Francillon questions the proposed detection system’s reliance on timing. For example, environmental factors such as network congestion could introduce legitimate delays to a device’s response to a challenge, he says. Francillon also suspects that it might be possible to attack the code that is responsible for detecting the malware. As with any new security technology, more analysis is needed to fully evaluate it, he says.
For now the threat remains academic, says Mikko Hyppönen, chief research officer for F-Secure Corporation, a security company based in Helsinki, Finland. There are only a few hundred known pieces of mobile malware, compared to millions for PCs. So far, he says, mobile malware has been rudimentary, and has not employed the sophisticated evasion schemes commonly used on desktop computers.
Hyppönen says that for now, it’s more important to protect stolen devices than it is to protect against mobile malware. However, he believes that mobile malware will become more sophisticated in the future. At that point, he says, we’ll need clever detection schemes such as Jakobsson’s.
Jakobsson plans to market his detection scheme to handset manufacturers through FatSkunk. He hopes to convince them to include his code with their software. If another company, such as a maker of antivirus software or a bank, wanted to make use of the system’s protection, they would pay a licensing fee to the handset manufacturer and to FatSkunk.