Nothing is certain in life but death and taxes, Ben Franklin famously once opined. Most people would still agree, though many enterprise users could easily add a third inevitability: Where there is an OS, a virus shall follow. And this past June one did, right along to your cell phone.
Dubbed ‘Cabir,’ and the product of an outfit calling itself 29a, this virus has been recognized as the first to spread from phone to phone. Though it never caused much harm (it simply scanned for other phones to spread to, doing little more than drain battery life) it showed the possibility and potential of phone-to-phone viruses.
“It was a little bit of a wake-up call,” says Joe Owen, VP of engineering for XcelleNet, a subsidiary of iAnywhere Solutions and security solution provider. “A lot of people were expecting that it would happen. It helped point out to some customers the overall importance of securing communicating mobile devices.”
“Communicating mobile devices” is the key term. Though the virus was Symbian–based, it never manipulated the OS; it took advantage of the
phone’s Bluetooth connection. Devices automatically contacted each other when within range, and users that chose to accept the virus when prompted were infected. It’s “an inherent leg up to move data, including viruses, from device to device,” says Owen. “[Bluetooth-enabled cell phones] are designed to pass info around.”
At press time, a harmful cell phone virus had yet to emerge, but unsecured enterprise users should beware. Cabir demonstrated a virus’ proliferation possibilities, just without the usual harmful side effects. But if PC viruses have taught us anything, it’s that once the not-so-friendly viruses come along, it’s already too late. “You could wipe out all kinds of data on there. Erase phone lists, use the phone lists and e-mail databases to propagate the virus. You can wreak havoc on those devices,” declares Owen.
Apocalyptic visions notwithstanding, cell phone viruses will soon require the same vigilance given to PCs. Shari Freeman, manager of engineering/product management at XcelleNet, recommends an anti-virus solution that allows administrative control for on-the-fly updates, citing XcelleNet’s Afaria Security Manager. “You really need the management capabilities to install and update software and settings on a device [remotely],” she adds. “Once you have that kind of foundation, you can keep up to date.”
After you’re done securing your mobile device, you can sit back and wait for the first malicious cell phone virus to emerge—leaving you plenty of time to ponder ways to address those other two nagging certainties.