Last week at Mobile World Congress, a new survey indicated that the public is afraid that their mobile devices will catch a rare virus. At the same time, a whitepaper from Codenomicon takes a look at the vulnerabilities of Bluetooth and Wi-Fi. Is the public -- and, more important, IT -- right to be afraid?The first reports of mobile viruses appeared years ago, and specifically targeted smartphone operating platforms from Palm and Symbian. They used Bluesnarfing and Bluesharking techniques to break into smartphones by cracking open the Bluetooth connections. Although these instances have been very rare, the fear of infection persists.

McAfee polled 2,000 people in Britain, the United States, and Japan and found that 72% were concerned about the likelihood of an infection. Almost 12% said someone they knew had suffered through an infection, but only 2% had actually had a virus themselves. Still, that left a whopping 86% of respondents saying that they didn't know anyone who's phone had been sickened by a mobile virus.

If we're to believe these numbers, instances of infection are rare. Details about which mobile operating systems were most affected weren't provided in the report, but it's not a big leap to imagine that the viruses are limited to smartphones. Phones running platforms from RIM, Microsoft, Symbian, and Palm, among others, provide the juiciest targets because of the nature of the information stored on such devices. Traditional consumer handsets, many of which run proprietary platforms, aren't as enticing a catch.

With Bluetooth and Wi-Fi coming standard on almost all smartphones at this point, IT should be concerned about protecting their corporation's assets.

Codenomicon recently published a whitepaper which suggest that 90% of all tested devices showed vulnerabilities. That is worrisome. What's worse is that rather than provide proactive defenses, most wireless security firms are providing reactive patches instead.

Reads the report, in part:

Despite boasts of hardened security measures, security researchers and black-hat hackers keep humiliating vendors. Security assessment of software by source code auditing is expensive and laborious. There are only a few methods for security analysis without access to the source code, and they are usually limited in scope. This may be one reason why many major software vendors have been stuck randomly fixing vulnerabilities that have been found and providing countless patches to their clients to keep the systems protected.

How is IT to protect against these viruses? And are they as much of a threat as people make them out to be?

True, lots of smartphone management programs allow IT to turn the Bluetooth and Wi-Fi radios off so the employee can't use them. This nullifies the threat. But what good is it to have those technologies if we're unable to make use of them?

There has to be a better way.