windows mobile 5.0 vulnerabilities

By admin  


Malicious attacks on mobile devices

Malicious attacks on mobile devices

B. Madar

Asst.Professor.

Department of Computer Science

Alluri Institute of Management Sciences

Email: bandu_madar@yahoo.com

Md.Nayeemuddin

Asst.Professor

Department of Computer Science

Alluri Institute of Management Sciences

Email: mohd.nayeemuddin @ gmail.com

ABSTRACT

This article examines the extent of the attacks malicious software (malware) threats to mobile devices. The risks for the wireless industry are high. While malware is widespread among 1 billion PCs, approximately twice as many mobile phone users now enjoy a malware-free experience. However, since the appearance of Cabir worm in 2004, the malware mobile devices has been developed relatively quickly, primarily aimed at the Symbian smartphone platform popular. Events most significant in the evolution of malware is said to suggest that mobile devices are attracting more sophisticated malware attacks. Fortunately, a number of defenses based on host-based network have been developed from decades of experience with PC malware. The activities are being undertaken to improve protection of mobile devices before the malware problem becomes catastrophic, but the developers are limited by the capabilities of devices hand.

Keywords: Malware, Smartphone, Trojan Horse, virus, vulnerabilities, worms



1. INTRODUCTION

Most people are aware that malware (Malware) is widespread in progress with computers connected to Internet. Statistics on the prevalence of malware and users' personal stories PC concerned, they are easy to find. PC malware goes back to at least 1986 Brain virus and worm Robert Morris Jr. in 1988. Many variants of malware have evolved over 20 years. WildList October 2006 (www. wildlist.org) contained 780 viruses and worms are the dissemination of "In the Wild" (on PC actual users), but this list is known to comprise a small subset of the total number of existing viruses. The prevalence of malware has been evident in a 2006 CSI / FBI survey reported being 65% of the organizations affected by malware, the most common type of attack.

Taxonomy introduce malware definitions shown in Figure 1, but the classification is sometimes difficult because a piece of malware often combines multiple features. Viruses and worms are characterized by the ability to self-replicate, but differ in their methods (Nazario, 2004; Ször, 2005). A virus is a piece of software code (together instructions, but not a complete program) attached to a normal program or file. The virus depends on the implementation of the host. At some point in the implementation, the code of the virus hijacks the control of the implementation of the program to make copies of itself and attach copies of these additional programs or files. By contrast, a worm is a standalone automated program that searches for vulnerable computers via a network and copies itself to the victims in danger.

Non-replicating malware typically hide their presence on a team or at least hide their malicious function. The malware that hides a malicious function but not necessarily its presence is called a Trojan horse (Skoudis, 2004). Usually Trojans posing as a legitimate program (eg a game or a device driver) and generally are based social engineering because they can not self-replicate. Trojan horses are used for various purposes, often confidential data theft, destruction, door Rear remote access, or installation of other malware. In addition to Trojan horses, many types of non-viral replication conceal his presence to carry out malicious function on a victim machine without detection and removal by the user. Common examples include bots and spyware. Search Engines secretly installing software that secretly listening for remote commands, usually sent via Internet Relay Chat (IRC), and run on the compromised computer. Spyware collects personal information from a victim user's computer and transmits data through the network, often for advertising purposes, but possibly for theft data. Spyware is often bundled with shareware or secretly installed through social engineering.

Fig 1. Malware taxonomy

Since 2004, the malware has been observed to spread between smartphones and other mobile devices through wireless networks. According to F-Secure, the number of known malicious programs to smartphones is approximately 100 (Hypponen, 2006). No But some believe that the malware will inevitably become a serious problem (Dagon, Martin, and Starner, 2004). Complex has already been threats, blended malware on mobile devices. In a few years, mobile viruses have grown in sophistication in a way that recalls 20 years of PC evolution of malware. Unfortunately, Mobile devices were not designed for security, and have limited defenses against continually evolving attacks. If current trends continue, propagation malware through wireless networks could consume valuable radio resources and substantially degrade the experience of wireless subscribers. In the worst case, the malware could become as common on wireless networks as the Internet with all its risks of data loss, identity theft and worse. The mobile market is growing rapidly, but negative experiences with mobile malware could discourage and inhibit subscribers market growth.

