mobile viruses and worms (project group 6) amit kumar jain amogh asgekar jeevan chalke manoj kumar...
TRANSCRIPT
Mobile Viruses and Worms
(Project Group 6)
Amit Kumar JainAmogh AsgekarJeevan ChalkeManoj KumarRamdas Rao
31st October 2006 Mobile Worms and Viruses
OutlineIntroductionClassificationThreats posed by mobile worms and viruses
Case StudiesFuturistic ThreatsProtective Measures
Introduction
31st October 2006 Mobile Worms and Viruses
Introduction
What is a Mobile Virus?– “Mobile” : pertaining to mobile devices
• cell phones, smart phones, PDAs, ...
Mobile Virus vs. Computer VirusMobile Malware:
– “Malware”: Malicious Software– All kinds of unwanted malicious software
31st October 2006 Mobile Worms and Viruses
Differences with PC Although similar OSes are being used,
differences exist: Lesser users of mobiles are less “tech literate” Implies that it is difficult to “rollout security
patches” to phones already sold Mobiles are always “connected” and switched
on “Environment” keeps changing
Imagine one infected phone in a stadium full of people
31st October 2006 Mobile Worms and Viruses
Differences...
On the positive side: Several variants of phones exist
A malware for one type of phone may not necessarily be able to infect others
E.g., A virus that uses an MMS exploit cannot infect a phone that does not have that facility at all
Mobile malware not yet causing critical harm At most
they increase the user's billing, or cause the mobile phone to stop working (can be restored
by a factory reset)
Classification ofMobile Worms and Viruses
31st October 2006 Mobile Worms and Viruses
Classification
Behavior Virus Worm Trojan
Environment Operating System Vulnerable Application
Family name and Variant identifier
31st October 2006 Mobile Worms and Viruses
Classification (examples)S
ou
rce:
Kas
pers
ky L
abs
31st October 2006 Mobile Worms and Viruses
Mobile Virus Families
The increase of known mobile malware variants
Increases in known mobile malware families
Complete (as of 30th August 2006) list of mobile virus families according to Kaspersky Lab classification.http://www.viruslist.com/en/analysis?pubid=200119916
31st October 2006 Mobile Worms and Viruses
Current threats by mobile malwareFor financial gain / loss
Unnecessary calls / SMS / MMS Send and sell private information
Cause phones to work slowly or crashWipe out contact books and other information on the phone
Remote control of the phoneInstall “false” applications
Case Studies
31st October 2006 Mobile Worms and Viruses
Case Study – CABIR
First mobile wormOnly as Proof-Of-ConceptSpread vector – BluetoothInfected file – caribe.sis15 new variants exist
31st October 2006 Mobile Worms and Viruses
Case Study - ComWar
Second landmark in mobile wormsSpread vector - Bluetooth and MMSLarge spread area due to MMSNot as proof of concept – Intention to harm by charging the mobile user
Multiple variants detected
31st October 2006 Mobile Worms and Viruses
Case Study - CardTrap
First cross-over mobile virus foundCan migrate from mobile to PCPropogates as infected mobile application as well as Windows worm
2 variants found – Both install with legitimate applications – Black Symbian and Camcorder Pro
Futuristic Threats
31st October 2006 Mobile Worms and Viruses
Futuristic Developments
Location TrackingCamera and Microphone BugLeaking Sensitive InformationDDOS attack on Mobile Service Provider
Protective Measures
31st October 2006 Mobile Worms and Viruses
Securing against attacks
System level security MOSES
Network Level Security Proactive approach
31st October 2006 Mobile Worms and Viruses
MOSES
MObile SEcurity processing System– Ravi (2005)
Two levels of defenses – Hardware and Software
Hardware – Application FencingSoftware – Encryption
31st October 2006 Mobile Worms and Viruses
MOSES
• Secure boot and run-time memory protection – prevents software (virus) and physical (code
modification) attacks
• Provides crypto functions and meets performance and power targets
• Provides protection to any sensitive data or cryptographic keys against common attacks
31st October 2006 Mobile Worms and Viruses
Proactive Approach
Paper by Bose, ShinReduce the impact of an attackGenerate Behavior VectorsForm Behavioral Clusters
31st October 2006 Mobile Worms and Viruses
Proactive Approach
Virus Throttling AlgorithmQuarantine
Source: Bose, Shin (2006)
31st October 2006 Mobile Worms and Viruses
Questions???
31st October 2006 Mobile Worms and Viruses
References Kaspersky Labs' Report on Mobile Viruses (September 2006)
– http://www.viruslist.com/en/analysis?pubid=198981193
– http://www.viruslist.com/en/analysis?pubid=200119916
– http://www.viruslist.com/en/analysis?pubid=201225789
Bluetooth vulnerabilities
– Haataja, K., “Two practical attacks against Bluetooth security using new enhanced implementations of security analysis tools”, CNIS 2005, Arizona, USA, November 14-16, 2005.
– http://www.thebunker.net/security/bluetooth.htm
– http://www.darknet.org.uk/2006/02/locate-anyone-in-the-uk-via-sms/
Protective Measures:
– MOSES: http://www.princeton.edu/ sravi/security.htm∼
– Bose, Shin, “Proactive Security for Mobile Messaging Networks”, WiSe '06, September 29, 2006.
Thank You