This Time, Cell Phone Virus Is for Real

By Carol Ellison  |  Posted 2004-06-19

This Time, Cell Phone Virus Is for Real

It had to happen: A computer virus has spread to cell phone networks. Kaspersky Labs issued an advisory Thursday on a network worm called Cabir that affects phones that use the Symbian operating system.

Cabir uses the Bluetooth wireless peer protocol to propagate, copying itself to other Bluetooth devices as far as 30 feet away, depending on the environment.

Hoax messages warning of cell phone viruses have been traveling the Web for more than two years. This time, its for real, but so far, that doesnt seem to be worrying device manufacturers.

A Nokia spokesman fielded my questions about Cabir with what Id describe as concerned optimism. "Weve always known that malicious software could emerge as an issue in mobile phones as these products became more sophisticated," he told me.

"Still, its no free-spreading mobile virus. The good news about it is that its nothing malicious, but the most important thing is that prevention is pretty easy."

He pointed out that it would take physical actions on the part of the user to accept an infected file that anyone would attempt to transmit. First, the user would have to accept a file transfer from an unknown source. Secondly, the user would be warned that the sender does not possess a recognize security certificate.

So, prevention is easy, right? You just say "no" in the same way you say "no" to suspicious e-mail attachments. Anyone can do it.

But will everyone do it? We wouldnt have virus infections today if everyone who should have known better than to open a suspicious attachment had heeded caution before curiosity.

Next Page: Pondering the possibilities.

Pondering Possibilities

When you contemplate the possibilities, the concept of Cabir gets pretty scary. The number of computer users who are already targets of virus infections pales in comparison to the number of mobile phone users out there. And the threat is compounded by the fact that its not the first proof-of-concept of Bluetooth vulnerabilities weve seen.

There were bluesnarfing and bluebugging, in which it was shown that hackers could anonymously gain access to a Bluetooth device.

There is also bluejacking, which isnt hacking. Its the practice of sending anonymous messages to nearby Bluetooth devices, but some researchers suggest that it opens the door to abuse by enabling data exchange.

(A detailed description of these and other possible attacks can be found here.)

And if you think these holes might affect only kids and gamers who exchange files, ask yourself whether the Java applets used to facilitate enterprise data exchanges can really remain immune. They are, after all, executables.

According to Bruce Schneier, founder and chief technology officer of Counterpane Internet Security, in Mountain View, Calif., they wont always be safe.

Schneier, the author of "Applied Cryptography," has been predicting this day for nearly three years now. In 2001, he took one look at Bluetooth and the over-the-air peer networks it enables and declared it "an eavesdroppers dream." He cautioned it should be treated as "a broadcast protocol, because thats what it is."

After news of Cabir broke, I caught up with Schneier on his cell phone while he was awaiting takeoff to Albuquerque. What amazed him about news of the virus was that anyone was amazed. That malicious code could infect a cell phone network is no more surprising, he says, than having it show up in a computer network.

"It takes specialized knowledge to exploit a cell phone, but youre going to see more of this because mobile phones and handheld devices are the new computers," Schneier predicts. "They have OSes. They download software. So, theyre going to be just as vulnerable."

And he predicts that the back-end networks that communicate with them will become vulnerable as well, posing yet another threat that IT staff will have to be cognizant of.

"What were seeing is a lot of convergence," Schneier said. "Were plugging our mobile devices into our networks. Although it is complicated as heck, it is not inconceivable that some kind of malicious software could get onto my network through my mobile phone."

Editors Note: This story was updated with corrections regarding the nature of the virus.

Check out eWEEK.coms Mobile & Wireless Center at for the latest news, reviews and analysis.

Be sure to add our mobile and wireless news feed to your RSS newsreader or My Yahoo page

Rocket Fuel