Professional Documents
Culture Documents
Tech Seminar
Tech Seminar
INTRODUCTION
1.1 ABSTRACT
At first glance, mobile phones might seem to have all the technology needed for a major virus outbreak now. They have modern CPUs, built-in Bluetooth wireless technology, and data transfer across multiple networks. Many even ship with Java. By some estimates, up to half of these new "smartphones" leave the factory with some version of the Symbian OS, which is gaining in popularity because of endorsements by leaders Nokia, Eriksson, and others. With the worldwide market for mobile phones still growing at a phenomenal 32 per cent in 2004, and with an estimated 1.5 billion people (or 1/4 of the world's population) already owning a mobile phone, virus epidemics that target mobile phones will one day become a reality. The first proof-of-concept mobile phone virus appeared in June 2004 for the Symbian OS, but as proof of concepts tend to be, it proved relatively harmless. Subsequent versions have significantly improved capabilities, but they're still very low risk. Mostly all use Bluetooth to propagate. Bluetooth is a great technology for connecting small devices that are close to one another, but therein is also its disadvantage: with a few exceptions, the technology has a very limited range. With Macs and PCs, Bluetooth lets you connect your mobile phone, PDA, and laptop to your printer. It lets you sync your calendar and address book, and of course, allows for the transfer of arbitrary data. Getting infected with a virus via Bluetooth is interesting because it's akin to a human virus, which requires proximity to spread - but it also severely limits how far the virus can go. As newer variants get smarter, however, they'll start to use the phone's GPRS-style data capabilities to spread. After all, they have immediate access to the address book inside your mobile phone. Why should one care about mobile phone viruses? There is clearly a profit motive, and that's all that is needed to kick-start another dubious industry. From a virus that will dial 1-900 numbers all day long, to the one that automatically buys a hundred ringtones that get added to your phone bill, there is money to be made by the next wave of miscreants. In Asia, telcos have already begun testing e-commerce transactions that are available through your
-1-
phone. Where there's e-commerce, you can bet there will be viruses and security threats. We begin with examining what Mobile Worms and Viruses are, and the differences between these and their PC counterparts. This report refers to such malicious software for mobile devices as Mobile Malware. The mode of spreading of mobile malware and their effects has been enumerated. The risks and threats from these are then examined, and various methods that have been used to prevent and protect against their attacks are listed. Case studies of three widespread and important mobile malware, Cabir, ComWar and CardTrap are presented. We also examine the extent of harm that could be caused by mobile malware in combination with other newer technology. Though such viruses do not yet exist, it can be seen that it is only a matter of time before they can wreak havoc.
shown that at least 10 Trojans are released every week. Even though it took computer viruses twenty years to evolve, their mobile device counterparts have evolved in just a span of two years. To understand the threat that is involved, we first present the comparison of the environment for PC-based and mobile device malware. Comparison between mobile malware and PC malware The following points illustrate the differences and similarities between mobile malware and PC malware. Vulnerabilities in PCs that have been exploited are related to vulnerabilities in the operating system or application software. Patches for such vulnerabilities are released periodically by the software vendors. The users (or administrators) of the PCs are then responsible for ensuring that these patches are applied to their systems as and when released. Though vulnerabilities for mobile devices have been found and documented it is very difficult to roll-out patches to the software or firmware on the mobile devices that have already been sold. Considering that the users of mobile devices include a vast majority of people that are not security conscious, it is difficult to expect users to apply patches to their devices as and when the patches are released. This problem is compounded because there is no easy way to upgrade the firmware or software of a mobile device just by using the mobile device. Connectivity with a PC is usually the only way to upgrade the firmware or software. Mobile devices such as phones are almost always switched on and stay connected to the network. Unlike a PC whose neighboring network nodes remain relatively fixed, the neighbors of a mobile device keep changing with every change of location of the user carrying the mobile device. As a result, for example, a single user with an infected phone entering a stadium can potentially infect the phones of all the people within the stadium if these phones have the same vulnerability. Mobile phone users are less security conscious than the average Internet user. Unlike PCs, several variants of mobile devices exist. This makes it difficult for the mobile malware to infect or spread to dissimilar devices. For example, a mobile -3On the positive side:
