Cell phone, PDA users safe - for now

ORLANDO, Fla. - Users worried about digital viruses infecting their phones or personal digital assistants can breathe easy for about the next year, said anti-virus experts at the Virus Bulletin conference on Thursday.

That safety margin is the result of too little functionality on today's Web-connected phones and too little connectivity on the current crop of Palms, Pocket PCs and Psion devices.

"There is no risk for any viruses on any mobile phone protocols today. The current protocol (used by Internet-connected phones) - WAP 1.1 - is too simple to be used for viruses," said Mikko Hypponen, manager for anti-virus research at Finland-based F-Secure. The Wireless Applications Protocol is the next-generation language that will connect cell phones to the Web.

So far, mobile phones have been free from viruses. In June, the Timofonica worm - a PC worm - targeted cell phones in Spain by directing mail from infected PCs to a special e-mail gateway designed to forward the messages to cell phones as text. In August, a Norwegian security firm found a bug in Nokia phones that could cause the devices to seize up if a specific text message was sent.

Soon however, mobile-phone makers will add more Web enhancements to phones, leaving them susceptible to digital viruses. "WAP 1.2 will have more functionality and more dangers," said Hypponen, adding that version 1.2 could find its way into phones within a year.

Virus sufferers
The Palm organizer has already seen its share of digital diseases.

In August, a Trojan horse posing as cracking software for the Liberty Game Boy emulator deleted the programs from Palms. In September, a virus known as Phage appeared in the wild.

Yet, while the Palm has seen its first Trojan and its first virus, it will be some time before generally destructive viruses start infecting the platform and other PDAs, said Eric Chien, chief researcher for Symantec Corp.'s Anti-virus Research Center.

The reason: Today's virus scanners can do double duty, checking any programs that may be uploaded to the Palm for viruses.

"The current infrastructure is pretty good at protecting us today," Chien said. "By the time you sync your PC with the PalmPilot, any virus will have been cleaned and repaired." Syncing is the No. 1 way for a virus to infect a PDA because it is the main method for users to transfer data to and from their device, he said.

Yet, security is nonexistent on Windows CE-based devices, minimal on the Palm and only so-so on the Psion - the three major PDAs on the market. "It seems appalling that after all we have been through (with computer viruses) that there is no security on these devices," said Chien.

Trouble ahead?
Chien worries that - as PDAs become more connected - viruses will be able to spread among them faster.

If the movement in the underground is any indication, troubled times could be ahead. F-Secure's Hypponen has seen the focus of several virus exchange, or VX, groups change to mobile devices.

Hypponen, who follows the virus exchange underground, sees many kids - not just virus writers-- interested in personalizing their PDAs and phones. "The cool kids in Finland are doing everything they can to make the devices different," he said. "They are painting it, they are making custom ringing noises or a different picture appear on the screen."

His fear is that virus writers may take some of that know-how and use it for creating the next digital disease.

"More functions are needed to make WAP useful," he said. "But what we do need are ways to stop nasty content from spreading."