Bug Watch: wise up to the wireless worm

Douglas Adams said it best: "Don't Panic!"

Every day it seems another technology magazine or internet security expert is forecasting doom and gloom about the day hackers and cyber-vandals gain control of wireless devices, wreaking havoc on savvy, yet hapless, users who have forgotten how to check the weather or email their grandmother without their favourite Wap-enabled weapon of choice. It's enough to make your beloved cellphone explode just listening.

In reality, there have not, to date, been any major, malicious software attacks targeted at the general population of internet-enabled wireless device users, not to the extent that we have seen email users victimised by the likes of the 'I Love You' or 'Melissa' computer viruses.

Sure, there have been a few notable malicious programs like the 'Liberty Crack' Trojan targeted at Palm OS handheld devices, and the 'Timofonica' Trojan, which spammed phones with propaganda SMS text.

Rather than being active threats against the mobile user at large, these were at most 'proofs of concept". And none were designed to spread freely from user to user - a trademark of the classic mass-spreading virus.

These programs that we saw throughout the year 2000 were significant in convincing us that the ability to write malicious code for wireless devices was present, and that the infrastructure supporting those devices could be manipulated with some clever tricks.

There was one notable mobile hack that had deep implications. The 911 Dokomo was a Japanese cell phone hack that combined a demon dialler, a web page and Java script-enabled mobile phones. In effect, it shut down the emergency telephone system in Tokyo, briefly.

Not that there couldn't be some serious future consequences. The world is definitely moving towards more integration of phones, PDAs and other devices that communicate wirelessly with each other, with our office, or through the internet.

By 2005 it is estimated that more than half a billion wireless devices will be connected to the web. Bluetooth and 802.11 promise us the ability to connect to PCs, the internet, the mini bar in your hotel room and, potentially, even a parking meter or taxi.

Palm Corporation recently announced plans to support Bluetooth chips in their PDAs by the end of the year. The M-Services initiative promises more industry-wide Wap standards to propel Europe towards a truly mobile internet. Micro Java code is expected to make its way onto over 100 million phones by end of 2003.

Handhelds operating on Windows CE, although currently safe from Windows scripting viruses, are susceptible to macro viruses. Speaking of Microsoft, we are still awaiting announcement of the much-anticipated Microsoft web phone, due early this Autumn. This all adds up to a great and increasingly greater mobile computing presence worldwide.

What does it all mean?

Hostile code for mobile devices is still a thing of the future. We can't panic about it now, but we can prepare for it, be aware of the potential dangers, and work towards creating a more secure infrastructure for wireless device usage.

Wireless devices are an extension of the enterprise network that companies like Trend Micro know how to protect. So the same rules apply as they did before: multiple points of protection and an integrated, full-spectrum solution to hostile code.

All data passed through phones, PDAs or other personal area network inventions will travel through at least two points: a centralised information portal and the device itself.

In addition, email, internet communications and file transfers continue to be vulnerable points along the data stream. Security software developers at Trend Micro are already developing solutions, like PC-cillin for Wireless, to keep pace with the arrival of new technologies and, ideally, to keep ahead of hostile code writers.