"Javanization" of Mobile Phones: A Green Light for Malicious Programs?

20 Sep 2000
Virus News

On 19 August, Sun Microsystems and some of its partners announced the shipment of Mobile Information Device (MID) standard, based on the Java programming language (JavaTM 2 Platform Micro Edition - J2ME) for use on mobile phones. At the same time, Motorola, one of the biggest companies for the development of wireless technologies, released an application-programming interface (API), allowing for the development of additional programs for its wireless devices.

This may seem to most people to be just a collection of abstract technical terms; however, the significance of this event cannot be overstated, because it is an important milestone in the evolution of mobile phone functionality. The further integration of the Java programming language will enable third party applications to be used on mobile phones and, respectively, will allow end users to write their own programs and to share those applications across wireless networks.

It is certainly a huge step forward on the way to developing mobile phones from just a connection medium to a multipurpose communication portal.

Java technology allows wireless devices to be powered by nearly any additional application, which is only limited by equipment functional capability. It dramatically enhances the overall consumer experience by modifying the static text to interactive, graphic, easy-to-use services.

Nevertheless, there is another side to this story: the new functioning capability provides an excellent opportunity not only for writing useful programs, but also malicious ones.

Currently, computer viruses attack mobile phones implicitly (for instance, by sending obtrusive SMS-messages). In the future, however, viruses will almost certainly appear, living directly in mobile phones. How real is this possibility?

"We define three main conditions for the existence of a virus. Firstly, popularity of the platform or equipment. Secondly, availability of the development tools. And thirdly, insufficient protection," comments Den Zenkin, Head of Corporate Communications for Kaspersky Lab. "In this case, only the first two conditions are fully met. As far as the last condition is concerned, we see this exactly as what can prevent viruses from being the same threat to mobile phones that they are to PC users today."

Java technology has already proved that it is reliable and secure. During the years it has existed, only a few Java viruses have been detected, and these were more conceptual rather than posing a real danger. The Java operating principal, based on providing a secured virtual space for each application, almost fully mitigates any possibility of viruses appearing in the wild for this platform.

"We haven't got any cause to believe that J2ME is less secure than any other version of Java. However, before making a definitive conclusion, we need time for a number oftests," said Eugene Kaspersky, Head of Anti-Virus Research. "Even if J2ME proves to be an absolutely secure platform, one of the most vulnerable areas in any security system still exists - the human factor. This problem, in turn, can be improved only by constant education."