Viruses that target handhelds can be even more dangerous than their cousins that attack PCs, spawning self-replicating programs that hide easily, a security researcher told an audience of security professionals at the Black Hat Briefings conference in Las Vegas this week.
The first virus aimed at Pocket PC handhelds, revealed last week, could be far worse if it were modified slightly to carry a harmful payload, said Seth Fogie, a vice president of Airscanner, which develops security software for the Window Mobile platform.
The benign WinCE4.Duts.A (or just "Dust") virus was created as a demonstration of threats against personal digital assistants. However, Fogie noted, such programs could spread stealthily, logging keystrokes on the Pocket PC's "soft keyboard," and sending data stored on handhelds across the internet.
Fogie demonstrated several malicious tools he has created. The programs work properly only on Pocket PCs that use ARM processors, the same kind of devices that are vulnerable to the Dust virus. Such devices make up the majority of Pocket PC handhelds sold today.
Among Fogie's tools are a keystroke-logging program, a virtual remote control application that runs undetected and an FTP server applet that could be modified to run invisibly in the background. Rogue applications of these sorts typically spread as Trojan horse programs when PCs are infected with a virus. They allow virus writers to steal or manipulate data, or to make mischief.
The Dust virus is only a proof of concept, carrying no malicious code or destructive programming. In fact, the virus actually asks the handheld's owner for permission to install itself, and in Fogie's demo it obeyed when the "no" button is clicked on its dialog box.
Most disturbing is that only a few characters of code need to be changed to force the handheld device to store or run the programs without the user's being aware of them. Only a hard, factory reset that wipes out the device's entire memory will remove the dangerous payload applications.
Fogie's company is developing a software firewall that runs on Pocket PCs. He says that he expects the company to distribute the tool "free for private, nonbusiness users," similar to the ZoneAlarm firewall for Windows.