Viruses In Handheld Devices
by Fernando de la Cuadra - International Technical Editor at Panda Software - Thursday, 14 October 2004.
The advertising of computer systems is increasingly centered on handheld devices or personal digital assistants (PDAs). Prices of these devices have gone down considerably making them more accessible to the general public. With their popularization (including mobile telephones, more like computers than telephones) fears over possible viruses which might infect them have come up for discussion again.

However, fears of viral infection are ill-founded since these PDAs or telephones offer numerous obstacles to viruses. The operating systems of the handheld devices are stored in their ROM. The ROM is normally Flash so the user can update it to new versions of the system. Consequently, the biggest possible problem (in a hypothetical viral infection of one of these devices) is restoring the system from the ROM, a straightforward process which can be carried out by disconnecting the systemís battery.

The ability of the virus to spread depends on the system and the nature of the virus itself. Although it has already been verified that with PALM systems viruses can be created, as with Pocket PCs, such viruses can be removed simply by disconnecting the battery.

In spite of all this, it could be possible to devise a system capable of overwriting the device's Flash ROM. There are viruses, such as CIH, able to generate a copy of themselves modifying the Flash ROM. In handheld devices, the virus might be transmitted through the connection used to synchronize information with the desktop PC. In such a case, the virus would not be removed just by disconnecting the battery; a system ROM update would be necessary.

In the hypothetical case of a virus capable of modifying the ROM, it should spread from the desktop PC as with any typical email worm. If this were to happen, the traditional antivirus (installed in the computer with which the information is being synchronized) would detect and remove the threat.

If a virus managed to enter one of the devices we are talking about, it is very unlikely that it would be able to spread to other systems. It all depends on how the system is connected with its environment. Possible cases depending on the types of connections are outlined below:
  • Communication only with desktop PC. In the most basic systems (without WiFi communication or telephonic systems) it could only infect the desktop PC to which it is able to connect, either by USB, Serial, infrared, Bluetooth etc.
  • Short-range wireless connection. Here the virus could spread easily. In WiFi systems the connection is permanent with zero cost for the end user, meaning the user would never worry about the possibility of excessive bandwidth consumption causing a virus, a very clear sign of a handheld device being infected. To this problem one needs to add the Hot Spots a hacker could use to introduce a virus into a network, completely safeguarding their anonymity. Bluetooth also offers this type of connection, although a user who knew how to configure it properly would not at any time be exposed to a viral danger.
  • Telephonic communication. Here it is necessary to distinguish between three different situations: GSM, GPRS and 3G. For GSM, the user would be able to detect improper use of the deviceís communication system as the line would remain busy and the device would also indicate its communication status.
However, if we are dealing with GPRS or 3G (with permanent connection), the user would only detect that something was using one of the communication channels if they paid special attention or if the bill from bandwidth consumption shot up at any particular moment.


Most IT pros have seen potentially embarrassing information about their colleagues

More than three-quarters of IT professionals have seen and kept secret potentially embarrassing information about their colleagues, according to new research conducted by AlienVault.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th