The Threat

By eweek  |  Posted 2001-10-29 Print this article Print

The Threat To date, most wireless attacks have happened outside the U.S., in markets where wireless devices are more widely used. However, one virus that did hit U.S. handhelds was known as the Liberty virus.
Some personal digital assistant users received what they thought was a program that would allow them to play a certain game for free. But when they double-clicked on the link, it launched a virus that erased all the data on the devices.
For people who regularly back up their PDA information on their PCs, the virus wasnt devastating. More serious problems, however, have occurred overseas in the form of viruses, malicious code that forced phones to dial particular numbers, intercepted transmissions and data theft. One virus was distributed in Scandinavia as a short message. When a user received the message, the virus rendered the buttons useless. Users had to take their phones in to their service providers to get them fixed. Because many wireless devices also have telephony capabilities, new types of malicious code have been written that force them to make phone calls. One incident in Japan caught the attention of wireless operators and software companies around the globe. Users of NTT DoCoMos popular I-mode service received an e-mail with what looked like an embedded Web site link. When customers clicked on the link, their phones automatically dialed Japans emergency response number. "Luckily they could stop it before it got too bad, but that could shut down a 911 system, and that could have life-and-death consequences," Vergara said. Similar viruses could be unleashed that, for example, might flood a companys call center, or cause phones to dial a 900 number. A corporation could be seriously affected if a virus that spread to all its mobile workers racked up significant charges. Perhaps more alarming to businesses is the threat of data theft. All wireless transmission standards have security built in to prevent the interception of information as its being transmitted, but theyre known to be fallible. The developers of standards such as Wireless Application Protocol (WAP) and the wireless LAN 802.11B standard have included encryption technology designed to head off the threat of "sniffing." Sniffing is an inherent problem in wireless because the network is essentially everywhere. In the wired world, sniffers must have access to physical parts of the network in order to break in. "The problem is, with wireless, they dont even have to be in the network. They can be in a van outside with a transmitter," said Steve Gottwals, product marketing manager of F-Secure, a company that specializes in securing enterprise wireless users. The widely used wireless LAN standard, 802.11, came under fire recently when researchers at the University of California at Berkeley figured out how to crack its built-in encryption. Still, Gottwals is hopeful, because developers addressed security from the start and are working to beef it up before wireless LANs become more pervasive. Also, companies will have to secure wireless transactions. "There will be attacks on the devices themselves, but they quickly will be focused on transactions," said Brian OHiggins, chief technical officer of Entrust, an Internet security company. These threats are expected to grow more serious and frequent as devices develop more capabilities. "Typically, we look to the past to predict the future," Gottwals said. "Every time there is a technology advancement, along with it comes new possible threats." In the PC environment, each time software companies release popular technologies, people use them to write malicious code. The same is expected with regard to wireless. For example, a Windows program can currently run on a Windows CE device, but CE doesnt yet support macros. "So, because the device doesnt support macros, the ability for viruses to spread is nil," said Vincent Gullotto, senior director of research at McAfee AVERT (Antivirus Emergency Response Team). But wireless devices are rapidly developing other capabilities. "In the beginning the PDA was just something used to store contacts. But today they are little computing devices," Gullotto said. "As you create more functionality, theres more of a chance of things being used improperly." So far, most viruses have been regional. But as regions of the world begin to standardize wireless technologies, the threat of viruses spreading around the globe grows. NTT DoCoMo, for example, plans to open its network globally by 2003, Hansmann said. "Then, NTT DoCoMo threats can spread worldwide." Also, the more capabilities supported by devices, the greater the potential for viruses to spread between PCs and mobile devices, which could enable viruses to spread very quickly. In the future, Hansmann expects that Windows CE will support Java script so that the same applications can run on PCs and handheld devices. Then viruses can spread easily via e-mail or programs that synchronize PCs and handheld devices. Some wireless phones, including versions Nextel Communications sells primarily to businesses, already support a version of Java.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel