Part and parcel of the computing world and the Internet is the world of hackers, viruses, malware and spyware that has become increasingly familiar to every enterprise IT department. Cellular networks are inherently safer than their wireline counterparts, but one cannot assume they are immune from attacks, especially if they are used to access a corporate intranet. And wireless devices are increasingly becoming targets.

There are multiple levels of security issues, starting with the carrier's own database, then the networks and finally devices.
Examples of the first case were suffered by Verizon Wireless this year when a bug in its Website made some customer data public and by T-Mobile USA last year when a hacker penetrated the carrier's servers and obtained passwords and Social Security numbers. Those issues aren't specific to wireless networks or devices, however.

DEVICE SECURITY: Devices are the most vulnerable point on a wireless network, and that's where most of the early attacks have taken place. The vulnerability is limited to handhelds that run "smart" operating systems, such as Symbian, Windows Mobile, Palm Source or Linux.

Viruses and other forms of malware are merely specialized applications and therefore can run on any of these operating systems, says Mike Thelander, analyst and founder of Signals Research Group. Symbian, which is used on more than 32 million phones, has been the most popular target so far because it's used on the most handsets. Thelander adds that other operating systems will become targets as smart device sales increase.

Operators need to be aware of these threats because consumers likely will go to the carrier first if their handset gets infected. "If you get viruses on your computer, you don't blame the manufacturer," he says. "But on the phone, you're going to yell at the carrier."

One step operators may consider is locking down smart devices so only approved applications can run on them, Thelander says. Unfortunately, handset buyers might not like being prevented from running any application they want.

Another strategy, which is used on Microsoft Windows Mobile, is to have a pop-up window alerting a user that non-approved software is trying to run on the device and give the user the option of deleting it or going ahead and installing it. "It's up to the operators how tightly they want to control it," Thelander says.

A typical handset entry point for malware has been through Bluetooth. One of the first was the Cabir worm, which affected certain Nokia Series 60 devices. It could be spread to a device when Bluetooth was left on or discoverable, although the handheld user also had to click "install" to activate the worm.

Another worm that spreads via Bluetooth, CommWarrior, also can be delivered using an MMS message. Again, the user has to be gullible enough to install the worm, which then tries to send itself via MMS to phone numbers stored in the contact list, or via Bluetooth.

Thelander expects Window