Presented by:-

Amit Anand
Dinanath Bablu
Dilip Kr. Singh
Hare Krishna
Shivam Kumar
 Increasing use of cell phones to access internet and share executable
files.

 With the growing number of functionalities, the amount of personal data

at risk is high.

 If not handled properly, it may prove to be fatal to our privacy.

 Cause financial loss to user.
 Unknown calls made, sms sent.
 Losing confidentiality of data stored on the phone.
 Excessive Bluetooth Use.
 Continuous scanning, spreading via bluetooth
 Make Phone unusable.
 Devices crash frequently or work miserably slow.

 Infect system files. Hence, some applications do not work.

 Data loss.
 Delete address book entries.
 Miscellaneous.
 Replace icons.

 Install malicious application on device.(trojan)

Trojan -Designed to appear innocent, causes malicious
activity or provides a backdoor. Cannot replicate itself
or spread on its own.

Virus - When run, has the ability to self-replicate by

infecting other executables. Does not have the
ability to spread to another system on its own.

Worm - Ability to spread to other systems on its

own using either sms,mms,blutooth by using contacts
or by mailing to addresses in e-mail address book.
 Although similar OSes are being used, differences exist:
 Large numbers of mobile users are less “tech literate”.
 Implies that it is difficult to “rollout security patches” to phones
already sold .
 Mobiles are always “connected” and switched on.
 “Environment” keeps changing as the user keep changing its
mode of using cell phones.
Increase in number of mobile virus variants in 2006
Mobile Virus Families
 Skuller demonstarted two unpleasant things
about Symbian architecture.

- System files can be overwritten

- Symbian lacks stability when presented with

corrupted or non-standard system files.

 There are no check designed to compensate these

vulnerabilities.
 These vulnerabilities was quickly exploited and the
second Trojan appeared the Locknut.
 Locknut was spread as a “critical patch”.
 The idea behind Locknut was that Symbian OS did
not check file integrity.
 Locknut disables a phone using a malformed file to
crash internal Symbian process.
It causes the phone to lock down so that no
applications can be used.
 The .app extension makes the OS believe that the file
is executable.
 The .app file contains simply just text rather than structured code.

 The system will freeze when trying to launch any application.

 Rebooting would not help as Locknut is started automatically making

it impossible to even turn on the phone.

 First malware on Symbian to prevent making even a call.

 The second worm found for mobile
devices was the Comwar.
 The worm spread via Bluetooth and
MMS.
 The executable worm file is packed into
a Symbian archive (*.SIS).
 Once launched the worm will search for
accessible Bluetooth devices and send
the infected .SIS archive under a
random name to these devices.
 The worm also sends itself via MMS to all contacts in the address
book. The subject and text of the messages varies.

 Some example subjects found:

- Norton AntiVirus Released now for mobile, install it!
- 3DGame 3DGame from me. It is FREE !
- Desktop manager Official Symbian desctop manager.
- Happy Birthday! Happy Birthday! It is present for you!
- Internet Accelerator Internet accelerator, SSL security update #7.
- Security update #12 Significant security update. See www.symbian.com
- Symbian security update See security news at www.symbian.com
- SymbianOS update OS service pack #1 from Symbian inc.
 Duts is the first virus for devices running under
Windows CE .NET.

 It is also the first file infector for smartphones.

 Duts is also made by the group 29A, which made the

first Symbian virus.
 The virus itself is an ARM processor program and is 1520
bytes in size.
 When the program is run, it raises a dialog box “Dear user, Am
I allowed to spread?”
 If confirmation is given, the virus will infect executable files
which correspond to the following criteria: ARM processor,
more than 4KB in size, located in the device's root directory.
 The virus writes itself to the last section of these files and establishes an entry
point at the beginning of the file.

 The Duts virus exploited a clever workaround of the operating system

architecture in order to gain access to the core dll module.
 Brador is a backdoor (a utility allowing for remote
administration of the infected machine).

 Designed for PocketPC based on Windows CE and newer

version of Windows Mobile.

 It is written in ASM for ARM-processors and is 5632 bytes in

size.

 After Brador is launched it creates an svchost.exe file in

the /Windows/StartUp/ folder, thus gaining full control over the
handheld every time it is restarted.
 Brador identifies the IP address of the infected device and sends it
to the remote malicious user to inform him that the handheld is
connected to the Internet and that the backdoor is active. Brador
then opens port 2989 and awaits further orders.
 The backdoor responds to the following commands:
d - lists the directory contents
f - closes the session
g - uploads a file
m - displays MessageBox
p - downloads a file
r - executes the specified command
 Windows CE is extremely vulnerable from the point of view of
system security. There are no restrictions on executable
applications and their processes. Once launched, a program
can gain full access to any operating system function such as
receiving and transmitting files, phone and multimedia
functions etc.

 Creating applications for Windows CE is extremely easy, as

the system is totally open to programming, making it possible
to use not only machine languages (e.g. ASM for ARM) but
also powerful development technologies such as .NET.
 Within two weeks after iPhone was released I.S.E.
(Independent Security Evaluators) found a way to
take full control of the device.
 Apple's Safari web browser exposes the
vulnerability.
 The exploit can be delivered via a malicious web
page opened in the Safari browser on the iPhone.
 When the iPhone's version of Safari opens the
malicious web page, arbitrary code embedded in the
exploit is run with administrative privileges.
 After the Exploit is run the attacker has full control
of the device.
1) Location Tracking.

2) Espionage bug.

3) Loss of security.

4) DDOS attack.
There is a need to redesign the technology. The protection
mechanisms can be broadly classified on the basis of the
requirements of the protection systems.

1)System Level Security : System level

security aims to make the system more secure by restricting the
execution of unauthorised applications.

2) Network Level Security : Proactive Approach Network level

security aims to provide a basis of filtering out malware
transitioning over the network beween various devices.
1)Non-discoverable bluetooth

2) Install antivirus.

3) Firmware Updates.
Image courtesy FSecure Corp.
4) Dont’t use untrusted sites & softwares.

5) Infection Scanners at public locations.

• Since the infrastructure is centrally managed and
owned, defenses can be inserted at critical points to
affect the spread
• However, the fact that the end nodes (phones) can
be hard to disinfect introduces challenges
• A few defensive scenarios:
– Blacklisting  Removing the infected reduces congestion!
– Rate limiting  Removing the infected reduces congestion!
 Can be effective for MMS. But difficult, for VoIP
– Filtering
Practice
safe
mobile
computing