Can Your Phone Get a Virus?

How cell phones get hacked.

A cell phone virus turned up at an electronics store in Santa Monica earlier this week. One of the phones in the store had been infected with “Cabir,” a somewhat malicious piece of code that drains batteries and propagates itself via wireless connections. How does Cabir work?

It jumps from phone to phone using short-range networks. Many cell phones use the Bluetooth standard to link up with nearby devices without a cable. You can use Bluetooth to send photos to your printer, to update the address book on your laptop, or to use a wireless headset. And if you’re within about 30 feet of someone’s cell phone, you can also use Bluetooth to send a virus.

Cabir doesn’t work exactly like most computer viruses or worms; it’s a stand-alone program that must be installed (unwittingly) by each cell phone user. Only Bluetooth-enabled phones can be victimized and then only if the phone happens to be one that uses the Symbian Series 60 platform.

If you get infected with Cabir, you’ve earned it. First you have to be operating in “discoverable” mode, which makes your phone visible to other Bluetooth devices in the area. If an infected phone tries to infect yours, a note will appear asking you to accept a message from a device you may not recognize. If you do, another dialog box will ask if you really want to install an unverified program. Click “accept” again and you’ll get a third dialog box that says, “Install caribe?” One more click and you’ve got the virus.

Cabir (first named “Caribe-VZ/29a” by its designer, “Vallez“) will then attempt to transmit itself to the first Bluetooth-enabled device it finds. This could be the cell phone of someone standing nearby, or it could be your wireless mouse, keyboard, or printer. The infection will spread only if Cabir finds another cell phone, and then only if that phone’s user accepts the message.

The virus latches onto the first device it finds and attempts to infect it over and over again. This monopolizes your Bluetooth network and drains the battery but otherwise has little effect on the operation of your phone. Cabir is not particularly virulent; the device it chooses may be one that’s not vulnerable to infection (like a printer), or the device might quickly move out of range.

There are other ways to attack a Bluetooth phone. The most benign—bluejacking—allows a stranger to send you a message that’s up to 248 characters long without permission. But bluesnarfing exploits security holes in certain phone models to obtain personal information from your phone, while bluebugging lets a hacker execute files on your phone.

In theory, phone viruses could propagate over the wide-ranging cellular networks themselves, rather than using 30-foot Bluetooth networks. But the cellular networks only transmit information between specific, “trusted” devices, and these simple communications are relatively easy to secure. Bluetooth has so many applications—and so many underlying pieces of software—that securing all of them can prove difficult. A determined hacker can even use a special antenna to extend the range of a Bluetooth network to a mile or more.

Bonus Explainer: Paris Hilton’s T-Mobile Sidekick was not infected with a virus, nor was it bluejacked, bluesnarfed, or bluebugged. Her address book, notes, and naked photos were swiped directly from the central T-Mobile servers.

Next question?

Explainer thanks Michael Foley of the Bluetooth Special Interest Group and Adam Laurie of www.TheBunker.net.