Presented by:-

Amit Anand
Dinanath Bablu
Dilip Kr. Singh
Hare Krishna
Shivam Kumar
Increasing use of cell phones to access
internet and share executable files.

With the growing number of functionalities,

the amount of personal data at risk is high.

If not handled properly, it may prove to be

fatal to our privacy.
 Cause financial loss to user.
 Unknown calls made, sms sent.
 Losing confidentiality of data stored on the
phone.
 Excessive Bluetooth Use.
 Continuous scanning, spreading via
bluetooth
 Make Phone unusable.
 Devices crash frequently or work miserably
slow.
 Infect system files. Hence, some
applications do not work.
 Data loss.
 Delete address book entries.
Trojan -Designed to appear innocent,
causes malicious
activity or provides a backdoor.
Cannot replicate itself
or spread on its own.

Virus - When run, has the ability to

self-replicate by
infecting other executables. Does not
have the
ability to spread to another system on
its own.

Worm - Ability to spread to other

systems on its

Although similar OSes are being used,
differences exist:
− Large numbers of mobile users are less
“tech literate”.
− Implies that it is difficult to “rollout
security patches” to phones already sold .
− Mobiles are always “connected” and
switched on.
− “Environment” keeps changing as the
user keep changing its mode of using cell
phones.
Increase in number of mobile virus variants in 2006
Mobile Virus Families
Skuller demonstarted two unpleasant
things about Symbian architecture.

- System files can be overwritten

- Symbian lacks stability when

presented with corrupted or non-
standard system files.

There are no check designed to

compensate these vulnerabilities.
These vulnerabilities was quickly
exploited and the second Trojan
appeared the Locknut.
Locknut was spread as a “critical
patch”.
The idea behind Locknut was that
Symbian OS did not check file integrity.
Locknut disables a phone using a
malformed file to crash internal
Symbian process.
It causes the phone to lock down so
that no applications can be used.
The .app extension makes the OS
The .app file contains simply just text
rather than structured code.

The system will freeze when trying to

launch any application.

Rebooting would not help as Locknut is

started automatically making it impossible
to even turn on the phone.

First malware on Symbian to prevent

The second worm found
for mobile devices was
the Comwar.
The worm spread via
Bluetooth and MMS.
The executable worm file
is packed into a Symbian
archive (*.SIS).
Once launched the worm
will search for accessible
Bluetooth devices and
send the infected .SIS
archive under a random
The worm also sends itself via MMS to all
contacts in the address book. The subject
and text of the messages varies.

Some example subjects found:

- Norton AntiVirus Released now for mobile, install it!
- 3DGame 3DGame from me. It is FREE !
- Desktop manager Official Symbian desctop manager.
- Happy Birthday! Happy Birthday! It is present for you!
- Internet Accelerator Internet accelerator, SSL security update
#7.
- Security update #12 Significant security update. See
www.symbian.com
- Symbian security update See security news at
www.symbian.com
Duts is the first virus for devices
running under Windows CE .NET.

It is also the first file infector for

smartphones.

Duts is also made by the group

29A, which made the first
The virus itself is an ARM processor
program and is 1520 bytes in size.
When the program is run, it raises a
dialog box “Dear user, Am I allowed to
spread?”
If confirmation is given, the virus will
infect executable files which
correspond to the following criteria:
ARM processor, more than 4KB in size,
located in the device's root directory.
The virus writes itself to the last
section of these files and establishes an
entry point at the beginning of the file.

The Duts virus exploited a clever

workaround of the operating system
architecture in order to gain access to
the core dll module.
Brador is a backdoor (a utility allowing
for remote administration of the
infected machine).

Designed for PocketPC based on

Windows CE and newer version of
Windows Mobile.

It is written in ASM for ARM-processors

and is 5632 bytes in size.

After Brador is launched it creates an

svchost.exe file in the
/Windows/StartUp/ folder, thus gaining
Brador identifies the IP address of the
infected device and sends it to the remote
malicious user to inform him that the
handheld is connected to the Internet and
that the backdoor is active. Brador then
opens port 2989 and awaits further orders.
The backdoor responds to the following
commands:
d - lists the directory contents
f - closes the session
g - uploads a file
m - displays MessageBox
p - downloads a file
Windows CE is extremely vulnerable
from the point of view of system
security. There are no restrictions on
executable applications and their
processes. Once launched, a program
can gain full access to any operating
system function such as receiving and
transmitting files, phone and
multimedia functions etc.

Creating applications for Windows CE is

extremely easy, as the system is totally
open to programming, making it
possible to use not only machine
Within two weeks after iPhone was
released I.S.E. (Independent Security
Evaluators) found a way to take full
control of the device.
Apple's Safari web browser exposes the
vulnerability.
The exploit can be delivered via a
malicious web page opened in the
Safari browser on the iPhone.
When the iPhone's version of Safari
opens the malicious web page,
arbitrary code embedded in the exploit
1) Location Tracking.

2) Espionage bug.

3) Loss of security.

4) DDOS attack.
There is a need to redesign the technology. The protection
mechanisms can be broadly classified on the basis of the
requirements of the protection systems.

•System Level Security : System level

security aims to make the system more secure by restricting the
execution of unauthorised applications.

2) Network Level Security : Proactive Approach Network level

security aims to provide a basis of filtering out malware
transitioning over the network beween various devices.
1)Non-discoverable bluetooth

2) Install antivirus.

3) Firmware Updates.
Image courtesy FSecure Corp.
4) Dont’t use untrusted sites & softwares.

5) Infection Scanners at public locations.

• Since the infrastructure is centrally managed and
owned, defenses can be inserted at critical points to
affect the spread
• However, the fact that the end nodes (phones) can
be hard to disinfect introduces challenges
• A few defensive scenarios:
 Removing the infected reduces congestion!
– Blacklisting
 Removing the infected reduces congestion!
– Rate limiting
 Can be effective for MMS. But difficult, for VoIP
– Filtering
Practice
safe
mobile
computing