worm spreading through MMS can do little if the phone it has infected does not have MMS functionality. Mobile malware have not yet caused critical harm or damage. At most o they increase the users billing, or o cause the mobile phone to stop working (can be restored by a factory reset) However, as a result, there is not enough motivation, either for device manufacturers or for the users, for taking preventive action against mobile malware. A cell-phone virus is basically the same thing as a computer virus an unwanted executable file that "infects" a device and then copies itself to other devices. But whereas a computer virus or worm spreads through e-mail attachments and Internet downloads, a cellphone virus or worm spreads via Internet downloads, MMS (multimedia messaging service) attachments and Bluetooth transfers. The most common type of cell-phone infection right now occurs when a cell phone downloads an infected file from a PC or the Internet, but phone-to-phone viruses are on the rise. Current phone-to-phone viruses almost exclusively infect phones running the Symbian operating system. The large number of proprietary operating systems in the cellphone world is one of the obstacles to mass infection. Cell-phone-virus writers have no Windows-level market share to target, so any virus will only affect a small percentage of phones.
Figure 1.1: Cell-phone viruses currently target Symbian Series 60 phones with Bluetooth and MMS capabilities, like this Nokia 6620. Infected files usually show up disguised as applications like games, security patches, add-on functionalities and, of course, pornography and free stuff. Infected text messages
-4-
sometimes steal the subject line from a message you've received from a friend, which of course increases the likelihood of your opening it -- but opening the message isn't enough to get infected. You have to choose to open the message attachment and agree to install the program, which is another obstacle to mass infection: To date, no reported phone-to-phone virus auto-installs. The installation obstacles and the methods of spreading limit the amount of damage the current generation of cell-phone virus can do. The first known cell-phone virus appeared in 2004 and didn't get very far. Cabir.A infected only a small number of Bluetooth-enabled phones and carried out no malicious action -- a group of malware developers created Cabir to prove it could be done. Their next step was to send it to anti-virus researchers, who began the process of developing a solution to a problem that promises to get a lot worse. Cell-phone viruses are at the threshold of their effectiveness. At present, they can't spread very far and they don't do much damage, but the future might see cell-phone bugs that are as debilitating as computer viruses.
-5-
Locknut
March 2005
phonebook Spreads via Internet Download Attacks Symbian Series 60 phones Crashes system ROM; disables all phone functions; inserts other (inactive) malware into phone Disables some system applications and it cannot be uninstalled without being disinfected first. Disables cell phones antivirus programs Spreads via Internet Download Attacks Symbian Series 60 phones Locks up phone in start-up mode; disables phone entirely Attacks Symbian Series 60 phones Spreads through Bluetooth and MMS
Mabir
April 2005
CHAPTER 2
-6-
2.1 TECHNOLOGY:
2.1.1 ATTACK VECTORS FOR MOBILE MALWARE
Current known mobile malware use the following attack vectors: Bluetooth: Many mobile devices have the capability to communicate with other devices in a short range using the Bluetooth technology. However, several flaws exist in both the protocol as well as its implementation. Some mobile malware exploit these to spread. Others disguise themselves as legitimate applications (Trojans) and try to spread to other devices that are within its Bluetooth communication range. These latter types of malware prompt the user to install the application and when the user does install them, these malware cause harm to the mobile. The first known mobile malware, Cabir spread through Bluetooth. Malware that spread through Bluetooth can only communicate within the range of communication of Bluetooth devices (typically a few meters). However, such malware can Still rapidly spread across many devices if there is dense collection of Bluetooth-enabled devices. Such an attack has been reported previously at the World Athletics championship in Helsinki in 2005. A large number of people that were in the stadium had their devices infected with Cabir very