Mobile phone viruses began to emerge, the first mobile phone virus was called Caribe, it was created to infect the Symbian mobile OS. By using the Bluetooth communication feature it was able to spread from phone to phone and upon activation of the device it would display the message “Caribe”. In 2009 the first iPhone worm “Ikee” was created it was able to infect and spread among jailbroken iPhones that had installed SSH while using the default root password. This worm changes the wallpaper of your lock screen to a photo of Rick Astley with the message: “ikee is never going to give you up.” As of 2011, it ‘s reported that as much as 73,000 malware strains are written every day. Considering that mobile smart phones have slowly been replacing our PC’s daily to do task, we are more at risk now that these malwares are being increasingly written for mobile phones. Just look at history and what occurred with PCs: It may have started as a practical joke, but soon after users started putting more increasingly personal information it slowly turned from a joke into a more malicious purpose. History always repeats itself and it will be no different with smartphones and with this growing issue we need to be ready to increase our mobile security.
Mobile malware that exists for mobile devices varies depending on the platform it’s trying to infect. For example, An Android Trojan is Backdoor.AndroidOS.Obad.a. It is a multi-functional Trojan that enables remote control of the device and allows the programmer access to install programs on to the phone to further infect your device. The Trojan spawned from vulnerability in the DEX2JAR software. DEX2JAR is a program that is used to convert an APK file into a JAR format, which is an executable java file format. Also a hole in the Android operating system was introduced. The virus modifies the xml file (AndroidManifest.xml) to bypass Google standards and allows exploitation on the device. There isn’t a user interface to acess the Backdoor.AndroidOS.Obad.a Trojan, and the program continues to spread in the background processes of the device.
Ikee, was the first worm that was known for iOS devices. The worm replaces the wallpaper with a photograph of the singer Rick Astley. It was done through ssh protocols that were made available by jailbreaking an iOS device. Jailbreaking is the process of hacking into the iOS operating system and deleting the restrictions applied by Apple. Apple’s iOS operating system without jailbreaks has still seen many trojans and worms that spread through the App Store, for example the attack on the App Store is by a Russian application that took the user’s contact book information and uploaded the contacts to a server. This app has been removed through from the App Store after being closely monitored with Kaspersky anti-virus. Several instances have occurred in which users with jailbroken iPhones have had private data stolen from their phone. The name of the worm that is commonly linked to stealing private data on iPhones is iPhone/Privacy.A.
The tool scans the Wi-Fi network and searches for jailbroken iPhones. After finding the phone the tool copies all data from SMS messages, videos, emails and so on. The program is run on the background while the user continues to use their phone. Statistics from the last few year show the mobile device world has become a major targets for cybercriminals. According to IDC (International Data Corporation), during the first quarter of 2012, Android recorded a year over year rise to an approximate 145% in market share and sales, becoming the most attacked operating system due to the sheer size of its market share and open source architecture. In 2013, nothing was significantly changed in terms of the mobile operating systems that are targeted by malware, Android is still the number one target and other OS get anywhere closer. In the first half of 2013, McAfee Labs researchers counted an approximation of 36,699 mobile malware samples, where 97% of those samples were designed to attack Google Android; by the end of this year the mobile malware samples reached 148,778 according to the Kaspersky Security Bulletin for 2013. The reasons for this are Android’s leading market position, based on the incidence of third party app stores and its open source architecture, which make it easy to use for everyone: app developers and malware authors as well. Therefore this trend is not expected to experience any change in further years. On the next graphs it is possible to see this trend and how it has changed over the past three years. Fig A. Mobile Malware trend by OS (2011) Fig B. Mobile Malware trend by OS (2012)
Mobile Malware trend by OS (2013) The most critical factor that comes along with the mobile malware development has been the growing use of mobile devices as a form of secondary authentication for user credentials or online transactions. The most common manifestation of this is the mobile transaction authentication number (mtan), which is the authentication used by some banks during online banking transactions. Malware developers are currently able to avoid this extra level of protection by creating a mobile application that catches the SMS messages used to validate these transactions, one example of it is the popular mobile banking Trojan. On the next graph it is shown the malware distribution by behavior type. Fig C. Malware distribution by behavior type Fig D. Malware distribution by behavior type Finally, according to Juniper Networks the Mobile malware is becoming “an increasingly profitdriven business”. Mobile vulnerabilities are no longer just a playground for cybercriminals, but have become a common practice to accomplish the new main purpose, which is the financial profit. The following graph shows the comparison between discovered threats that are profit-motivated versus non-profit-motivated ones. Fig E. Mobile Threats profit-motivated versus nonprofit-motivated
V. Future Examples of malware and research a. Android: One Root To Own Them All This is a vulnerability showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013. The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed. It allows for APK code modification without breaking the cryptographic signature. Therefore, that in turn is a simple step away from system access & control. The vulnerability affects a wide number of Android devices, across generations & architectures, with little to no modifications of the exploit. b. Android SpyPhone Service The Android SpyPhone service can be injected into any Android application. Phones can be tracked and operated from a Web based command and control server. The application can be used to track the phone ‘s location, intercept phone calls and SMS messages, extract e-mail and contact lists, and activate the camera and microphone without being detected. c. Compromised CDMA Femtocell A Femtocell is a low-power cellular base station given or sold to subscribers by mobile network operators. It works just like a small cell tower, using a home Internet connection to interface with the provider network. When in range, a mobile phone will connect to a femtocell as if it were a standard cell tower and send all its traffic through it without any indication to the user.
The state-of-the-art authentication protecting cell phone networks can be an imposing target. However, with the rising popularity of femtocells there is more than one way to attack a cellular network. Inside, they run Linux, and they can be hacked. A femtocell can be used for traffic interception of voice/SMS/data, active network attacks, and can even be able to clone a mobile device without physical access.. d. iOS Device Malicious Chargers Despite the plethora of defense mechanisms in iOS, it is possible to inject arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, because it requires neither a jailbroken device nor user interaction. An iOS device can be compromised within one minute of being plugged into a malicious charger. USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, an attacker can hide their software in the same way Apple hides its own built-in applications. To demonstrate practical application of these vulnerabilities, a proof of concept malicious charger was built, called Mactans, using a BeagleBoard.
This hardware illustrates the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, it is mind bottling what more motivated, well-funded adversaries could accomplish. VI. Conclusion With the threat of “Mobile Malware” looming in the air, the desire to give the general public fair warning has never been greater. This paper was intended to provided that knowledge the general public needs and will reinforce the topic to those who were already aware. The history of malware gave you a look into the not so distant past. The discussion of technical examples of malware was intended to show you how rapidly the threat is developing along with the statistics of malware’s current expansion, and the future examples of malware and research showed you concepts that were unimaginable to the common electronic consumer. The majority of malware was originally designed to be a practical joke, but as we can see from the ever growing desire for malicious intent, the evolution of malware has followed suite. We can only hope that the growing need for security can be met.