The concern is serious because wireless services are linked to accounting and charging mechanisms; the use of wireless services, whether for legitimate or malware will result in charges paid. Therefore, a subscriber of victims not only suffer the experience malware, but can also be billed additional service charges.

This article examines historical examples of malicious software and current environment of mobile devices. potential vectors of infection are explored. Finally, existing defenses are identified and described.

2. BACKGROUND

Mobile devices are an attractive target for several reasons (Hypponen, 2006). First, mobile devices have clearly progressed much in terms of hardware and communications. PDAs have gone from simple organizers miniature computer with its own operating systems (such as Palm or Pocket PC / Windows Mobile) you can download and install a variety of applications. Smart phones combine the communication capabilities of mobile phones with PDA functions. According to Gartner, nearly 1 billion cell phones will be sold in 2006. Today, smart phones are a small fraction of the global handset market cell. According to Computer Industry Almanac, 69 million smartphones will be sold in 2006. However, shipments are growing rapidly, and IDC predicts that smartphones will become 15% of all mobile phones in 2009. Approximately 70% of all phones intelligent run the Symbian operating system, from different manufacturers, according to Canalys. Symbian is jointly owned by Sony Ericsson, Nokia, Panasonic, Samsung and Siemens AG. Symbian is common in Europe and Southeast Asia, but less common in North America, Japan and South Korea. Japanese and Korean markets have been dominated by mobile based on Linux. The U.S. market has a variety of mobile platforms.

Almost all malware for smartphones has focused on the Symbian operating system. COPD descendant of Psion Software, which is structurally similar to desktop operating systems. Cell phones have traditional property integrated systems of exploitation that usually only accept Java applications. By contrast, Symbian application programming interfaces (APIs) are publicly documented so that anyone can develop applications. Packaged applications SIS file format can be installed at any time, which makes the devices Symbian more attractive to consumers and the creators of malware. Mobile devices are attractive targets because they are well connected, often incorporating various media wireless communications. Usually are able to access the Internet to surf the Internet, email, instant messaging and similar applications to the PC.

You may also contact the IEEE cellular, 802.11 wireless, Bluetooth short-range, short / multimedia messaging service (SMS / MMS). Another reason for its attractiveness to malware authors is the size of the target population. There were more than 900 million PCs in use worldwide in 2005 and climb past 1 billion PCs in 2007, according to Computer Industry Almanac. In comparison, there were about 2 billion mobile subscribers in 2005. The target population is large attractive to malware authors who want to maximize their impact.

Malware is relatively unknown to Today's mobile devices. At this time, only a small number of malware families have been in wireless devices, and malicious software is not a major threat in wireless networks. Due to the low threat, mobile devices have a minimum security defenses. Another reason is the limited capacity processing of mobile devices. While desktop PCs have fast processors and plug in power for almost unlimited mobile devices have less computing power and limited battery power. Virus protection software such as intrusion detection and host-based has a relatively high cost in the beverage industry and energy. In addition, mobile devices were never designed for security. For example, lack an encrypted file system, Kerberos authentication, and so on. In short, they're missing all the necessary components to ensure a modern, networked computing device.

3. MALWARE DEVELOPMENT PROCESS

The malware has already appeared on mobile devices through recent years (Peikari and Fogie, 2003). While the number is still small compared with the families of malware known to PC, a review of outstanding examples shows that the malware is constantly evolving. The intention here is not an exhaustive list of all known malware, but to highlight how The malware has been developed. Palm Pilot and Pocket PC were common before smartphones, and malware first appeared for the Palm operating system. Liberty Crack was a Trojan horse related to Freedom, a program emulating the Nintendo Game Boy on the Palm, reported in August 2000 (Foley and Dumigan, 2001). As a Trojan, which did not spread by self-replication, but it depended on which is installed on a PC that had the "liberty_1_1_crack.prc" file. Once installed in Palm, which appears on the screen as an application, Crack. When executed, it deletes all Palm applications.

Discovered in September 2000, phage was the first virus to target Palm PDAs (Peikari and Fogie, 2003). When executed, the virus infects all third-party applications by overwriting them (http://www.f-secure.com/v-descs/phage.shtml). When the icon of a program is selected, the screen turns gray and leaves the selected program. The virus can be transmitted directly from other palms or indirectly infrared radiant through synchronization with the PC. Another Trojan horse found at the same time, steam is installed on a Palm application as "vapor.prc" (Www.f-secure.com/vdescs/ vapor.shtml). When executed, change the file attributes of other applications, making it invisible (but not actually remove them). Not self-replicate.