rapidly. SMS2, MMS3, WiFi: Some mobile malware spread themselves through SMS, MMS or WiFi technology. Most of these send SMS or MMS to other phones and attach themselves to the message that they send. ComWar, for example, spreads through MMS. There also exists a buffer overflow vulnerability in the SMIL (Synchronized Multimedia Integration Language) parser on mobile devices based on the Microsoft Windows Mobile 2003 operating system. This parser is used for parsing incoming MMS messages. As demonstrated by this can be exploited to launch a buffer overflow attack on the recipient of such an MMS message. The user only needs to view the message to trigger the exploit; there is no need to explicitly launch an application. Malware that spread through SMS or MMS can spread across larger areas simply because the only restriction to spreading across the continents is the amount of balance left in the users mobile phone account. Some worms that spread exploiting vulnerabilities in WiFi could also infect mobile devices that are WiFi capable. Vulnerabilities in the operating system: Vulnerabilities exist in the operating systems used by mobile devices. SymbianOS, included as the operating system in most Nokia mobile phones, has several vulnerabilities [2], [3]. For example, one vulnerability -7-
found in the Symbian Series 6.x devices (Nokia 3650 and Siemens SX-1) is to create a file called INFO.wmlc in the root folder with 67 spaces between the INFO and the .. This causes the mobile to work slowly or even crash. Microsoft Windows Mobile 2003 is the other popular operating system used on mobile devices. This latter operating system also suffers from vulnerabilities. For example, the Duts virus exploits a zero-day vulnerability in the file handling API of the operating system. At this point, it is worth mentioning that there are also several phones (some by Motorola and Samsung) that use Linux or its variant as the operating system.
-8-
of your friends, family members and business associates. On the worst-case-scenario end, it might delete or lock up certain phone applications or crash your phone completely so its useless.
2.2 CLASSIFICATION
As with any entity with multiple types, taxonomy based classification is necessary to properly identify the various individuals to respective classes. According to the following was seen to be the best mode of classifying mobile malware. The classification system is structured on the following three characteristics: Behavior: Mobile malware can be classified depending upon the way the malware behaves. For example, whether it propagates like a virus or a worm, or whether it opens backdoors for attackers, like a trojan. Environment: Another characteristic in the classification is the type of operating system that the mobile malware has been designed to infect and spread to. This also includes vulnerable applications that the malware might exploit. The family name and variant: Some malware are variants of existing ones. This classification characteristic identifies if the mobile malware is a completely new entity or has been built based on some other previously existing one.
Figures 2.3 and 2.4 shows the increase in known mobile malware. Figure 2.3 shows variants of mobile viruses in each month from June 2004 (first mobile virus found in June 2004) till June 2006 along with cumulative index. Figure 2.4 shows the increase in the known mobile malware families. There are 31 families of virus and 170 variants exist today. This also shows the curve is rapidly increasing and hence in future we may expect much more harmful viruses.
- 10 -
- 11 -
2.4 EXAMPLES
In this section, we look at examples of some important and widespread mobile malware.
2.4.1 CABIR
Cabir is the first network worm capable of spreading through Bluetooth and was first detected in June 2004. It was a Proof-of-Concept code developed by the group 29A. The intention was to demonstrate how to exploit Bluetooth to spread worms. This worm infects mobile phones which run the Symbian OS. Any handset running the Symbian OS is potentially vulnerable to infection. Examples of such phones include the Nokia 3650, 7650 and N-Gage phones. The worm itself is an SIS format file, called caribe.sis. Each time the infected phone is switched on, the worm scans the list of active Bluetooth connections. The worm selects the first active connection detected and attempts to send its main file, caribe.sis, to this device. If receipt of the infected file is confirmed, the users will be asked if they wish
- 12 -
to launch the file. This worm does not cause any real harm since the intention was to only demonstrate how Bluetooth could be used for spreading. However, since the worm keeps scanning for active Bluetooth devices, it drains the battery of the phone rapidly. Since Cabir is well documented and code is available freely, other malicious users used it for developing malicious code to cause real damage. Cabir has 15 different variants.
