Not at the moment, although new strains of viruses that infect smartphones pose yet another network security problem that
you'll have to worry about in the future.
Recent headlines such as "Cabir worm wriggles into U.S. mobile phones" conjure up the image of old tabloid headlines touting
killer bees heading to the U.S. from South America. The latest buzz is that your cell phone could be infected with a nasty
virus and you might not even know it.
Granted, your chances of infection are probably less than getting stung by killer bees, but mobile threats are only in their
infancy and will continue to grow in sophistication, making the problem something IT staff should get on their radar early.
There are several mobile phone viruses in the wild at the moment, including Skulls, Cabir and Fontal. And, like many PC-based
viruses, each has its own set of variants aimed at keeping users and security vendors on their toes.
Skulls spreads by hiding in what looks like a harmless application for your mobile phone, be it a "theme" manager application
or simple game. It replaces system icons with a picture of skull and cross bones and makes it difficult to access phone functions.
Cabir variants - there are roughly 20 - use Bluetooth wireless technology to spread between phones in close proximity. And Commwarrior uses the Multimedia Message Service (MMS)
to send infected files that look to be important security updates between devices. Commwarrior also will reset the device
on the 14th day of the month, thus deleting all settings and data, if the virus is not removed in time.
Fortunately, the number of reported infections of each variant of Cabir, Commwarrior and Skulls fall in the 0-to-49 range,
according to Symantec's virus threat database. Removal of the viruses is relatively easy, usually involving the deletion of
infected files. In rare, more severe cases, the device might need to be reset to the original factory settings.
Vulnerable devices
The current slate of viruses all target the Nokia Series 60 smartphones running the Symbian operating system . A smartphone combines phone and PDA functions into one device. The good news is that 96% of the phones sold last year are
not smartphones, use an operating system other than Symbian and are, therefore, completely immune to existing mobile threats.
Symbian holds the biggest share of the smartphone operating system market, with 13.65 million units shipped in 2004. Other
operating systems such as palmOne and Windows Mobile accounted for another 6.6 million units, according to In-Stat/MDR. By
comparison, the total number of worldwide mobile phones sold in 2004 was 678.9 million, says Neil Strother, a senior analyst
at In-Stat.
Of the major wireless providers in the U.S., only T-Mobile and Cingular offer Symbian-based phones. Verizon Wireless and Sprint don't carry any
Symbian devices.
Even if one does have a Nokia Series 60 device, it takes some effort to catch the virus. Unlike many of today's network-based
worms that can spread between PCs and servers without any end user interaction, mobile viruses are far less sophisticated.
With Cabir, users must have Bluetooth turned on and visible to nearby phones that are similarly equipped. An infected phone
will constantly search for other Bluetooth devices to which it can pass its payload. The target machine will get a message
asking the user to accept and install a SIS file (a Symbian file format) being transmitted via Bluetooth wireless. Users would
have to accept both the transfer and installation of application to get infected.
A phone infected with the Cabir virus uses Bluetooth to continuously search within a 32-foot range for other devices to target.
It attempts to send infected SIS files to the first Bluetooth-enabled device it can find.
2.
The worm arrives at the target device, which must be running the Symbian OS and have Bluetooth turned on in “discoverable”
mode. The targeted device will prompt its user to receive a message from the infected device.
3.
If the user chooses to accept the message, her phone will issue a security warning. Disregarding the warning, she opts to
proceed.
4.
The user then will be prompted to install the virus, which also goes by the alias “caribe.” The user chooses yes.
5.
The Cabir infection takes hold. The cycle repeats when the worm in the original phone and newly infected device start looking
for new devices to infect via Bluetooth.
Commwarrior works in a similar fashion, except it uses an MMS message that claims to be delivering an important Symbian security
or application update, says Travis Witteveen, vice president of American operations at anti-virus vendor F-Secure. Targeted
users still have to accept the download and install the file to be infected. Commwarrior does add a bit of nastiness in that
it embeds itself into application files on the device, making it more difficult to disinfect.
"Consumers have to go through hoops to get the virus," says Laurie Armstrong, a spokeswoman for Nokia, which has a large financial
stake in Symbian. "These are not crazy, freely spreading viruses."
There's no inherent flaw - such as a buffer overflow or missing security feature - that virus code writers are exploiting
in the Symbian operating system or Nokia's implementation of it. "The threats are targeting high-end phones that have fully
functional operating systems and have the ability to download and install arbitrary applications," says Oliver Friedrichs,
senior manager at Symantec Security Response.
Symbian offers a signed application service that digitally certifies the author of an application and that the application
has not been changed since certification. When non-signed applications are installed, users get an additional "do you really
want to do this?" warning.
"A Symbian-signed application [or any signed application in general] is a measure of certain standard of application," says
Simon Garph, vice president of marketing at Symbian. "You know where it comes from and that it's been through a certain series
of tests."
The mobile-oriented viruses are not designed to do much more than spread, although they might mess up a device enough that
it has to be reset to the original factory settings or drain the battery because an infected unit constantly searches the
airwaves for a new target.
"Right now they're more proof-of-concepts," Friedrichs says. "People are writing them to show that something can be done or
that the phone platforms can be impacted by threats, just like the PC is."
Continued
Interview: A blind eye to Web applications?
IT people see only 1% of the application errors that plague end users. Coradiant co-founder tells you why and how you can fix that in this week's Network World Hot Seat. Watch now
Find IT Consultants Post Your Project for Free. Get Bids from Thousands of Pre-Screened Consultants.
FirstSpot - Wi-Fi Hotspot wireless gateway Wi-Fi Hotspot Management Software for Windows - various enhancements include Data Transfer tracking and Quota System, Hour-pass/day-pass,
RADIUS Authentication Mode, Client Isolation and more ...
Try HearMe Web Conferencing FREE Register to receive a free video conference account free. Share video, audio, IM, and files with colleagues or clients in
a secure and private setting. Great for online training, seminars, live support, and more!