In July 2004, Duts is a proof of concept virus, the first target Windows Pocket PC. It asks the user for permission to install. If installed, attempts to infect all EXE files larger than 4096 bytes in the current directory. Later, in 2004, Brador was a backdoor for Pocket PC (www.f-secure.com/v-descs/brador.shtml). It installs the file "svchost.exe" in the home directory for that start automatically when you boot device. A host then read local IP address and the e-mail to the author. After an email to your IP address, the backdoor opens a TCP port and starts listening for commands. The back door is able to upload and download files, execute arbitrary commands, and display messages to the PDA user. The Cabir worm found in June 2004 was a milestone marking the trend away from PDAs and smartphones to run the Symbian operating system. Cabir is a proof of concept worm, the first for Symbian, written by a member of a virus writing group 29A (www.f-secure.com/ v-descs/cabir.shtml).

The worm is carried in a file called caribe.sis "(Spanish for Caribbean the Caribbean). The SIS file contains autostart settings that will automatically execute the worm after the SIS file is installed. When Cabir worm is activated, will start looking for other (Detectable) Bluetooth devices within range. To find another device, try to send the file caribe.sis. Receipt and installation of the files requires the approval of the user after a notification message. It causes no harm. Cabir was not only one of first malware for Symbian, but it was also one of the first to use Bluetooth (Gostev, 2006). Malware is most commonly spread by email. The choice Bluetooth technology means that Cabir would spread slowly in the wild. An infected phone would have to find another smartphone within Bluetooth range and the target user would gladly accept the file transmission of the worm, while the devices are within range of each other.

In August 2004, the first Trojan horse for smartphones was discovered. Appeared to be a cracked version of a game of mosquitoes Symbian. The Trojan makes infected phones to send SMS text messages to phone numbers resulting in charges to the owners of the phones. In November 2004, Trojan horse-skull was found to infect Symbian Series 60 smartphones. The Trojan is a file called "theme extended. SIS", a theme manager for Nokia 7610 smartphones. If executed, it disables all applications on the phone and replaces the icons with skull and crossbones. The phone can be used to make calls and answer calls. However, system-wide applications such as SMS, MMS, Web browsing, and the camera does not work. In December 2004, Cabir Skuller and merged to form Metal Gear, a Trojan horse masquerading as the game of the same name. Metal Gear skulls used to disable antivirus on a device. This was the first malicious code to attack antivirus Symbian smartphones. The malware also drops a file "SEXXXY.SIS", an installer add the code to disable the menu button on the phone. Then use Cabir to send to other devices.

In March 2005, or Commwarrior ComWar was the first worm to spread via MMS between Symbian Series 60 smartphones. Like Cabir, was also capable of spreading via Bluetooth. phones Infected search for Bluetooth devices within range, if found, the infected phone, the worm attempts to send a randomly named SIS file. But Bluetooth is limited to devices within 10 meters or less. MMS messages can be sent anywhere in the world. The worm attempts to spread via MMS to another phone is particular in the address book of the victim. MMS has the unfortunate side effect of incurring costs to the owner of the phone. In April 2005, the Cabir worm was Mabir similar to that of its ability to spread via Bluetooth. Had additional capacity to spread by MMS messaging. It listens for any message arriving MMS or SMS and answer with a copy of itself in a file called "info. sis."

Founded in September 2005, the Trojan horse aimed Cardtrap phones Symbian smart 60 and was one of the earliest examples of intelligent malware capable of infecting a PC. When installed on the smartphone, it disables several applications by overwriting main executable files. More interestingly, it also installs two Windows worms, Padobot.Z and Lightning, the phone's memory card. A run file Auto Padobot.Z copy the worm, so if the memory card is inserted into a PC, the file autorun tries to execute the worm Padobot. The worm is a file named Rays "System. Exe" has the same icon as System folder in the memory card. The clear intention was to deceive a user to read the contents of the card on a PC running the worm Rays.

