Are mobile phones in danger of being the next big thing for virus writers? The answer is a resounding "maybe." Two years ago, there had never been a virus written for mobile phones. Yet today more than 100 have been identified as "in the wild." The ramp rate of mobile viruses compared to PCs is incredible. Why hasn't there been more awareness of the dangers posed by these viruses? Despite the incredible number of viruses appearing, some factors reduce the danger to corporate information posed by cell viruses.
First, the cell phone industry has evolved in a different fashion than the PC industry. Rather than having one dominant operating system such as Windows, the cell phone industry has two platforms in use—the Symbian OS and the Windows Mobile OS. A virus writer must create a virus for one of these platforms, which prevents it from affecting the other because viruses are OS specific. And then the writer must take into account the myriad handsets available, the different network topologies of the providers, and more. Simply put, the lack of homogeneity found in cell networks when compared to the local LAN makes cell phones an unattractive target for anything but a proof-of-concept.
Second, the vector for spreading cell-based viruses limits their impact. With PC-based viruses, malicious code often sends copies of itself to every email address in an infected computer's address book and also starts searching the network—or even the Internet—for other computers to attack. With a cell-phone virus, Bluetooth is the medium used to spread viruses between phones. Spreading viruses depends on close proximity between an infected cell phone and a potential new host.
Does that mean you should ignore mobile viruses? Most definitely not. Even though the impact has been limited so far, that does not mean it will continue forever. So take the following three steps to reduce your exposure:
- Limit use of Bluetooth—today, Bluetooth is a convenient way to pass phone numbers between cell phones or transfer calendar information. Because it is not authenticated, it is also a convenient way to pass viruses. Whenever possible, the use of Bluetooth should be limited or deactivated. One way to discourage its use is to turn it off in the default configuration of new laptop computers as they are handed out.
- Look into antivirus products—a number of antivirus companies have come out with specialized versions of their products for cell phones. Although not a necessity today, in the future you will need the same level of security for cell phones as laptops. It is better to do the research now and understand what is available.
- Deploy a firewall—as more information is stored in mobile phones, it will be critical to protect them—limiting what connections go into and out of them. By deploying a centrally managed firewall on cell phones, you will take back control over what can happen on these mobile computing platforms.