Cell Phone Viruses and Security

Presented byAthul

31st October 2006 Mobile Worms and Viruses

OutlineIntroductionClassificationThreats posed by mobile worms and viruses

Case StudiesFuturistic ThreatsProtective Measures

Introduction

31st October 2006 Mobile Worms and Viruses

Introduction

What is a Mobile Virus?– “Mobile” : pertaining to mobile devices

• cell phones, smart phones, PDAs, ...

Mobile Virus vs. Computer VirusMobile Malware:

– “Malware”: Malicious Software– All kinds of unwanted malicious software

31st October 2006 Mobile Worms and Viruses

Differences with PC Although similar OSes are being used,

differences exist:− Lesser users of mobiles are less “tech literate”− Implies that it is difficult to “rollout security

patches” to phones already sold− Mobiles are always “connected” and switched

on− “Environment” keeps changing

Imagine one infected phone in a stadium full of people

31st October 2006 Mobile Worms and Viruses

Differences...

On the positive side:− Several variants of phones exist

A malware for one type of phone may not necessarily be able to infect others

− E.g., A virus that uses an MMS exploit cannot infect a phone that does not have that facility at all

− Mobile malware not yet causing critical harm At most

− they increase the user's billing, or− cause the mobile phone to stop working (can be restored

by a factory reset)

Classification ofMobile Worms and Viruses

31st October 2006 Mobile Worms and Viruses

Classification

Behavior Virus Worm Trojan

Environment Operating System Vulnerable Application

Family name and Variant identifier

31st October 2006 Mobile Worms and Viruses

Classification (examples)S

ou

rce: K

aspersky Labs

31st October 2006 Mobile Worms and Viruses

Mobile Virus Families

The increase of known mobile malware variants

Increases in known mobile malware families

Complete (as of 30th August 2006) list of mobile virus families according to Kaspersky Lab classification.http://www.viruslist.com/en/analysis?pubid=200119916

31st October 2006 Mobile Worms and Viruses

Current threats by mobile malwareFor financial gain / loss

Unnecessary calls / SMS / MMS Send and sell private information

Cause phones to work slowly or crashWipe out contact books and other information on the phone

Remote control of the phoneInstall “false” applications

Case Studies

31st October 2006 Mobile Worms and Viruses

Case Study – CABIR

First mobile wormOnly as Proof-Of-ConceptSpread vector – BluetoothInfected file – caribe.sis15 new variants exist

31st October 2006 Mobile Worms and Viruses

Case Study - ComWar

Second landmark in mobile wormsSpread vector - Bluetooth and MMSLarge spread area due to MMSNot as proof of concept – Intention to harm by charging the mobile user

Multiple variants detected

31st October 2006 Mobile Worms and Viruses

Case Study - CardTrap

First cross-over mobile virus foundCan migrate from mobile to PCPropogates as infected mobile application as well as Windows worm

2 variants found – Both install with legitimate applications – Black Symbian and Camcorder Pro

Futuristic Threats

31st October 2006 Mobile Worms and Viruses

Futuristic Developments

Location TrackingCamera and Microphone BugLeaking Sensitive InformationDDOS attack on Mobile Service Provider

Protective Measures

31st October 2006 Mobile Worms and Viruses

Securing against attacks

System level security MOSES

Network Level Security

31st October 2006 Mobile Worms and Viruses

MOSES

MObile SEcurity processing SystemTwo levels of defenses – Hardware and Software

Hardware – Application FencingSoftware – Encryption

31st October 2006 Mobile Worms and Viruses

MOSES

• Secure boot and run-time memory protection – prevents software (virus) and physical (code

modification) attacks

• Provides crypto functions and meets performance and power targets

• Provides protection to any sensitive data or cryptographic keys against common attacks

31st October 2006 Mobile Worms and Viruses

Proactive Approach

Paper by Bose, ShinReduce the impact of an attackGenerate Behavior VectorsForm Behavioral Clusters

31st October 2006 Mobile Worms and Viruses

Proactive Approach

Virus Throttling AlgorithmQuarantine

Source: Bose, Shin (2006)

31st October 2006 Mobile Worms and Viruses

References Kaspersky Labs' Report on Mobile Viruses (September 2006)

– http://www.viruslist.com/en/analysis?pubid=198981193

– http://www.viruslist.com/en/analysis?pubid=200119916

– http://www.viruslist.com/en/analysis?pubid=201225789

Bluetooth vulnerabilities

– Haataja, K., “Two practical attacks against Bluetooth security using new enhanced implementations of security analysis tools”, CNIS 2005, Arizona, USA, November 14-16, 2005.

– http://www.thebunker.net/security/bluetooth.htm

– http://www.darknet.org.uk/2006/02/locate-anyone-in-the-uk-via-sms/

Protective Measures:

– MOSES: http://www.princeton.edu/ sravi/security.htm∼

– Bose, Shin, “Proactive Security for Mobile Messaging Networks”, WiSe '06, September 29, 2006.

Thank You

31st October 2006 Mobile Worms and Viruses

Questions???