Figure 2.5: Cabir Virus infecting the Mobile Device through Bluetooth
2.4.2 COMWAR
Comwar is the second landmark in mobile malware. This is the first worm for mobiles phones which is able to propagate via MMS and could potentially go global in just minutes. It also spreads over Bluetooth. It infects telephones running under OS Symbian Series 60. The executable worm file is packed into a Symbian archive (*.SIS). The archive is approximately 27 - 30KB in size. The name of the file varies: when propagating via Bluetooth, the worm creates a random file name, which is 8 characters long, e.g. bg82o s1.sis Once launched, the worm searches for accessible Bluetooth devices and sends the infected .SIS archive under a random name to these devices. When the recipient user confirms that the file is to be accepted, it will infect the phone. The worm also sends itself via MMS to all contacts in the address book. The subject and text of the messages varies. Since it sends MMS to all the contacts in address book it is not as a proof of concept and the intention is to
- 13 -
cause financial harm by charging the mobile user. Scanning active Bluetooth devices also drains the battery.
2.4.3 CARDTRAP
Cardtrap is the first mobile virus found which is capable of infectingWindows PCs. The most significant characteristics of Cardtrap are that it also installs three Windows worms (Win32.Rays, Win32.Padobot.Z and Win32.Cydog.B) onto the devices memory card. Once the card is inserted into the PC, Padobot.Z will attempt to start automatically on machines runningWindows OS via the autorun.ini file. A recent virus called Crossover (2006) spreads from Windows desktop PCs to mobile devices running on Windows Mobile Pocket PC. Once it is installed on a Windows PC, the virus makes a copy of itself and adds a registry entry pointing to the new file so that the payload is activated each time the machine is rebooted. It then waits for an application for synchronizing Pocket PC devices with the infected Windows desktop PC. When a connection is detected, it copies itself over to the Pocket PC device, deletes all files in the My Documents directory, copies itself to the system directory and places a link to itself in the startup directory.
2.4.4 SKULLS
Skulls is a Trojan horse and thus masquerades as a useful application to convince users to install it. Its authors wrote Skulls to appear to be an application that lets users preview, select, and remove design themes for their phone screens. Hackers deliberately-and file sharers inadvertently-uploaded. Skulls to several shareware sites, from which unsuspecting users have downloaded the application. Skulls targets the Nokia 7610 phone, although some other Symbian Series 60 phones can also install it. According to SophosLabs' Svajcer, Skulls makes the original Symbian binaries for everyday functions-such as file management, Bluetooth control, messaging, Web browsing, and application installation and removal-useless by replacing them with nonfunctional binaries. The phones can then only make and receive calls. Because Skulls disables Symbian applications, only phones with third-party file managers can remove the Trojan. Those using Symbian's file manager must perform a hard reset, thereby erasing
- 14 -
all stored data. Skulls also replaces each application icon with a skull and crossbones. Each of several Skulls variants and hybrids has a slightly different effect. For example, Skulls.D-posted to several Web discussion forums and warez sitespretends to be a Macromedia Flash player for Symbian Series 60 devices. The variant replaces system binaries related to application uninstall and Bluetooth control with nonfunctional binaries, installs the Cabir.M worm, and disables antivirus programs and thirdparty file managers
CHAPTER 3
ARCHITECTURE DESIGN
In this chapter we are going to discuss the Protection and Prevention Mechanisms and the algorithm of virus throttling that result in the decline of the virus in the mobile devices.
- 15 -
Keeping the device in non-discoverable Bluetooth mode: Since leaving a Bluetooth-enabled mobile device in discoverable mode makes it vulnerable to attacks by mobile malware and hackers that exploit the documented vulnerabilities in Bluetooth, it is best to turn off the Bluetooth discovery mode on the mobile device.
