WAP phones 'open to viruses'

Next generation Internet phones are susceptible to potentially disruptive and damaging virus attacks.

Security experts fear the recent Timofonica virus, which sent SMS text message spam through the Spanish operator Movistar's server, could be the first of many threats designed to attack WAP devices.

Magnus Olssen, senior engineer at Ericsson told silicon.com: "Handsets with downloading facilities are open for viruses if the gateway of an operator is not accurately protected. The industry watchdogs will have to make sure there are no rogue operators."

Mikko Hypponen, head of research for security firm F-security, told silicon.com it would not be difficult to create a virus which spreads itself through the user's phonebook. In a similar fashion to the Love Bug virus, which took down PCs on a global scale, such a virus could wreak havoc for users and operators by corrupting personal phonebooks and overloading networks.

Hypponen added: "Once the functionality in WAP phones increases with updated protocols, such as WAP 1.2, the wireless mark up language scripts can be attacked easily. The key for prevention is with the operators hosting WAP servers as they should be built with automatically updating anti-virus programs." WAP 1.2 is due for release in the next few weeks.

However, operators claim security vendors are over-hyping the issue and say virus writers will not be able to curb the deployment of WAP.

Tim Wright, principal engineer at Vodafone, says most operators have protected their gateways accordingly. He said: "Operators are well prepared for any possible security flaws the new technologies may bring."

Hypponen from F-security concludes: "In order to further innovation, we need to take risks. At the verge of new technology breakthroughs forewarned is forearmed."

But Ericsson, one member of global standards body the WAP forum, warns against over confidence on the part of the operators.