In August 2006, the worm Mobler for Windows PCs was discovered. It's not a real threat, but is suggestive of how the future of malware might evolve. When a computer is infected, the worm copies itself to different folders on local hard disks and means of writing (such as a memory card). Among its many actions, the worm creates a SIS program Archived makesis. Exe "and a copy of itself named" system.exe "folder Windows system. It also creates a Symbian installation package called "Black_Symbian.SIS." Is believed to be able to spread from one PC to phone, another example Multiplatform malware.

In January 2007, stated that "over 200 mobile viruses have been identified, a figure that doubles about every six months. Now is the time for IT managers and line of business heads within institutions to take measures to protect their companies and clients mobile malware. The most optimistic scenario takes place when the attacker does not know what is holding in his hands and his future actions will not involve affected individuals. The least optimistic that allows us the photo identity theft, bank accounts emptied in a twinkling of an eye and even the collapse of some financial institutions.

At the current time, it is unknown whether Mobler crossing and signal the beginning of a new trend towards multi-platform malware is spread equally between PCs and mobile devices. The combined potential target population would be nearly $ 3 million. The trend is not evident yet, but passing and Mobler suggest that the malware could multiplatform become possible in the near future.

4. INFECTION VECTORS

vectors for PC malware infections have changed over the years as computer technology developed. The virus initially spread by floppy disks. After floppy disks disappeared and became in the Internet connection everywhere, mass-mailing worms via email. Similarly, the vectors of infection by malware for mobile devices have changed in recent years

Synchronization: Palm and Windows PDAs were popular before cell Smart. PDA install the PC Sync software (Foley and Dumigan, 2001). For example, applications are packaged as Palm Palm resource (PRC) files installed from a PC. As noted earlier, the Palm malware usually based on social engineering to get installed. This is a slow infection vector for malware to disseminate PDA, requiring synchronization with a PC and then contact another PC that synchronizes with another PDA. Much faster infection vectors became possible when PDA and smart phones began to feature direct communication between mobile devices without having to go through PC.

E-mail and the Web: Internet access from mobile devices allows users away from their desks to use applications Common Internet, email and the World Wide Web. Most mobile devices can send and receive email with attachments. In addition, many can access the Web via a micro browser designed to render the web content on small screens of mobile devices. Current micro browsers are characteristics similar to regular Web browsers capable of HTML, WML, CSS, Ajax, and plug-ins. While e-mail and the Web are common vector for malware PC, have not been used as vectors to infect mobile devices to date.

SMS / MMS messaging: the commonly called text messaging, SMS is available on most mobile phones and PDAs. It is very popular in Europe, Asia (excluding Japan), Australia and New Zealand but has not been as popular in the U.S. other types of messaging. Text messages often used to interact with automated systems for example

to products or services or participate in contests. Short messages are limited to 140 bytes of data, but the content can be segmented and sent in several messages. The telephone receiver is responsible for reassembling the entire message. Short messages can also be used to send the binary content as ringtones or logos. While SMS is largely limited to text, MMS is an advanced messaging service allows the transmission of multimedia objects, video, images, audio and rich text. ComWar worm was the first to spread via MMS (including Symbian Series 60 smartphones). MMS has the potential to spread rapidly. ComWar increase their chances to go to other owners in your address book of the victim. Giving the impression of coming from an acquaintance, a message entrant is more likely to be accepted by the recipient. MMS is likely to remain a

vector of infection in the future.

Bluetooth: Bluetooth is a short-range radio communication protocol that allows compatible devices with Bluetooth (which could be mobile or fixed) within 10 to 100 meters to find and talk to each other. Up to eight devices can communicate with each other in a piconet, where a device operates in the role of "master" and the other in the role of "slaves." The master waits for its turn to communicate with each slave by round robin. The roles of teacher and slaves can be changed at any time.

Each Bluetooth device has a 48-bit address unique and permanent, and one elected Bluetooth user name. Any device can find other nearby devices, and devices configured to respond to give his name, class, list of services, and technical details (eg manufacturer, the device functions). If a device directly question the direction of a device, which will always respond to the requested information.

The Cabir worm was the first to use Bluetooth as a vector. Bluetooth is expected it is a slow infection vector. An infected phone would have to find another smartphone within a radius of 10 meters and the target user would willingly accept the file transmission of the worm, while the devices are within range of each other. Moreover, although the phones are usually dispatched Bluetooth discoverable mode, it is easy to change mode device invisible. This simple precaution would be more difficult for malware.

