In 2001 a hacker sent an e-mail message to 13 million users of the i-mode wireless data service in Japan. The message had the potential to take over the recipient’s phone, causing it to dial Japan’s emergency hotline (1-1-0). NTT Docomo, which provides the i-mode service, rapidly ﬁxed the problem so no damage was done. At the beginning of 2002, researchers in Holland discovered a bug in the operating system used by many Nokia phones that would enable a hacker to exploit the system by sending a malformed SMS message capable of crashing the system. Again, no real damage was done.
Today, most of the Internet-enabled cell phones in operation are incapable of storing applications and, in turn, incapable of propagating a virus, worm, or other rogue program from one phone to another. Most of these cell phones also have their operating systems and other functionalities “burned”right into the hardware. This makes it difﬁcult for a rogue program to permanently alter the operation of a cell phone. However, as the capabilities of cellular phones increase and the functionality of PDAs and cell phones converge, the threat of attack from malicious code will certainly increase.
Just because a mobile device is less susceptible to attack by malicious code does not mean that m-commerce is more secure than e-commerce in the wired world. By their very nature mobile devices and mobile transactions produce some unique security challenges.
Because m-commerce transactions eventually end up on a wired Internet,many of the processes, procedures, and technologies used to secure e-commerce transactions can also be applied in mobile environments. Of particular importance is the public key infrastructure.