Installing an anti-virus / IDS on the mobile device: Vendors such as Trend Micro sell anti-virus software and Intrusion Detection Systems (IDS) for mobile devices. Installing these can protect the mobile devices from known malware. Some vendors also sell firewalls for mobile devices. However, it is not clear whether common users would go to the extent of installing such additional software on their devices.
Installing firmware updates when they are made available: Mobile device manufacturers release updates to the firmware of the devices. These may contain patches to the vulnera bilities that are exploited by mobile malware. Upgrading to new firmware may reduce the threat of being infected by mobile malware.
Exercising caution when installing applications from untrusted sources: As in the case of PC viruses, it is best not to install applications or to download other software from untrusted sources.
Filtering out malware at service provider: MMS messages that carry malicious payload can be detected at the service provider based on their signatures and thus can be filtered out at the service provider itself. The futuristic threats provided at the end can be equated to the metaphorical tip of the
iceberg. The possibilities of attacking mobile devices can only be limited by what the technology permits and hence very strong measure need to be taken for protection against such attacks. The protection mechanisms can be broadly classified on the basis of the requirements of the protection systems. They are System Level Security - MOSES Architecture System level security aims to make the system more secure by restricting the execution of unauthorized applications. Network Level Security - Proactive Approach Network level security aims to provide a basis of filtering out malware transitioning over the network between various devices.
- 16 -
- 17 -
Performance The MOSES platform has shown to speed up the execution of security protocols such as SSL, IPSec, and WTLS etc. For small data transactions, the MOSES platform contributes to an overall transaction speedup of around 2.18X. In the case of large transactions, MOSES achieves and overall transaction speed-up of 3.05X.
The basic idea for doing so is as follows: 3.2.2.1 Behavior Vectors A behavior vector can be defined as a collection of features which represent any client on the network. For our representation, the behavior vector is two dimensional. One parameter represents the physical information of the client device. The other represents the temporal information such as network traffic and connectivity. Both of these can be extracted from the message headers and the message logs.
- 18 -
The physical information of a client consists of data such as the operating system running on the client, its version, the various applications running, the version of the firmware, etc. Since most mobile malware propagate and infect by exploiting certain known vulnerabilities in the system, having prior knowledge of the physical information of a client lets us classify the client as vulnerable or not to the infection. The second feature of the behavior vector can be calculated by the messages exchanged by the different clients and hence is a temporal feature. This consists of information such as the number of messages exchanged, the clients involved in the transaction, and the interarrival rate of the messages. This component of the behavior vector puts a limit on the number of clients that a mobile malware infection can propagate to. Thus every client in its immediate neighborhood is at the maximum risk, those farther away, a little lesser. 3.2.2.2 Behavior Clustering Once the behavior vectors are generated for all the clients based on the respective header information and the message logs, the next step is to identify the various set of clients that belong to the same cluster. The idea behind clustering is to have a limit on the number of filters to setup within the network to monitor the traffic. Once a cluster is identified, then a single monitor can be setup for the entire cluster. This is because any infection originating within the cluster will stay confined to it and not pass outside. There are a number of techniques that exist for clustering. A hierarchical graph partitioning has been used to solve this problem, although any other approach can be used. Once the clustering algorithm is executed on the behavior vector data, distinct clusters are identified. Since the number of clusters is not fed to the clustering algorithm as it is not a requirement, the algorithm is highly flexible in the number of clusters it can identify in the given graph data. An important deployment issue is how often the service-behavior graph should be updated. This is due to the highly volatile temporal data component. The solution depends on the spreading speed of the malicious code and the amount of traffic flowing in the network. We can also apply the triggered updates concept implemented in many intrusion detection systems.
- 19 -
Using triggered updates, the service behavior graph is updated whenever: 1. New vertices or edges are added (or subtracted) to (or from) the last computed graph. 2. The parameters of the behavior vectors change by a certain threshold over the previous values.
