE groups grappling
with the 802.11 vulnerabilities.
However, the Wireless Ethernet Compatibility
Alliance said enterprise users should continue
to use WEP because only skilled crypto analysts
would be able to exploit the weakness. Enterprises
could also use several existing tools for additional
security, such as VPNs, IPSec, and RADIUS authentication
In addition, many WLAN vendors have introduced
proprietary encryption schemes because of the
known weaknesses in WEP. However, these schemes
are not interoperable with each other. There
other problems uncovered in the WEP structure
but the latest discovery is more significant
because an attack could be carried out faster
and with fewer resources.
One emerging solution is from the 802.1x group
that is focused on overall network security
and authentication. Another is the 802.11i group
that is making use of some of the 802.1x work
to overhaul the identified WEP vulnerabilities.
These initiatives are scheduled to be finalized
by year end and vendors are likely to have products
What about palmtop computers and PDAs-can they be infected
by computer viruses? PDAs run specially written scaled-down
operating systems, such as EPOC, PalmOS or PocketPC. They
are often connected to home or office PCs to synchronize
the data between the two machines. This presents an opportunity
for viruses to spread onto them.
Yet, no viruses currently exist for the PocketPC and EPOC
operating systems, although there is no technical reason
why they could not be written. There is a virus called Palm/Phage,
which is able to infect Palm OS, but it is not in the wild
and poses little threat.
Nonetheless, it is sensible to keep backups of any Palm
applications and data. There is also a Trojan horse known
as Palm/Liberty-A, which is able to infect the Palm OS.
It deletes Palm OS applications and was distributed in the
'warez' community. Like Phage, it is low risk and you are
unlikely to ever encounter it.
Bluetooth is a standard for low-power radio data communication
over very short distances. Computers, mobiles, fax machines
and even domestic appliances, like video recorders, can
use Bluetooth to discover what services are provided by
other nearby mobile devices and establish transparent links
Software that utilizes Bluetooth is currently emerging.
For example, Sun's Jini technology allows devices to form
connections, exchange Java code automatically and give remote
control of services. The worry is that an unauthorized user,
or malicious code, could exploit Bluetooth to interfere
with these services.
However, Bluetooth and Jini are designed to ensure that
only trusted code from known sources can carry out sensitive
operations. For now, this means that it is highly unlikely
for a virus outbreak to occur.
What's To Happen?
Inevitably, the evolution of mobile and PDA technology will
bring with it the development of further security. The issue
here is where you implement antivirus measures. The most
efficient way to protect mobile devices is to check data
when you transfer it to or from the device. For mobile phones,
the WAP gateway would be a good place to install virus protection.
All communications pass through this gateway, providing
an ideal opportunity for virus scanning.
As mobile phones become increasingly interconnected, it
will be difficult to police data transfer at a central point.
In the case of PDAs, one solution would be to deploy antivirus
software during data synchronization with a conventional
PC. Moving forward, there will be an increasing requirement
to put antivirus software on individual phones and PDAs.
However, this can only happen when these devices have sufficient
processing power and memory.
Nothing to Fear
It is easy to get carried away with the threat of potential
viruses on mobile devices. However, much of the hype is
unsubstantiated and based on speculation. There have been
some ludicrous suggestions about viruses. At the moment,
because a virus is limited by the functionality of the platform
it infects, mobile devices are just not sophisticated enough
to allow widespread virus infection.
The current trend seems to be for people to worry about
the potential threats of tomorrow, which may never come
to fruition, as opposed to the real risks of today. The
best advice to follow is to remain alert to what the dangers
are right here, right now and to protect against them. While
you're concerning yourself about the future, you could be
missing what's right under your nose.