5. MALWARE DEFENSES

Protection rather than individual defense (hopefully perfect) (Skoudis, 2004). Fortunately, several defenses against Malware has evolved from decades of experience with PC malware. A taxonomy of malware defenses are shown in Figure 2. Defenses may be the first ranked in preventive and reactive (defensive). Preventive techniques help prevent malware infections through the identification and remediation of vulnerabilities, strengthening security policies, applications and operating systems patches, update antivirus signatures, and even educate users on best practices (in this If, for example, Bluetooth off, except when necessary, rejecting unknown software installation, and the blocking of SMS / MMS messages from untrusted parties.) At this time, simple preventive techniques are likely to be very effective because there are relatively few threats that really widespread in nature. In particular, education to increase awareness of users would be effective against social engineering, one of the main vectors of infection by malware to devices mobile to date.

6. BASED host defenses

Even with the best practices to prevent infection, reactive defenses are still needed to protect mobile devices from existing malware threats. reactive defenses can operate in hosts (devices mobile) within the network. Host-based defense makes sense because the protection is near the targets. However, host-based processes (eg, programs antivirus) consume processing resources and power that are most critical in mobile devices, desktop PCs. Moreover, the approach is difficult to scale large populations if the software must be installed, operated and maintained in all mobile devices. network-based defenses are more scalable in the sense that a router or firewall can protect a group of hosts. Another reason for network-based defenses is the possibility that the network might be able to block malware before actually reaches a target device, it is not possible with host-based defenses. host-based defense force after contact with the host. In practice, the defense host based and network-based are used in combination to perform their fringe benefits.

Host-based defense is the most obvious software antivirus (Ször, 2005). Antivirus is the automatic analysis of files, messages, communications and system activities. All commercial antivirus programs rely primarily malware signatures are sets of unique characteristics associated with each piece of malware known. The main advantage of signature-based detection is the accuracy identification of malware. If a signature match, then the malware is identified accurately and perhaps sufficient for disinfection.

Unfortunately, Signature-based detection has two drawbacks. First, firms should be regularly updated antivirus. Secondly, there is always the possibility that New malware could escape detection if not have a matching signature. For this case, the antivirus programs often include heuristic detection that detects anomaly unusual behavior or activities. Anomaly detection is usually not exactly identify the malware, just the suspicion of the presence of malware and the need for further investigation. For that reason, firms will remain the preferred method of virus for the foreseeable future.

Recognizing that most of the malware is focused on Symbian smartphone devices, a lot of attention has focused on the vulnerability of the operating system. One could argue that the system has a low level security applications. For example, Symbian allows any system application to re-enter without the consent of the user. Moreover, after installing an application has full control over all functions. In summary, the applications are fully trusted.

Figure 2: A taxonomy of malware defenses

Symbian OS version 9 added the feature of code signing. Today all software must be installed manually. The installation process warns the user if an application has not been signed. The digital signature makes the traceability software developer and verify that the application has not changed since he left the developer. Developers can request that their software signed via the Symbian Signed program (www.symbiansigned.com). Developers also have the option of self-signing their programs. Any signed application is installed on a Symbian OS, without warning security. An unsigned application can be installed with user consent, but the operating system will prevent the potentially harmful things to deny access the key features of the system and data storage applications.

7. DEFENSE BASED NETWORK

Based in defense network operators rely on monitoring network traffic analysis and filtering through their networks. Safety features include fire detection systems intrusion, routers with access control lists (ACL) and antivirus running on email servers and SMS / MMS service centers. Traffic analysis is usually accomplished by signature-based detection, similar in concept to signature-based antivirus, augmented with heuristics-based detection anomalies. Traffic filtering is done by configuring firewall and ACL policies. An example is t mobile sprayers Security announced September 2006. This is a set of managed security services for mobile devices from handhelds to laptops. The service includes protection against malware attacks. The service can scan the mobile devices and remove the malware detected automatically without requiring user intervention.