- 20 -
Figure 3.1: Virus Throttling Algorithm The intermediate step of rate limiting due to the virus throttling algorithm decreases the false positive rate to a near negligible value. The virus throttling algorithm works as follows: A working set of size n is maintained for every client. This holds the clients that have been recently sent a message to. Whenever the client wants to send a new message, the recipient is matched against this working set. If the recipient exists, the message is sent immediately. If the recipient does not exist, then this message is put on a delay queue. At periodic intervals, the top entry is removed from the delay queue. This entry replaces the oldest entry from the working set using the least recently used algorithm. Once that is done, all messages queued up for that recipient are delivered immediately. Also if the queue length exceeds a particular threshold value, then all further messages can be blocked. 3.2.3.2 Quarantine The aim of the virus throttling algorithm is to identify the false positives in the classifications performed by the monitors installed in the clusters. Hence we set up a time and message threshold on the output of the virus throttling algorithm. If after a certain period also the message rate from the sender does not reduce, we can be certain that the client has been infected by a worm, and hence we can quarantine that client from the network. All messages from that client will thus be blocked. With the increasing number of attack vectors being developed and the vulnerabilities being exposed, the need for advanced protective measures is very much on the rise. As a result, the protective measures proposed above have a very strong futuristic value. The main aspect of both of these proposed schemes is to be proactive in approach and not reactive. Since the spread time of mobile malware has dropped down exponentially, the malware can reach critical mass before any proper reactive techniques can be designed to successfully combat it. Hence the proactive measures are the only ray of hope as they can curb the malware from propagation before it is even detected. The MOSES system designed has a very strong architectural base. Separating the crypto engines from the actual mobile processing provides a fence within which all the
- 21 -
secure data is held. As a result, even if the processor security was compromised, the attacker cannot decipher the secure data held within it. MOSES also uses secure connections for all communications and hence evesdropping these by bug applications installed on the phone is not possible. I found that the work done on proactive security in mobile networks is highly needed in view of the current and forthcoming network threats. The ideas of behavior vectors and behavioral clustering proposed by the group have a solid ground in data mining activities. As a result, it is not possible for the worm to propagate at a high rate without being detected and effectively quarantined. One disadvantage I found with this approach is that the Mobile service provider needs to carefully monitor and update all the parameters involved with this approach. This requires significant effort and also changes to the current underlying technology. Hence most of the mobile service providers are hesitant and unwilling in adopting this protection measure. But in due course of time, with faster network speed and higher network load, the mobile service provider will face threats from the infected mobile devices. We have shown one such example in the section Futuristic Threats. In such a scenario, the service provider will have to implement protective measures to protect the network from such attacks.
CHAPTER 4
IMPLEMENTATION
4.1 RISK SCENARIO
An MMS virus scenario in a 5 million subscriber Network 09:47 An unknown virus starts spreading 14:58 Already 5,000 subscribers are infected and are unable to make calls. 15:10 The customer service call centre can not accept anymore costs because its overloaded. 15:42 20,000 subscribers cant make calls anymore. 19:53 Engineers find the reason for the disruption is due to some strange traffic. 20:00 80,000 subscribers cant make calls anymore.
- 22 -
21:04 Engineers find the pattern of a virus. 21:36 90,000 subscribers are infected. The GPRS/WDCMA network is so congested that infections slow down anyway. 21:40 The engineers decide to shutdown some of the network equipment. 21:41 The infection stops. Subscribers come with their phones to service centers. Some of the phones can be cleaned, some not. Many subscribers have been charged for virus traffic. Many unhappy subscribers move to another operator.
- 23 -
CHAPTER 5
CONCLUSION
5.1 CONCLUSION:
However, the reality is that the real threat from viruses just doesn't exist today. Mobile phones shouldnt experience any major security issues for several years, for the same reasons that we don't see major virus threats in the computer world for any platform other than Windows: there needs to be a critical mass of a given population for the threat to be real. Today there are too many different competing phone technologies, operating systems and architectures for there to be any clear winner. If the same were true in the computer security world, there would be far fewer viruses than there are today.
