Mobile MalwareTopic #5 – Information Assurance and Security Michael Fine
Mobile Malware • Malware for starters is also known as malicious software, which is software that is designed to sneak into a person’s computer and perform harm on a targeted system without the user’s knowledge of the breach of access. • The computer virus is a flattering remark of malware to identify a variety of unwelcome, intrusive, and annoying software or program code. Malware includes computer viruses, worms, Trojan horses, root-kits, spyware, and adware. • Mobile Malware • Cell phones evolved into smart-phones with the capabilities to download programs from the Internet and share software. • Vulnerabilities arise in mobile technology with short range Bluetooth connections, world-wide multimedia messaging service communication and memory cards.
Greatest Threats • Text messages • Contacts • Video • Phone transcriptions • Call history • Documentation • Buffer overflows
Text Messages • Phishing SMS (short message service) • A.K.A SMiShing • Malware that uses text-messaging APIs to send fake messages to people on your contact list. This is similar to email spoofing. • This type of phishing has an even higher likelihood of success because of the victims’ lack of awareness.
Contacts • In a corporate environment, the contact list is one of the most important features of a smart phone. • Theft of corporate contact data could have dire consequences for the employee and the company. • Mobile malware can “steal” a contact list. • It can send out short messages containing malware or a link to malware. • An example, which I consider a celebrity testimonial. • Paris Hilton – Nokia Sidekick …
Video • Most mobile phones now have a video and a photo camera. • Mobile malware could take over the phone and use the camera to snap photos with the owners informed consent. • Difficult to get a good angle when the malware wants to use the camera. • If the attacker is skilled, he/she could automate the exploitation using the camera. • The security of the photos and video already on the device is much easier to exploit. • Malware could search for all JPG files and send those files to a malicious third-party via the wireless network
Phone Transcripts • Your mobile phone can to suddenly turn into a tape recorder. • Using the mobile voice-recording application, malware could indeed change a mobile into a tape recorder. • Limits… nay, nay! • Mobile phones have limited storage space, however, so malware cannot record indefinitely. But, it could send the recorded file to an attacker via Multimedia Message Service. • If the attack were combined with the SMS interception technology, the malware could use SMS to activate the recording function. • Enabling the mobile phone into a tape recorder that could be turned on and off remotely.
Call History • Call history list can be valuable, and malicious programs can read this information. • Users should pay attention to their call history. • Periodically delete unnecessary records to lessen the severity of an infection.
Documentation • Many mobile phone users read and store Word, Excel, or PDF files on their mobile phones. • Files with the extensions • *.doc • *.xls • *.pdf • The above extensions are likely to become popular targets for mobile malware thieves.
Buffer Overflows • Plague mobile devices. • Slows data connectivity • Causes a phone call to get dropped. • Your phone can be experiencing a buffer overflow and you’re not even aware.
Prevention • The best way to protect your mobile device is to keep malware off in the first place. • Use the same precautions for your phone as you would for your Windows laptop computer. • Use a combination of both PC-based anti-virus software and mobile anti-virus software • Mobile users should follow the same safe browsing practices they perform at their computers. • Accept only programs that bear digital signatures. • EX. Programs that have passed the Mobile certificate test and are developed by legitimate commercial software vendors. After your mobile has been infected by malware, removal can be complicated!!
What we have learned… • Be careful with Wi-Fi and Bluetooth • Backup Frequently • Install mobile anti-virus software • Do not save business data on your mobile phone
Final thoughts… • It is essential to exercise extreme caution. • Why? • Your phone is your livelihood • There are mobile phones using the Windows Mobile OS. • Convenient and are growing in popularity • Use the many APIs • There is a lack of security awareness from users. • Malware writers will continue to attack with the powerful promise of financial gain. • Ex. Pop-up “Earn $5000 a week working from home!” • If we let out guard down then we will run into significant risks from Mobile Malware.