• Recommend:
• 0 Comments

Handhelds Will Get Hammered

Mobile devices will be vulnerable to virus and spam attacks.

By James Kobielus, PCWorld   

Many believe the recent Timofonica virus-driven spam attack on data-enabled cell phones in Spain was the first documented rogue code to target wireless e-mail users. Written in Visual Basic Script, the virus took hold in desktop versions of Microsoft Outlook 2000 or 98 and mailed itself to all addresses in Outlook's address book. For each infected message transmitted, Timofonica also sent a Short Message Service (SMS) message to randomly generated telephone numbers on Spain's Global System for Mobile Communications-based Movistar mobile phone service. The SMS messages spammed mobile phone subscribers with statements critical of Telefonica, the carrier that operates the Movistar service.

The Timofonica incident was relatively benign, as virus attacks go. But we're bound to see mobile-phone virus attacks of increasing severity, especially asthe Wireless Application Protocol market expands and knowledge of particular WAP phones' security vulnerabilities becomes widespread.

Built-In Defense

It's too early to say whether wireless e-mail clients are inherently more or less vulnerable to viruses, spam, and other content threats than their wired counterparts. On the plus side, it appears no single mobile mail client will achieve anywhere near the market presence of Outlook, which is the primary target for Melissa, IloveYou, and other mail-based viruses.

Viruses usually target vulnerabilities in specific vendor software implementations on specific platforms. Mail-borne viruses would be particularly devastating if a wireless operating system or mail client achieved the degree of monopoly that Microsoft has attained in the desktop world.

Where virus protection is concerned, another strength of wireless clients is their special-purpose, hardware-oriented design. Increasingly, these clients will be network appliances "hard-wired" with operating and application software on protected erasable programmable read-only memory. The more function-limited and firmware-based a network appliance, the less vulnerable it will be to tampering by malicious code.

Furthermore, wireless messages consist primarily of text, not binary attachments, thereby preventing viruses from jumping across the airwaves to the client.

Providing Protection

Traditional client-based antivirus protection will be a nonstarter in the wireless world, owing to resource constraints in cell phones, PDAs, and other network appliances. No one seriously expects wireless client vendors to add the processing, memory, and disk resources necessary to run large footprint virus scanners on their devices. Even if they did, few customers would want to pay extra for the resultant virus-protected devices. As in the wired world, the average wireless user will adopt a reactive, fatalistic approach to mail-borne content threats, taking few special precautions and only dealing with vulnerabilities when they become showstoppers.

Consequently, wireless users will depend on their service providers for mail content inspection, filtering, blocking, and neutralization. This should be a basic feature of all wireless data services. Thus far, wireless handset manufacturers, infrastructure vendors and service providers have paid insufficient attention to antivirus and antispam concerns.

Failure to incorporate mail antivirus and other content-filtering features into wireless services could put mobile commerce in jeopardy by exposing users to nonstop e-mail-based harassment. It's an issue that could turn ugly fast with average users, unless the industry addresses it proactively and comprehensively.