Next to spyware, perhaps the most talked about computer security topic for 2005 is mobile viruses. Of course, all computer viruses are mobile malicious code; however, the "mobile viruses" I'm referring to target devices such as cell phones or PDAs. As more and more cell phones, especially those equipped with Bluetooth technology, begin to adopt widespread software platforms, such as Symbian OS, I expect to see more malicious code focused on mobile hardware. What about other gadgets that also use Symbian or Bluetooth technology? Well, after reading about an unusual experiment in Helsinki, Finland, I'm happy to report that it's extremely unlikely that your Bluetooth-enabled Toyota will become infected by cell phone viruses anytime soon.

It's the platform, stupid
First off, Windows remains the best platform for virus writers to attack. There are millions of copies of this operating system in use around the world, and it seems that new flaws within Windows are being reported every day. While there are viruses being written for Linux and Mac OS X, such infections will hit considerably fewer machines than those targeting Windows and, thus, aren't capable of creating damage on such a large scale.

Though there are a lot of restraints on the spread of this virus, Cabir remains the most celebrated mobile virus.

The same is true with noncomputer digital hardware. Until recently, cell phones didn't have much computer memory, nor did they really need an operating system. As new services were created, such as the ability to send video clips via e-mail from your cell phone, so came the need to start standardizing the technologies used. Microsoft has already announced Windows Mobile 5.0, code-named Magneto, a platform the company hopes will be used by all cell phones and handhelds. With standardization comes the opportunity to reach more and more people. Thus, last summer, we saw the first real cell phone virus miniepidemic as thousands of Symbian OS Series 60-enabled phones became infected with a virus called Cabir.

Cabir
Cabir installs a file called caribe.sis. Users of certain models of Nokia phones with Bluetooth enabled, for instance, can become infected if they are near someone who's phone is also infected or if they are listed in an infected phone's text-messaging directory. Though there are a lot of restraints on the spread of this virus, Cabir remains the most celebrated mobile virus.

Because Brazilian virus writer Marcos Velasco recently published the Cabir source code on the Internet, there are now multiple variations of the Cabir virus in circulation in at least 23 countries. Many antivirus experts expect that we'll continue to see new variations of Cabir throughout 2005.

CommWarrior
Unlike Cabir, which uses Simple Messaging Service (SMS), another mobile virus, CommWarrior, uses Multimedia Messaging Service (MMS). CommWarrior can get to be very expensive if your phone starts sending MMS messages without your knowledge, since most service plans charge for MSS. But CommWarrior spreads via Bluetooth from 8 a.m. to midnight local time and borrows an e-mail virus trick of sleeping (going dormant) in between infections. And unlike Cabir, which begins to install almost immediately, CommWarrior requires you to save the attached file, then open it later.

So far, CommWarrior has been reported only in Ireland, India, and Oman. MMS isn't available in all countries. And because CommWarrior requires you to install it yourself by opening the attached file, many antivirus experts concede that it won't soon become a major threat.

Despite re-creating hazardous circumstances, in which someone walks into a Bluetooth-enabled Prius with a Cabir-infected cell phone, the team at F-Secure was unable to infect the Prius.

So what about other Bluetooth-enabled devices? Back in January 2005, antivirus researcher Eugene Kaspersky piqued media buzz by saying that his company had been asked to investigate whether cell phone viruses could infect Bluetooth-enabled Lexuses in Russia. Increasingly, today's cars are more computer based than mechanical. Yet an obvious question arises: why does a car need Bluetooth technology? In this case, Toyota employs Bluetooth technology to transfer phone book information from your cell phone to the car's own built-in phone.

Despite the front-page media buzz, Kaspersky produced few facts. The story went cold. Until now.

Virus testing on a...car?
Mikko Hypponen, director of antivirus research at F-Secure, recently obtained a 2005 Prius from Toyota. Toyota (which also owns Lexus) said the Bluetooth used in the Prius was similar to the system found in the Lexus. Toyota cars use a proprietary operating system, not Symbian. So, outside of Helskini, Finland, in a bunker deep within the earth to eliminate ambient Bluetooth broadcasts, Hyponnen and a crew from his F-Secure labs tested the loaned 2005 Toyota Prius against various Bluetooth-enabled attacks.

I encourage you to read Hypponen's full article (with photos), but I'll summarize the conclusions. Despite re-creating hazardous circumstances, in which someone walks into a Bluetooth-enabled Prius with a Cabir-infected cell phone, the team at F-Secure was unable to infect the Prius. And when the researchers attempted to send the infected SIS file to the car, the Prius responded with a "transfer failed" message. In fact, they were unable to successfully perpetrate any known Bluetooth attack.

Viruses coming soon to a toaster oven near you?
I doubt we'll see a rapid spread of new computer viruses infecting your TiVo systems anytime soon. Still, as technology companies merge and start to share common platforms for our gadgets, we do run the risk of opening the opportunity for criminal hackers to create and spread mischief. A diversity of operating platforms, with secure communication protocols, is best. Otherwise, your cardiac monitor might be at risk, and that wouldn't be good, would it?

Are cell phones the next target for virus writers? Or will it be TiVos or smart cars instead? Talk back to me!