Hackers strike mobile phones
Context: Computer viruses and worms can be sent over mobile wireless networks almost as easily as text and voice messages, and any device that receives voice or data digitally is vulnerable. Some programs drain devices’ batteries, disable buttons, or assail users with mobile spam; the more malicious ones steal information. David Dagon and his colleagues at the Georgia Institute of Technology and Virginia Polytechnic Institute and State University have created a taxonomy (a systematic classification) of mobile “malware” threats.
Methods and Results: By sorting malware according to how it works, the taxonomy shows not just what kinds of attacks have occurred but also what kinds are possible. Its categories include the vulnerabilities that malware exploits (say, certain layers in a routing network) and the types of problems it causes. All existing malware causes semantic errors, a type of error that orders the mobile system to misbehave. The taxonomy shows that new attacks might exploit another class of errors, syntax errors, that confuse the phone by issuing orders it can’t understand, causing the cell-phone equivalent of Microsoft’s Blue Screen of Death.
Why it Matters: While mobile antivirus strategies will draw from their desktop counterparts, mobile protection algorithms will need to be optimized for the lower CPU usage, higher power efficiency, and other idiosyncrasies of small devices. To prepare the best defense, engineers and end users need a map of the routes the enemy might take. That is what the taxonomy provides.
Source: Dagon, D., et al. 2004. Mobile phones as computing devices: the viruses are coming! IEEE Pervasive Computing 3:11–15.