Semi-OT:As More Cellphones Link to Internet, Threat of Viruses Grows
By CASSELL BRYAN-LOW
Staff Reporter of THE WALL STREET JOURNAL
October 20, 2005; Page B1
Kathryn Wilson was on a Mediterranean cruise this spring when a text message popped up on her cellphone screen asking if she wanted to download a program called "CommWarrior." Not knowing what it was, she declined, but the message kept popping up until she finally gave in.
An hour later, Ms. Wilson realized her phone was firing off text messages touting videogames and pornography to numbers found in the phone's contact list. It dawned on her that a virus had infected her handset. She tried turning off the text-message function, "but the virus was so strong that it would turn it back on," says Ms. Wilson, an administrator for a headhunting firm in Essex, England.
Ms. Wilson's experience illustrates the small but growing threat of malicious software designed specifically to attack cellphones. So far, most cellphone viruses have been "proof of concept," or created by virus-writers merely to show that they are possible without being generally released into the public. But malicious viruses are expected to become more common as more cellphones morph into so-called smart phones, which can send e-mail, surf the Internet and download software such as videogames -- all of which makes them more vulnerable to viruses.
With names like Skulls and Cabir, cellphone viruses operate in a variety of ways. Cabir, the first cellphone virus, emerged in June 2004 and experts estimate the number of Cabir-infected phones to be in the thousands. The virus leaps between phones in close proximity via Bluetooth, a short-range wireless technology that some phones use to exchange information or connect with a wireless headset.
CommWarrior has mutated into its third version, known as CommWarrier.C, which can spread itself not only via Bluetooth and multimedia messages, but also through memory cards. Mobile 365 Inc., a Chantilly, Va., company that facilitates the transmission of multimedia messages between incompatible tehcnologies, has detected and blocked over 14,000 CommWarrior-infected messages since August.
Bluetooth does have a built-in defense mechanism in that users are asked whether they want to accept incoming programs. But the viruses are often disguised as videogames or designed be so persistent that a user ends up accepting through sheer frustration, as in Ms. Wilson's case.
Anders Edlund, global marketing director for Bluetooth SIG Inc., the Bellevue, Wash., trade group that controls the technology, likens Bluetooth to the Internet: It is a way to transmit information. As a result, it is "very difficult to filter" the traffic that uses it.
While some viruses do little more than display a pop-up message on the screen, others can shut down a phone or run up a subscriber's bill by firing off pricey picture messages. Ms. Wilson says the CommWarrior virus that infected her phone ran up $175 in service fees on her bill through sending text messages. After unwittingly passing the virus on to several colleagues and to her boyfriend's brother when she returned home, she downloaded some antidote software from the Internet and disabled her Bluetooth connection. As a result, she no longer is able to swap photos and games with friends, though her phone is free of the virus.
Estimates of the number of cellphone viruses discovered so far by experts ranges from about 20 to over 90, depending how they are categorized; a virus often has multiple variants. While it is usually difficult to tell where a virus comes from, the code sometimes carries clues. Experts say CommWarrior, for instance, may have come from Russia because Russian comments are found in the text of the code.
For now, the authors typically are "hobbyists and teenagers" rather than criminals motivated by profit, says Mikko Hypponen, director of antivirus research at Finnish antivirus software firm F-Secure Corp. That's because it is still much easier for crooks to use Internet-borne viruses to reach a large number of computers -- and therefore make money from spam or identity theft -- than it is to infect a lot of phones. But Mr. Hypponen expects that to change as use of smart phones becomes more widespread.
The wireless industry initially shrugged off the theoretical threat of cellphone viruses, in part because many cellphone-system operators have limited the Internet access of traditional cellphones to their own Web portals, where the company can tightly control what clients download. But the industry has been taking it more seriously of late as the use of smart phones spreads, enabling customers to surf the broader Web. The roughly 60 million smart phones in use today world-wide account for only about 3% of all cellphones, according to Yankee Group. But the Boston consulting firm predicts that number could grow to more than 300 million by 2009.
Europeans and Asians have been quicker to adopt these more sophisticated and more virus-prone phones. About 43% of smart phones sold this year will be bought in Western Europe, 23% in Asia and 17% in North America, Yankee Group forecasts.
Over the past year or so, cellphone system operators have started experimenting with two main approaches to protect their clients: screening their networks for viruses, and offering subscribers downloadable antivirus software that resides on the phones themselves. The latter approach is cheaper and easier for operators to implement than the former, says John Pescatore, an analyst at technology research firm Gartner Inc.
However, to prevent viruses from becoming as big a scourge to cellphones as they have become to computers, Mr. Pescatore says antivirus software should be built into both the network and phones. Protecting phones is important because some viruses can bypass the network via Bluetooth or by connecting directly to the Internet through Wi-Fi technology, another wireless system that some phones offer. But many cellphone subscribers may not be willing to pay to download and install antivirus software or may not do it properly.
Cingular Wireless, Sprint Nextel Corp. and Verizon Wireless, owned by Verizon Communications Inc. and Vodafone Group PLC, have started monitoring their networks for viruses. Cingular, a venture of SBC Communications Inc. and BellSouth Corp., says it also is looking into offering antivirus software downloads for its customers' phones. But other cellphone systems, including Sprint Nextel, say such software should be the responsibility of the phones' makers.
Vodafone, the world's largest wireless operator by revenue, says it doesn't currently offer handset protection or filter messages on its network but is considering both options.
Orange, a unit of France Télécom SA, is testing a two-pronged approach in Switzerland. It scans for potential virus-bearing messages as traffic passes through its network. In addition, Orange is testing an offer that provides antivirus software to seven types of Nokia handsets.
T-Mobile International AG, the wireless unit of Deutsche Telekom AG, is "investigating" screening at the network level, says Przemek Czarnecki, its head of handset technology. For now, it prefers to sell customers the means to protect their handsets. T-Mobile subscribers in Germany can get regular antivirus software updates for the equivalent of $2.40 a month. As of early next year, T-Mobile will require its suppliers to ship it new smart phones loaded with antivirus software. T-Mobile's U.S. division is in discussions with phone suppliers about a similar arrangement.
Most viruses so far have targeted phones that run on software from Symbian Ltd., a U.K.-based consortium part owned by cellphone maker Nokia Corp. Security experts say that is because Symbian is the dominant software used in smart phones, but competitors will likely become targets as they gain ground. Virus writers, for instance, already have targeted software from Palm Inc., used in the popular Treo smart phones, but security experts say the threat of infection currently remains low.
No virus has yet been detected on Research In Motion Ltd.'s BlackBerry devices, says Raimund Genes, president of European operations for antivirus software maker Trend Micro Inc. While BlackBerrys can open documents they can't download programs, making the devices much harder to infect, says Mr. Genes.
David Wood, head of research at Symbian, says the company is working on various security initiatives, including a certification program with cellphone operators so that only approved applications can be downloaded by customers onto phones. He adds that the company is designing its products to avoid certain weaknesses discovered in computer software. "We have an advantage of coming after the PC industry" and "have had the chance to learn from that experience." |
