Exposed to infection

Last month, NTT DoCoMo issued a cryptic warning to its millions of I-mode customers: malicious e-mails circulating the DoCoMo network were causing phones to freeze and dial emergency phone numbers, as well as appropriating address books, copying and forwarding itself to other users on the network.

Ironically, just as the Japanese carrier leads the world in mobile Internet and data, it is also the first carrier to face serious malicious attacks over its network. While spamming and harassing messages are starting to make their way to wireless networks in Europe, simple spam is the least of DoCoMo's worries. The latest rounds of malevolent e-missives have begun to exhibit virus and worm-like qualities (see box).

Security and anti-virus experts say these problems will soon make their way across the Eurasian continent and over the Pacific as European and American carriers deploy more robust data networks and vendors manufacture more sophisticated phones.

Those experts add that network operators are woefully underprepared for attacks when they do come. Conversely, the world's hackers, crackers and general computer pranksters are champing at the bit, waiting for the day when the openness of the Internet truly is extended to wireless space, said Gary Hermansen, CEO of Brightmail, an electronic messaging security company.

“There's a direct translation between the wired world and the wireless world, both good and bad,” Hermansen said. “Operators are beginning to discover the bad.”

E-mail has long been the most popular way of disseminating malicious code such as viruses or worms. While worms are not inherently harmful, they often carry embedded viruses, infecting every computer the worm burrows into, as well as creating logjams and bottlenecks on the Internet.

E-mail and other messaging solutions have long been available over wireless devices. Until now, there hasn't been any inherent problems with attacks, simply because the simple message service gateways and other wireless messaging solutions were closed platforms transmitting only simple text to phones using the same air interface. But as the handsets evolve as mobile operating systems integrate data and telephony features, allowing files to be downloaded, extracted and executed, wireless devices will become key targets in Internet-originated attacks, said Vincent Weafer, director of Symantec's Anti-Virus Research Center.

“The mobile phone is turning into a small-scale PC and it's becoming very exposed,” Weafer said. “They are open systems and they are easy to program. In theory, you can access, steal or modify anything on them.”

In DoCoMo's case, the messages contained embedded java script or cHTML hyperlinks that caused the phones to dial out, sometimes calling 110, Japan's equivalent of 911, or other random numbers. Some of the code sent the phones' operating systems into loops, causing them to freeze. Others acted as true worms, accessing the handsets' internal address databases and replicating itself in messages across the network, Weafer said.

While the spamming pranks caused no serious problems aside from increased network traffic, the effects could easily become more serious as DoCoMo deploys its wideband CDMA network. Third-generation technology handsets with always-on connections will have individual IP addresses that will be visible to almost anyone on the network.

The potential vulnerability for carriers is summed up in their own numbers: Sixteen billion short messages were sent in Asia last year, with billions more sent in Europe and the U.S. So far, carriers have taken few measures to safeguard their networks and users, said Brightmail's Hermansen.

“Carriers are not prepared,” he said. “Carriers really haven't been looking at what the potential for this malicious activity really is.”

Handset threats

Virus: a program that “infects” an operating system by replicating and attaching itself to another program. The infected program must be run to activate the virus, which then destroys files or has some other harmful effect.

Worm: a program that propagates by copying itself to other machines across the Internet or a closed network, usually through e-mail. A worm is often used as a transmission vehicle for a virus.

Trojan: named after the Trojan horse in Homer's Iliad, a Trojan is a program hidden within another apparently harmless file. A Trojan can contain a virus, as well as programs such as a password grabber remote administrator that allows a hacker to remotely control a machine.