Friday, October 28, 2022

Mobile Malware - Hype or Threat? - An Analysis

NOTE:

I wrote this article in 2006.

You've definitely witnessed the ongoing speculations on whether or not mobile malware represents the type of threat some vendors got accused of hyping. Malware authors have this unique position to follow the trend, understand when an approach gets mature enough to think of how to reset it, and then all of a sudden completely shift their techniques -- which results in P2P, IM, Email, and yes, Skype as the "next big thing" on the malware scene type of weekly media articles. 

It's all cyclical, and not a rocket science needing a reverse engineer to explain and dazzle you with advanced Assembly experience.

There are incentives for malware authors to code mobile malware, namely the commercialization of mobile malware itself, which happened in the middle of 2006 with the release of the RedBrowser. Among the key point I indicated in my "Malware - Future Trends" research that I released in the beginning of 2006. The ugliest things are the easiest to emerge as always.

The very nature of a mobile phone's voting and purchasing power, let's not mention could literally provoke your imagination on the possible abuses.

Why would an end user start asking a mobile operator's representative on the availability of mobile anti virus scanners? Because he or she would have been a victim the art of market development, viral 

The industry's main points:

- more people have mobile phones then they own a personal computer -- which doesn't mean they're all smart phones running Symbian or Windows Mobile

- over 300 generically detected malware samples, reminds of the concept of a malware family in PC malware world. These are all the Cabir family, spread to code on the Internet and have ordes of script kiddies fueling the FUD while watching Takedown and inspiring themselves to eavesdrop on someone's mobile communication while "commuting" in the park

The reality

- Anti virus vendors suffer from marketing myopia, they've simply fallen in love with their products, and we all know that once you fall in love it's hard to become as pragmatic as you used to be before -- sweet pain

- the majority of known mobile malware comes out of a Cabir Proof of Concept (PoC) publicly available code, that is the spreading routine within. Namely the current threat represents nothing more than a mobile malware family, and there's no such thing as a perfect family

- Malware authors are too busy to efficiently play cat and mouse game and taking advantage of the about to reach 1B world wide Internet population.

- the end user MUST confirm the unknown Bluetooth connection, if she's in discoverable mode, must confirm the execution of the executable from unknown source

- given that Symbian and Windows Mobile dominate the mobile OS space, a vulnerability in the systems is crucial

- Anti virus signatures are basically a reactive security protection

I once argued on the myth of anti virus vendors sharing every malware sample they came across, in between the "usefulness" of virus signatures in today's open source malware, and malware on demand world

How to protect yourself?

- be aware of the basics of mobile malware

- don't install applications from untrusted on-the-go sources

Do you need a personal anti-virus scanner for your mobile phone? No, you don't, but mobile operators need them on the gateway level, the rest is just your mobile operator differentiating its offering, positioning itself as a conscious one, and further fueling growth into the market -- whether revenues are about to get spent on further R&D on mobile malware, or market development with other products is up to the vendors themselves. 

It's your network operator who should be responsible for limiting the spread of potential epidemics, and charging a buck for a slight modification of Cabir's PoC spreading module, brings us back to the same old issue with open source malware, or malware of demand and anti virus signatures usefulness and recency of updates. My point, the responsibility for dealing with general and  family based mobile malware, the one we're seeing today, should go to my mobile operator, not to myself getting infected and spreading the decease even further. 

The average mobile phone user would start enjoying a provider's brand even more, if he's been talked into the huge dangers posed by mobile malware -- from a marketing point of view he would even spread the word further while trying to let the other perceive him/her as a tech savvy individual with a fancy AV scanner on his couple hundred.

Targeted attacks have a huge potential though, while a mass sending of mobile malware would result in the mobile operator directly blocking it, and merely relaying on the end user to take care of their responsibilities. All you need is a wide spread mobile malware dissemination attempt, and then you'll witness your operator using his ownership powers to shock and awe you with its know how.

Wise investments are not always those that seems the most proactive ones, but the ones taking advantage of the momentum.

Remember, the best marketers don't just respond profitably to the consumer's needs, they create new markets. It's the unspoken rule of the game.

What's next? Anti virus software for your gaming device and music player, as well as for your IPv6 compatible fridge? For sure, but in the very, very long run. Meanwhile, be aware, don't panic, and try to base your concerns on objective and unbiased sources only.

Stay tuned!

No comments:

Post a Comment