The increasing use of mobile technology has spawned a new wave of threats to personal and corporate security. Cell phones and handheld devices have all become commonplace and sophisticated enough to become a major target for hackers and virus writers. Many of these devices have open operating systems and support many types of executable formats, setting the stage for a major virus attack.

This summer virus writers created the first mobile viruses. Initially, proof-of-concept viruses, we discovered: Cabir, spreads via Bluetooth on Symbian OS; Duts, a parasitic virus and the first Pocket PC malware incident; and a backdoor program called Brador. Cabir has recently been detected in the wild in Singapore and will likely find its way to other continents. All it takes for Cabir to spread is for someone to board a plane with an infected phone in their pocket. It is also possible that users can be the target of Bluejacking ("date me" messages); Bluesnarfing (stealing data); Bluetracking (gps-like movement monitoring); or Bluebugging (listening in using the phone) once one's device has been infected. Although these viruses are currently only a minor threat, they clearly demonstrate that mobile devices have become a target and the very nature of these wireless communications devices makes them perfect for the proliferation of malicious code.

The following factors are prerequisites set the stage for a large-scale outbreak:

1. Enough target terminals

There are already 10 million Symbian devices on the market and Ovum has estimated the number of Symbian OS devices in 2007 will be 100 million. The first Palm OS virus was seen after the number of Palm OS devices reached 15 million.

2. Enough functionality

Mobile devices are increasingly being equipped with office functionality and already carry critical data and applications, which are often protected insufficiently or not at all. The expanded functionality increases also the probability of malware.

3. Enough connectivity

Smartphones offer multiple communication options, such as SMS, MMS, synchronization, Bluetooth, infrared and WLAN connections. Unfortunately, the increased amount of freedom also offers more choices for virus writers.

Possible Threats

In addition to malicious, actively spreading applications, it is likely that we will see denial of service and system unavailability attacks. Other possible threats include trojan horses in games, screensavers, and other applications resulting in false billing, unwanted disclosure of stored information, and deleted, corrupted, modified, or stolen user data. Similar applications can also be used for eavesdropping, and unauthorized access to corporate networks.