For example, the Trusted Computing Group (TCG) is an organization of more than 100 equipment manufacturers, software developers, networking companies and service providers was formed in 2003. A subgroup is working on a set of specifications for mobile security (TCG, 2006a). Its focus is to develop a module Trusted Mobile (MTM) specification of hardware to support features similar to those of the Trusted Platform Module (TPM) chip used in computers, but with additional features specifically for mobile devices. The TPM chip is tamper-proof integrated at the level of PCB, which acts as the "root of trust "for all system activities. The MTM specification integrate security into core operations smartphones instead of adding applications.

Another subgroup working on specifications for Trusted Network Connect (TCG, 2006b). All computers including mobile devices running the client software of transnational corporations, which collects information on the current state that the host of security such as antivirus signature updates, the level software patches, the results of the latest security analysis, firewall configuration, and any other active process of security. Security information State is sent to a TNC server to check against the policies set by network administrators. The server takes the decision to grant or deny access to the network. This ensures that hosts are properly configured and protected before connecting to the network. It is important to verify that no vulnerable hosts threats to network and do not pose a threat to other machines. Otherwise, it will effectively quarantined from the network until its security status is resolved. Remedies may include software patches, antivirus updates, or other change to the host in compliance with security policies.

8. FUTURE SCOPE

It is easy to see that mobile phones are increasingly attractive target for malicious software. The number of smartphones and their percentage of total mobile devices is growing rapidly. Smartphones continue to grow in functionality and complexity. Symbian has been the main target, a trend that will continue to the extent that it is the dominant smartphone platform. If there is another platform that will attract attention of malware that want to make the most impact. The review of the evolution of malware suggests a worrying trend. Since the first worm Cabir, only three years, malware has moved steadily to the vectors of infection, first Bluetooth and MMS. Recently malware has shown to be multiplatform move freely between mobile devices and PC.

Fortunately, mobile security has already developed the activities of the TCG and other sector organizations. Unlike the situation in the malware on PCs, the telecommunications industry has decades of experience to apply to wireless networks, and there is time to strengthen the defenses before the malware is multiplied in a global epidemic.

CONCLUSION

The malware is a threat low risk for current mobile devices, but the situation is unlikely to remain so for long. It is clear that the view that cell phones are beginning to attract the attention of malware, a trend that will only worsen. At this point, most defenses are practices common sense. The wireless industry realizes there is much at stake. Two billion mobile users now enjoy a malware-free experience, but experiences negative with the new malware could have a disastrous effect. Fortunately, a number of defenses based on host-based network have been developed from experience with PC malware. Activities are taking place in the industry to better protect mobile devices before the malware problem becomes catastrophic.

REFERENCES

  1. Dagon, D., Martin, T., and Starner, T. (2004). Mobile phones as computing devices: Viruses come 15.11! IEEE Pervasive Computing, 3 (4).
  1. Foley, S., and Dumigan, R. (2001). If the virus handheld a significant threat? Communications of the ACM, 44 (1), 105-107.
  1. Gostev, A. (2006): mobile malware. Evolution of an overview http://www.viruslist. Retrieved from. com / en / analysis? pubid = 200119916
  1. Hypponen, M. (2006). Malware Goes Mobile. Scientific American, 295 (5), 70-77.
  1. Leavitt, N. (2005). Mobile phones: The next frontier for hackers 20-23? Computing, 38 (4).
  1. Nazario, J. (2004). Defense and Detection Strategies against Internet worms:. Norwood, MA Artech House.
  1. Peikari, C., AND Fogie, S. (2003) at a maximum wireless.: Security. Indianapolis, Sams Publishing.
  1. Skoudis, E. (2004):. Malware Fighting Malicious Code. Upper Saddle River, New Jersey Prentice Hall.
  1. Ször, P. (2005) MA. The art of computer virus and research, defense. Reading, Addison-Wesley.
  2. Computing Group Trust (GCT). (2006a). Mo bile trusted module specification:. Retrieved from https: / / www.trustedcomputinggroup.org/specs/mobilephone/

About the Author

Bandu Madar

Assistant Professor

Alluri Institute Of Management Sciences

Warangal-India.

Md.Nayeemuddin

Asst.Professor

Department of Informatics

Alluri Institute of Management Sciences

Email: mohd.nayeemuddin@gmail.com


This entry was written by admin, posted on October 15, 2010 at 4:48 am, filed under Mobiles. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never shared. Required fields are marked *

*
*