- 24 -
Mobile devices are becoming smarter and more powerful. Such devices, once in widespread use, will herald the growth of using mobile devices for performing sensitive tasks such as storing sensitive data and performing eBanking transactions. Recent reports show that there exist sufficient vulnerabilities in these devices that could be exploited to cause harm to the device, to reveal sensitive information or to use the mobile device in a malicious way. It is, therefore, easy to visualize that in the near future, the threat posed by mobile worms and viruses can cause considerable harm to the users of such devices. Cellphones have been with us for a long time, but in a way the wireless industry feels like the computer industry was back in the 1980s: many proprietary systems that do interact, to some extent, without any one clear technological winner. With at least 30 mobile virus variants today for the Symbian OS alone, many people will be surprised at how easy it will be to carry around malcode clipped to our belt in the years to come. The best reason why mobile viruses won't become an issue for some time is the wide array of different phone models, network technologies and embedded operating systems. In short, we have still have choice.
- 25 -
Depending upon our study of the current technologies prevalent in the mobile domain, the vulnerabilities present in them and the different possibilities of attack, we could briefly categorize the futuristic threats in the following categories.
5.2.2 BUGGING
A bug is a tiny transmitter, that can covertly transmit the video and audio data to any receiver nearby that is tuned to receive it. A mobile bug is an application that can take the microphone audio data and the camera video data and stream it over a bluetooth connection. If an attacker designs a mobile trojan and covertly installs it on a mobile device, then all the incoming and outgoing voice calls can be tracked by that attacker. The trojan can also be programmed to record this data and send it over a GPRS connection. This will result in a serious invasion of privacy as well as a security risk. Leakage of video data can result in private information being made public. Also as a result of the video data sent over the GPRS the user can be tracked anywhere, including sensitive locations.
numbers, transactions etc. Also mobile phones need authorization information which is stored in the form of public and private keys. Since the data is easily accessible to any application, all of such sensitive and highly confidential information can be easily leaked out by a trojan installed on the system.
APPENDIX
GGSN GPRS IMSI MMS MSISDN MOSES IDS WAP - Gateway GPRS Support Node -General Packet Radio Service -International Mobile Subscriber Identity -Multimedia Message Service -Mobile Station ISDN Number - MObile SEcurity processing System -Intrusion Detection Systems -Wireless Acess Protocol
- 27 -
SMIL PDA
BIBLIOGRAPHY
[1] A. Bose,K. G. Shin.ProactiveSecurityforMobileMessagingNetworks, WiSe06, September29,2006. [2] A. Gostev, Kaspersky Labs. (October 2006). Mobile Malware Evolution: An Overview, Part1. [Online]. Available: http://www.viruslist.com/en/analysis?pubid=200119916 [3] A. Gostev, Kaspersky Labs. (October 2006). Mobile Malware Evolution: An Overview, Part2. [Online]. Available: http://www.viruslist.com/en/analysis?pubid=201225789
- 28 -
[4] A. Gostev, Kaspersky Labs. (October 2006). Kaspersky Security Bulletin, January - June 2006: Malicious programs for mobile devices. [Online]. Available: http://www.viruslist.com/en/analysis?pubid=198981193 [5] C. Mulliner. Advanced Attacks Against PocketPC Phones, Defcon 14, August 2006. [6] S. Ravi. (October 2006) Embedded System Security. [Online]. Available: http://www.princeton.edu/~sravi/security.htm [7] MobileActive.org (November 2006) Security Guide for Mobile Activists: Checklist and Tips.[Online].Available:http://mobileactive.org/wiki/index.php? title=Security_Guide_for_Mobile_Activists:_Checklist_and_Tips [8] Trend Micro. (October 2006) Trend Micro Mobile Security. [Online]. Available: http://www.trendmicro.com/en/products/mobile/tmms/evaluate/overview.htm [9] CVE-2003-0368. (October 2006) Common Vulnerabilities and Exposure. [Online] Available:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0368
- 29 -