Viruses In Handheld Devices

The advertising of computer systems is increasingly centered on handheld devices or personal digital assistants (PDAs). Prices of these devices have gone down considerably making them more accessible to the general public. With their popularization (including mobile telephones, more like computers than telephones) fears over possible viruses which might infect them have come up for discussion again.

However, fears of viral infection are ill-founded since these PDAs or telephones offer numerous obstacles to viruses. The operating systems of the handheld devices are stored in their ROM. The ROM is normally Flash so the user can update it to new versions of the system. Consequently, the biggest possible problem (in a hypothetical viral infection of one of these devices) is restoring the system from the ROM, a straightforward process which can be carried out by disconnecting the system’s battery.

The ability of the virus to spread depends on the system and the nature of the virus itself. Although it has already been verified that with PALM systems viruses can be created, as with Pocket PCs, such viruses can be removed simply by disconnecting the battery.

In spite of all this, it could be possible to devise a system capable of overwriting the device’s Flash ROM. There are viruses, such as CIH, able to generate a copy of themselves modifying the Flash ROM. In handheld devices, the virus might be transmitted through the connection used to synchronize information with the desktop PC. In such a case, the virus would not be removed just by disconnecting the battery; a system ROM update would be necessary.

In the hypothetical case of a virus capable of modifying the ROM, it should spread from the desktop PC as with any typical email worm. If this were to happen, the traditional antivirus (installed in the computer with which the information is being synchronized) would detect and remove the threat.

If a virus managed to enter one of the devices we are talking about, it is very unlikely that it would be able to spread to other systems. It all depends on how the system is connected with its environment. Possible cases depending on the types of connections are outlined below:

  • Communication only with desktop PC. In the most basic systems (without WiFi communication or telephonic systems) it could only infect the desktop PC to which it is able to connect, either by USB, Serial, infrared, Bluetooth etc.
  • Short-range wireless connection. Here the virus could spread easily. In WiFi systems the connection is permanent with zero cost for the end user, meaning the user would never worry about the possibility of excessive bandwidth consumption causing a virus, a very clear sign of a handheld device being infected. To this problem one needs to add the Hot Spots a hacker could use to introduce a virus into a network, completely safeguarding their anonymity. Bluetooth also offers this type of connection, although a user who knew how to configure it properly would not at any time be exposed to a viral danger.
  • Telephonic communication. Here it is necessary to distinguish between three different situations: GSM, GPRS and 3G. For GSM, the user would be able to detect improper use of the device’s communication system as the line would remain busy and the device would also indicate its communication status.

However, if we are dealing with GPRS or 3G (with permanent connection), the user would only detect that something was using one of the communication channels if they paid special attention or if the bill from bandwidth consumption shot up at any particular moment.

In addition, it needs to be remembered that viruses in handheld devices must be specifically designed for the devices. It is almost impossible that “classic” viruses will infect. Let’s analyze them.

  • Boot viruses. The device is always booted, except when the battery runs out or a reboot is forced. Here the system runs a check which would prevent a boot with a boot type virus from occurring, but this is not for any security reasons, rather as a result of an integrity checking error.
  • File viruses. The API developed for handhelds devices is in no way compatible with other systems’ APIs. Neither Symbian, Pocket PC nor PALM is capable of running software devised for platforms which are not specifically theirs.
  • Macro viruses. Among its tools, Pocket PC includes by default a version of Word called “Pocket Word” and another in Excel called “Pocket Excel”. The transfer of information between the two removes any possible macros in the documents. Only macros produced with Excel 4.0 and stored in the same spreadsheet are maintained, but the Auto_Deactivate, Auto_Activate, Auto_Close and Auto_Open functions, which may contain risks in Excel 4.0, are not converted.
  • Script Worms. Pocket PC does not include script interpreters, which means they cannot be run.

In view of this situation, viruses in these types of devices are still at an initial phase only, without any actual viral infection cases up to now. Exceptions such as Cabir (a virus that exploits a vulnerability in Symbian) and Duts (which infected Pocket PC systems but without any automatic spreading capability) are just that, exceptions, and not real indicators of the viral activity in these devices.