The first big virus to strike wireless phones and handheld computers was Phage four years ago. Since then, hackers have saved their most malicious handiwork for personal computers and company networks.
Mobile technology experts say the reason is simple: A lot more people depend on the PCs and company systems to cruise the Internet and exchange e-mail, making them easier, more tempting targets. Most people may have cell phones, but the fancier models with e-mail and Web access are not yet enjoyed by a majority of the population.
That'll change in the next couple of years as wireless phones and palm-sized computers with Web and e-mail access become more affordable and available, so IT vendors and security firms better start thinking about how to broaden their defenses, experts say.
"Technology is moving so fast that the pathways for infection outstrip our protection," said David Juitt, chief technology officer of wireless gateway provider Bluesocket of Burlington, Mass. "What's changed over the last two years is that you have all this interoperability of technology. It's a dangerous kind of computing where it's going to get easier for the bad guys" to infect handheld devices and the bigger company networks in the process.
Matias Impivaara, business manager for mobile security services at Helsinki, Finland-based F-Secure, agreed.
"You need enough volume to make it an interesting target, but with the more advanced cell phones and Palm Pilots, there's not enough volume yet," Impivaara said. "But we know there are people trying to find holes. Even if they've found the holes, they may simply be testing and finalizing malware for wireless devices. With cheaper wireless phones and handheld computers becoming more common, we have to start thinking ahead."
Impivaara added it's going to take time to build up the security infrastructure for wireless technology, and that this is the time for vendors and hardware companies to decide how they're going to respond to future threats so plans are in place "when the first calls start coming in."
"If you start investing in solutions now, you'll have less of a problem later," he said.
Dan Nadir, vice president for product management at e-mail management firm FrontBridge Technologies Inc. of Marina Del Rey, Calif., said analysts estimate that 62% of large U.S. corporations will deploy mobile wireless devices over the next two years, and that 79% of those companies cite e-mail as the driving force. While cell phones aren't getting strangled by worms and viruses the way larger computer systems are, he said wireless users are starting to see more spam -- not much overall, but enough that companies ought to be broadening defenses.
"Spammer techniques rely on a lot of HTML and graphics that you can't apply to plaintext messages, so problems are more limited right now," Nadir said. "But it's only a matter of time" before the level of sophistication on wireless phone monitors becomes such that spam and other attacks will be easier to mount.
While he expects more attacks on wireless devices in the future, Nadir is optimistic there will be better ways to identify spoofed e-mail carrying malicious code. One standard he said companies like AOL are already adopting is the Sender Policy Framework. SPF aims to crack down on e-mail address forgery and distinguish malware-laced messages from legitimate mail by verifying the envelope sender address against client IP before any message data is transmitted.
Such methods probably won't deflect every future attack, but, Nadir said, it's a good example of how the wireless community can be better prepared when the hackers and spammers decide to strike.