Are Wireless Viruses Looming?

Last year's wave of new virus attacks could be duplicated this year--on wireless devices.

"This is probably the future of all threats and viruses," says Leo Chan, product manager for Network Associates International in Hong Kong.

Like their wireline cousins, wireless viruses can erase data or damage devices including mobile phones, PDAs, and laptops hooked up to wireless local area networks. One of the first reported wireless viruses was aimed at the Palm OS, developed by Palm Computing, and released in September 2000. Subsequent viruses have been transmitted via short messaging service, and have targeted phones manufactured by Nokia and some SIM cards, says Chan.

"[Wireless viruses] are not so prevalent now because there are so many types of devices," Chan says, adding that in the future, the number of viruses and the rate of infection will increase due to cross-platform systems such as Java.

E-Mail Invaders

Early viruses have mirrored e-mail-based invaders. Received via SMS, the message asks the user to open it. Upon opening, the user's phone crashes, or the message is copied and sent to all mobile phone numbers stored in the user's phone book. Chan says that removing the viruses is not difficult for devices running on common operating systems, like Palm OS or Windows CE, but can be more problematic on mobile phones, which often use proprietary software.

The problem could compound itself as attacking these wireless devices could be particularly effective, says April Goostree, virus research manager at McAfee.com, because they are "applications that people don't associate with viruses."

"We have historically seen threats target the newest technologies" and these technologies should be no different, says Steve Trilling, senior director of research at Symantec's Security Response.

Luckily, according to Goostree, "the solutions for all of these things are out there" in the form of antivirus software and personal firewalls. Unfortunately, many users either don't keep their software up-to-date, deactivate it, or use it incorrectly, she says.

"The tools are there, it's just a matter of getting people to use them," she says.

Raising Awareness

"I don't think it's of any greater concern than any other area," says David Sykes, director, northern Asia, Symantec Hong Kong, of the wireless threat. "The issue is user awareness," he adds.

Sykes believes that a stringent user policy, about who has access to wireless LANs, along with personal awareness of what types of files can carry viruses, offer significant protection, just as for e-mail and networked PCs. He says, "the majority of these environments come with the [security] facility, it's just a matter of whether or not it's turned on." Sykes adds that software packages bundled with security features turn those features off by default, and many are never turned back on, leaving the door open for attacks.

He did, however, acknowledge the significance of the attacks seen in 2001. "Nimda, these blended threats, changed the game entirely."

Coden Hau, also a product manager at NAI, says that threats can be located quickly and easily. "The traffic is totally different than a normal user pattern," Hau says of virus and hacking activity.

Network Protection

Although enterprise use of wireless LANs is still in its early stages, some companies are failing to protect their networks. Bakul Mehta, president of Sniffer Technologies, says that during a meeting in Boston, he and his colleagues were able to view data from an unsecured wireless LAN operated by a company whose office was across the street.

NAI's Chan says that widely available devices such as Compaq Computer's iPaq can be configured and used to scan wireless networks.

"Big corporations do want to protect themselves, but it's whether or not the standards are good enough," Chan says.

"Security is always a great concern," says Kenny Yang, country manager, Hong Kong for 3Com. Yang says the company develops its own security solutions for its products, and incorporates them into its wireless LAN equipment.

"At the minimum, we do 40-bit [encryption]. On the high-end, we do 128-bit," he says. The 3Com Access Point 8000, for example, released in Hong Kong February 7, gives each user a unique key and changes the key with every session, and can support up to 1,000 usernames and passwords, the company says.

Sam Costello of the IDG News Service contributed to this report.