Monday, April 6, 2009

Mobile Phone Viruses

There's a very interesting article in the latest issue of Science titled "Understanding the Spreading Patterns of Mobile Phone Viruses". While the whole article isn't online, the supporting documentation is available - but if you want to read the article, then you'll have to pick up a copy of the latest Science magazine.

The article covers the spread of mobile phone viruses and makes use of a dataset associated with 6.2 million mobile customers and some 10,000 mobile phone towers. I hope that data was sufficiently anonymized.

From the abstract:
"We model the mobility of mobile phone users to study the fundamental spreading patterns characterizing a mobile virus outbreak. We find that while Bluetooth viruses can reach all susceptible handsets with time, they spread slowly due to human mobility, offering ample opportunities to deploy antiviral software. In contrast, viruses utilizing multimedia messaging services could infect all users in hours, but currently a phase transition on the underlying call graph limits them to only a small fraction of the susceptible users. These results explain the lack of a major mobile virus breakout so far and predict that once a mobile operating system’s market share reaches the phase transition point, viruses will pose a serious threat to mobile communications."

I've been looking in to mobile phone viruses and methods for protecting against them for a few years now, and I'd largely agree with the findings of the article and there are some very pretty diagrams as to how the viruses propagate via Bluetooth and MMS, which is helpful in introducing others to the topic.

An area of contention though relates to the MMS propagation path. While MMS viruses can propagate very fast and to a much broader population (requiring no physical proximity), unlike Bluetooth viruses, they are much easier to stop. Since the payloads have to pass through the carriers MMS transport, it is easy to intercept the malicious content centrally - thereby halting propagation.

To some degree the major carriers have started down this path, and were eventually successful against mobile viruses like CommWarrior a few years back. Future mass-MMSing malware will be easy enough to detect and stop using the technologies already in place - subject to client-side polymorphism adoption (which hasn't been done seriously beyond some proof-of-concept samples -- yet!).

An area of future concern though is standard Web propagation techniques. Since most new smartphones allow comprehensive Internet access and have their own Web browsers (and other online services), I believe that mobile phones are increasingly going to fall to drive-by-download attack vectors and most of the badness that desktop hosts have been combating for several years.

That said, I don't think that third-party developed host-based protection (e.g. "desktop" Anti-virus) is a real solution for mobile phones. The dynamics between carrier, device and customer are very different when compared to desktop relationships. The consequence of this different relationship is that the mobile phone carrier has to do the heavy lifting in protection but, more importantly, they're in a much better position to do this.

1 comment:

  1. It would be particularly interesting if Bluetooth-transmitted virus outbreak follows the same spreading patterns as human viruses. This could be useful in modelling pandemic outbreaks for example.