Network, device strategies needed to fight mobile malware

The evolution of mobile phones into smart mobile computing devices has brought with it an unwelcome side effect: malware and potential security breaches. This week’s attack on the iPhone, although it proved to be inconsequential, illustrated the vulnerabilities in today’s advanced smartphones. In response to heightened security needs, the Georgia Institute of Technology and a number of security vendors are stepping up their efforts around security at both the network and the device level.

Traditional cell phones have been ignored by attackers because they were specialty devices, but that is beginning to change, as increasingly PC-like smartphones become the norm for handset manufacturers in the US. Two assistant professors with the School of Computer Science at the Georgia Tech, Patrick Traynor and Jonathon Giffin, received a three-year $450,000 grant from the National Science Foundation to develop tools to address the new issues in mobile devices at the telecom network level. With a team of graduate students, the professors’ goal is to identify and remotely repair mobile devices that may be infected with viruses or other malware.

Today, carriers can identify mobile devices that are acting up on the network, but they don’t have a solution outside of turning off the service, Giffin said. With that as the alternative, they typically don’t take any action for fear of losing that customer, he said. Given this, the researchers are taking the approach that attacks will happen, but steps can be taken after the fact to recover. While it might be the same attackers that have infiltrated the PC world, it can’t be handled the same way on mobile, Giffin said, leading Georgia Tech to explore the problem from the network level, not the handset.

“If you have software that is always running and monitoring your phone, like anti-virus software would do, that will run down the battery,” Giffin said. “Your phone is a more constrained device. It has power constraints and computational constraints. It is a much slower processor than the desktop system. As a result we have to develop new solutions.”

The threats of malware are that it could potentially eavesdrop on user input, steal sensitive information, destroy stored information or disable a device. Giffin said attackers could use the network improperly to snoop on passwords for online accounts, electronic documents, e-mails that discuss sensitive topics, phonebook entries and more. In the case of the iPhone “Rickrolling” worm, it was an Australian hacker, called ikee, testing out a harmless worm that installs pictures of Rick Astley from ‘80s fame on home screens of unlocked iPhones. This bug, the first reported on the iPhone 3G S, turned out not to be detrimental, but it could have been a lot worse.

The researchers are building a cellular network test bed at Georgia Tech to simulate how cellular devices communicate over the network. Infected devices can over-utilize the network by sending a high volume of traffic to a known malicious Internet server or by generating a high volume of spam text messages, so Giffin’s hypothesis is that monitoring traffic patterns on the network should allow them to locate the infected phones and clear the malicious code remotely, without any intervention required of consumers.

Next Page: SECURITY AT THE DEVICE LEVEL