Computer Bugs Find New Target

The wireless industry braces for malicious code aimed at "smart" devices.

Smartphone, Smarter Software

In July the world's first cellphone virus knocked on the door of this Nokia smartphone [1], owned by the Kaspersky Anti-Virus Laboratory in Russia. Luckily, the virus, dubbed Cabir [2], was a proof-of-concept, created to prove that PC viruses can infect wireless gadgets. Kaspersky used Cabir to write protective software [3,4].John B. Carnett; Kaspersky Lab

Imagine switching on your wireless Pocket PC device one day and finding your address book wiped clean. Or getting a call from the police, who want to know why your cellphone has been dialing 911 all night.

You'd tell the cops what many tech gurus have long expected: Viruses are going airborne. In June the underground virus lab known as 29A created Cabir, which is believed to be the first cellphone virus, and a few weeks later the same group wrote Dust, the first virus capable
of infecting certain portable devices running Windows CE, a pared-down version of Microsoft's desktop operating system. Both germs are proof-of-concept viruses that have supposedly not been unleashed into the wild, but they represent a distressing new development in the war against malicious code.

For now, security experts aren't too worried, thanks in part to the diverse, ephemeral nature of the wireless market, in which various operating systems are scattered among countless short-lived products. Unlike desktop viruses, which wreak universal havoc by exposing flaws shared by hundreds of millions of computers, wireless viruses must be tailored to exploit the foibles of specific cellphones, PDAs or other gadgets, says David Perry, the global director of education at the Cupertino, California, security software maker Trend Micro. Cabir, for example, only works on about a dozen Bluetooth-enabled Series 60 phones
that use the Symbian operating system, and it can't easily spread to other devices because of Bluetooth's built-in safeguards: The wireless port is switched off by default and requires user approval to make a connection.

More users and their mobiles will be vulnerable if a particular product becomes hugely popular and the hackers go after it, Perry says. But antivirus firms are already offering protection. Trend Micro's PC-cillin software now includes features for safeguarding Palm OS, Pocket PC and other platforms, and McAfee's VirusScan PDA title works on all Pocket PC units running the Windows Mobile 2003 operating system.

Some hot products, such as the BlackBerry PDA, are effectively immune, says Joe Hartmann, Trend Micro's director of North American antivirus research. For example, a network administrator can block employees' BlackBerrys from downloading third-party applications such as games, the easiest way to deliver a virus. And, like many handhelds, BlackBerrys have a limited ability to handle e-mail attachments.

Fortunately, so far, concocting more pernicious wireless viruses requires elite skills. "Most virus writers are script kiddies," writes the author of Dust, a 29A member nicknamed Ratter, in an e-mail from an unknown location. "They write worms and viruses in Visual Basic and have no desire to learn the real language of virus writers --Assembler," he says, referring to the obsolete language still used by die-hard programmers. Ratter and other members of 29A (the hexadecimal equivalent of 666) aren't script kiddies, and it's no surprise that they're now probing the wireless frontier. "They're one of the more dangerous groups," Hughes says. "To get in 29A, you have to have skills. You have to prove yourself."

When will the first bonafide wireless plague strike? Hartmann thinks big trouble won't happen for several years, until, say, a radical new battery technology takes devices to the next level, with more easily-breached operating systems and round-the-clock network connections. "There's a big future in wireless viruses," Perry says. "It just hasn't happened yet."