Difference between pages "Mobile malware" and "File:Y301-A1 taps.jpg"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
Line 1: Line 1:
Mobile malware is software created to infect or gain access to mobile devices such as [[cell phones]], [[tablets]], and [[PDAs]].
== History ==
Mobile malware was initially considered to be a hoax until it became obvious that malicious software existed and functioned on mobile devices. The earliest recorded mobile malware was called Cabir. It was released in 2004 and was designed to infect [[Symbian]] OS platforms via a Bluetooth connection. It was essentially harmless, but nonetheless proved to the public that worms could be found on mobile devices.
== Recent Trends==
Since mobile devices usually contain private and valuable information, mobile malware has recently began moving toward having a specific purpose (usually exploiting information) as opposed to viruses created solely for bragging rights.
== Attack Types ==
=== Bluetooth ===
Attacks via [[Bluetooth]] have the ability to infect any phone with Bluetooth capabilities and can even exploit feature phones. These proximity-based attacks use the local Bluetooth network, usually in a crowded area, to send unwarranted requests to phones. Since Bluetooth can be used to transmit files, malicious executables can be sent across the network to everybody that accepts the request and installs the software. Some of these attacks, such as the Cabir, are worms which send out the request from an infected phone without the user knowing, thus quickly spreading it from phone to phone. Protection from these attacks is simple - cell phone users should not leave Bluetooth on, and it if is left on, users should not accept requests from unknown connections.
=== Application Marketplace ===
Malicious software can easily be installed via application marketplaces. For example, according to webroot.com, applications disguised as Angry Birds level unlockers were available in the Android Market. Once installed, the creator had access to precious information such as the browsing history, bookmarks, etc. The application also contacted a remote server that gave the phone instructions for downloading additional malware.
To protect against this kind of attack, users can judge the legitimacy of the application with a few simple guidelines. Applications that require a lot of permissions for no apparent reason should be avoided. Also, the credibility of a publisher can easily be researched if the user is unsure about it.
=== WiFi ===
Information can be stolen from devices when they are connected to public [[WiFi]] hotspots. Users should not do banking, shopping, or other tasks that expose personal information while connected to unsecured networks. This is not an issue unique to mobile devices, but because of their nature, they are more likely to be in public places on these networks.
=== SMS ===
[[SMS]] attacks are generally of the same nature. Malicious software is installed on the phone by some means which continually sends unnoticed text messages from the user's phone to premium numbers which creates charges on the user's account. According to Kaspersky Labs, the SMS-Trojan was first discovered for the Android operating system in early 2011. The news report says, "The Trojan-SMS category is currently the most widespread class of malware for mobile phones, but Trojan-SMS.AndroidOS.FakePlayer.a is the first to specifically target the Android platform." To protect against these attacks, users should be cautious of what applications are installed on their devices and who the creators of the applications are.
SMS attacks can also simply be spam messages with links to malicious sites. The problem with this type of attack is that it must target specific phones in order to execute scripts that are compatible.
=== QR Codes ===
Because [[QR Codes]] are completely obfuscated by nature, they provide the means of taking curious smartphone users to malicious web sites. If there is a QR code standing by itself, some people will get curious and scan it. Another means of getting people to scan the code is to place a malicious stamp over an existing one so that it is disguised as a valid QR code. A third way of presenting malicious codes to the public would be digitally through email.
QR Code attacks work by taking the person that scans it to a website that perform malicious activities. For example, according to darkreading.com, a QR code that is distributed to target iOS devices might navigate the web browser to a site that will jailbreak the phone and then install malware on it once the built in security can be altered.
To protect against these attacks, smartphone users should only scan QR codes with software that allow them to confirm the action the code elicits.
== External Links and Resources==
[http://safeandsavvy.f-secure.com/2011/06/14/a-quick-guide-to-mobile-malware-part-1-2/ A Quick Guide To Mobile Malware]
[http://www.cs.berkeley.edu/~afelt/mobilemalware.pdf A Survey of Mobile Malware in the Wild]
[http://www.readwriteweb.com/archives/6_mobile_malware_predictions_for_2012.php 6 Mobile Malware Trends for 2012]
[http://en.wikipedia.org/wiki/Mobile_virus Wikipedia entry regarding mobile malware]
[http://www.darkreading.com/mobile-security/167901113/security/news/232301147/qr-code-malware-picks-up-steam.html QR Code Malware Picks Up Steam]
[http://www.kaspersky.com/about/news/virus/2010/First_SMS_Trojan_detected_for_smartphones_running_Android First SMS Trojan Detected for Smartphones Running Android]
[http://blog.webroot.com/2011/06/10/android-plankton-angry-birds-cheating-malware-contains-bot-like-code/ Android Malware Contains Bot Like Code]
== Mailinglists ==
* [http://groups.google.com/group/mobilemalware mobile.malware Google Group]

Revision as of 22:44, 14 December 2013