Bluetooth viruses pose growing threat
Experts have predicted that more viruses targeted at mobile phones and PDAs will emerge in 2005.
There will also be a change in the way that viruses are spread, they say, with an increase in the number of viruses that spread wirelessly between devices, including viruses that can exploit the wireless capabilities of laptops.
David Emm, a senior technology consultant at antivirus company Kaspersky Labs, expects that virus writers will increasingly target mobile phones.
"I expect to see more mobile threats -- threats aimed at PDAs, threats aimed at smartphones -- than we have seen this year," said Emm. "Cabir was the first to attack smartphones, I expect that target will become more and more attractive to malicious code writers."
Security firm Panda Software agrees that more mobile phone worms are likely.
"One of the real surprises of 2004 was the appearance of Cabir, the first worm that affected cell phones," said a Panda Software spokesman. "There's no doubt that this is an area of increasing interest for the creators of malware and it is likely that attacks on cell phones and other platforms will be consolidated with the appearance of new 'concept trials' such as Cabir or even more dangerous specimens."
The Cabir worm was discovered in June 2004 after a copy was sent to antivirus companies by the group that had created it, but was quickly determined to be a relatively harmless, proof-of-concept program. Last week it was discovered that that the source code for the Cabir virus has been posted on the Web, which has lead to concerns that we may soon see the virus in the wild.
The Cabir virus spreads itself to new devices by using the Bluetooth wireless short-range protocol, although it can be prevented by turning off a phone's 'discoverable' mode.
Mikko Hyppönen, the director of antivirus research at F-Secure, warned that vulnerabilities in Bluetooth and other wireless technologies could be exploited in the future, enabling devices to be infected even if the user is running a firewall, or has turned Bluetooth to hidden mode.
A Bluetooth security vulnerability discovered in February last year allowed mobile phone users' contact books to be stolen, but was said to be unlikely to affect other Bluetooth devices, such as laptops. In August, a vulnerability was found in the WIDCOMM Bluetooth Connectivity Software which could be exploited by to compromise a user's system.
Hyppönen believes that Bluetooth-enabled laptops are likely to be targeted in future virus attacks. Laptops that have Wi-Fi capabilities are also a likely target, he said.
"If you buy a laptop today it has built-in WLAN and Bluetooth capability, while two years ago this wasn't the case," said Hyppönen. "Computers are listening to radio traffic all the time. Even though you can safeguard a WLAN with a firewall and can turn Bluetooth to hidden mode, if you have weakness in a WLAN or Bluetooth driver the weakness can be exploited."
Hyppönen said a firewall will not protect a wireless network if there is a flaw in the WLAN driver, as the firewall must obtain the traffic before it can inspect it, so a weakness in the WLAN driver can be exploited before it even reaches the firewall. A wireless virus could mean that even if a company blocks viruses coming in over the Internet, it could pick up the virus if an infected wireless device was brought into the office, said Hyppönen.
Viruses that infect laptops wirelessly are likely to become a serious issue. "This could become one of the big issues, if not in 2005, in the future," said Hyppönen.
F-secure is building a radio-proof lab so that it can test and isolate these viruses, according to Hyppönen.