Viruses on Mobile Phones
There has been some concern about viruses attacking mobile phones, or wreaking havoc from the phone, such as making unwanted calls, firing off errant text messages or sending lots of useless packets over the GPRS network. With current phones this is difficult to envisage, and most stories that circulate seem to have no substance to them. There have been attempts to deny service by bombarding network users with text messages - one guy was fined for this in the US, but that was not a phone-based virus.
The main concern comes from the new breed of phones that are able to run Java programs called MIDlets, named after their adherence to the MIDP (Mobile Internet Device Profile) Java specification. The MIDP 1.0 specification does not allow for MIDlets to access resources on the phone, apart from the screen of course displaying the user interface. Most MIDlets are games. However, handset manufacturers can release custom extensions (Java APIs) to MIDP that allow access to phone resources, such as text messaging, like the Nokia SMS API for the 3410. These could pose problems depending on their implementation.
The MIDP 2.0 specification, recently released, brings several key technologies to the aid of operators hoping to avoid rogue MIDlets:
- Trusted MIDlet verification using code signing with X.509 certificates
- Ability to for operator to set permissions policies for which low-level APIs can be access by a MIDlet
- Default prompting of user to positively acknowledge that MIDlet is allowed to send a message or initiate a call
These measures seem to provide a very secure safety net to prevent the spreading of harmful MIDlets or other obnoxious effects from untrusted programmers.
The idea of operators controlling who gets to do what on a phone may seem irritating to some. It certainly seems the antithesis of an open system of the likes being promoted by Kevin Werbach with his views on open spectrum. But we have to consider that we are not introducing games and applications into an elastic computing environment - we are introducing them into a previously sterile and largely consumer-orientated environment where users are familiar with placing calls and sending text messages in a predictable and highly robust manner. In that context, it is understandable why operators are concerned about rocking the boat with anything unpredictable or hitherto unusual to the users - a virus attack would certainly cause a major shockwave across any operator's stable customer base. This context needs to be understood before we advocate throwing out control, licensing and sanitation as much as that might be upsetting to net "anarchists".
6:46:20 PM 
|
