IN THE wake of the Love Bug virus attack, computer scientists are warning
that future viruses aimed at intelligent mobile phones and personal digital
assistants (PDAs) may be even worse. They could record your conversations and
forward them to others, delete money from 鈥渆lectronic wallets鈥, or perhaps rack
up huge telephone bills. 鈥淭hese viruses could spread rapidly in future,鈥
predicts David Chess, an antivirus researcher at IBM鈥檚 T. J. Watson Research
Center in Yorktown Heights, New York.
Computer viruses attack devices that are programmable, and spread when there
is some link between one device and another. Early viruses spread mainly via
infected discs handed from user to user. Today the main avenue of infection is
by e-mail.
鈥淭he thing that makes viruses a threat is that we鈥檙e so well connected,鈥 says
Charles Palmer, a specialist in network security and cryptography research at
IBM. This suggests there is a huge potential for viruses to spread via future
programmable mobiles.
Advertisement
In current and next-generation phones, and in PDAs, designers have several
ways to prevent virus damage. First, they can limit the devices鈥
programmability, leaving them without the capacity to run viruses. Current
phones already fall into this category鈥攂ut future generations will be much
more capable.
Another option is to store important programs in read-only memory so that a
virus cannot overwrite them. 鈥淭he drawback then is that the phone cannot be
upgraded,鈥 says Edward Felton, a computer scientist at the Secure Internet
Programming Laboratory at Princeton University in New Jersey. And this strategy
cannot protect data that the user adds, as it must be stored in a writable
memory. 鈥淎 virus that changes your mom鈥檚 number to a premium-rate number in
Nigeria could rack up huge bills,鈥 says Palmer.
Finally, it is possible to ensure that a phone鈥檚 built-in programs are
separate, so that one program cannot start another. If the virus cannot dial
out, it cannot spread.
But researchers say there is huge pressure on cellphone designers to add
functions, and that this will increase the chances of infection. 鈥淚f somebody
sends you a telephone number by e-mail, you want to be able to click on that
number to dial it,鈥 says Avi Ruben, a specialist in Internet security at the
AT&T Laboratories in Florham Park, New Jersey. 鈥淚 know that there are
prototypes in development that allow this kind of threat,鈥 adds Felton.
When e-mail attachments can trigger other applications, they could dial out,
start recording software for personal surveillance, or wipe out the contents of
files such as electronic wallets.
However, Charles Davies, chief technology officer for the British PDA maker
Psion, argues that this scenario is unlikely, at least for devices that run the
widely used EPOC operating system, which he helped to design. 鈥淚 don鈥檛 want to
seem smug or complacent but I just don鈥檛 see it as a big threat,鈥 he says.
Palmer sees the way forward in mathematical proofs that show whether a system
is secure, and calls for more research into the area. 鈥淚t鈥檚 the only choice we
have in the long run,鈥 he says.