Forgot your password?
typodupeerror
Security Cellphones Communications Worms

Pinning Down the Spread of Cell Phone Viruses 53

Posted by timothy
from the promiscuous-mode dept.
walrabbit writes "Wang et al (2009) (from Albert-László Barabási's lab) modeled the spread of mobile phone viruses based on anonymised call and text logs of 6.2 million customers spread over 10,000 towers. Their simulations shows that the spread is dependent on the market share of a particular handset, human mobility and mode of spread: bluetooth or MMS or hybrid. 'We find that while Bluetooth viruses can reach all susceptible handsets with time, they spread slowly due to human mobility, offering ample opportunities to deploy antiviral software. In contrast, viruses utilizing multimedia messaging services could infect all users in hours, but currently a phase transition on the underlying call graph limits them to only a small fraction of the susceptible users. These results explain the lack of a major mobile virus breakout so far and predict that once a mobile operating system's market share reaches the phase transition point, viruses will pose a serious threat to mobile communications.' You can read the full text (PDF) and supporting online information (PDF) (with interesting modelling data and diagrams)." (Also summed up in a short article at CBC.)
This discussion has been archived. No new comments can be posted.

Pinning Down the Spread of Cell Phone Viruses

Comments Filter:
  • by corychristison (951993) on Sunday April 05, 2009 @02:22PM (#27467083)

    ... I use the old fashioned method of communication [textually.org].

    • by Cyberax (705495)

      Do you use sterilized caps? You know, you might catch an ear infection from dirty caps!

  • Wear protection! (Score:2, Informative)

    by Samschnooks (1415697)
    Here! Wear this! [networkworld.com]

    And don't share your phone promiscuously!

    Abstinence is the way - don't use cell phones!

    • Re: (Score:3, Insightful)

      by noidentity (188756)
      Maybe if they made a cell phone that was just a, you know, phone, and didn't have any extra crap in it, it wouldn't even be possible to spread any code, malicious or not.
      • Re: (Score:2, Informative)

        by A12m0v (1315511)

        or have a kill switch, disable background processes and practice full control of the software distribution

        • by edivad (1186799)

          or have a kill switch, disable background processes and practice full control of the software distribution

          That is, as far as Freedom to use goes, the same thing curfew.

    • It doesn't feel the same and it ruins the mood of the conversation.
  • by ducomputergeek (595742) on Sunday April 05, 2009 @02:39PM (#27467195)

    I was having this debate with someone the other night who believes that in 3 - 5 years every phone will be android. Personally I was arguing that Blackberry in the business world is pretty hard to beat and the iPhone has a sizable lead. But people tend to trade in their personal phones every couple years. Businesses usually get married to a platform and it's harder to move them away. Especially if they have invested in any applications.

    I know Apple gets flamed a lot around here by people for not being open enough and forcing developers to release apps through the app store, but I've seen it as an attempt to delay and try to prevent malware on the iPhone. Personally that's one reason why I am uncool in the geek world and don't jailbreak mine. I know I've bitched about the bluetooth stack being locked down on the iPhone. I'd love to connect a freaking wireless keyboard to it sometimes. But at the same time, I see Apple's position on controlling the gateway beyond them "being evil locking people in".

    You have the people harping on how cool Android will be because one won't "be locked into one app store" etc.. But in the back of my mind that just increases the risk of someone downloading some "Cool free app" that happens to be a malware app. It only has to happen a few times before the reputation gets out there. And it will happen because people see pops ups now that say, "Hey you have mal ware, down load our malware cleaner." And then they click and install nothing but malware.

    And I think it is much more likely given how I've seen people use their phones on such a spur of a moment basis. The number of times I've seen people just be browsing and buy/download a ringtone or app on the spur of the moment. Especially if they are at a club and have already had a few to drink and aren't thinking. (I have to take away certain people's iphones when we go out to keep them from doing anything stupid).

    Either way, I dread the day that we have to run anti-virus on our phones.

    It also makes me think there are still reasons to keep the trusty old land line around.

    • every phone will be android

      Ask them what drugs they're on. If they deny it, suggest they need meds. And have their flux capacitor reworked. And that they need to find a bucket of steam.

      People want phones first and foremost to make phone calls. A smart phone, for many of us, is a dumb decision - it's too bulky, while at the same time it doesn't have enough screen to replace even a netbook ... and for people who tend to lose their phones on an annual basis, it gets expensive fast. Phones, for most people, are semi-disposable commodities. If someone loses it, or it gets stolen, or they drop it one time too many, it's not THAT big a deal. And for the majority, that's the way it should stay, because, like hard drive failures, it's not a question of if, but when - when you lose it, drop it, it dies, or it gets swiped.

      • Re: (Score:3, Insightful)

        by jonbryce (703250)

        In my experience people want phones first and foremost to send text messages, and to take and send photos.

      • Re: (Score:3, Insightful)

        People want phones first and foremost to make phone calls. A smart phone, for many of us, is a dumb decision - it's too bulky, while at the same time it doesn't have enough screen to replace even a netbook ... and for people who tend to lose their phones on an annual basis, it gets expensive fast. Phones, for most people, are semi-disposable commodities. If someone loses it, or it gets stolen, or they drop it one time too many, it's not THAT big a deal. And for the majority, that's the way it should stay, because, like hard drive failures, it's not a question of if, but when - when you lose it, drop it, it dies, or it gets swiped.

        Today, people want phones first and foremost to make phonecalls. Tomorrow, they may want them first and foremost for email and video chat, with audio being a function not often used.

        Most people don't want to lug a laptop around just to check email/the web, they're happy to do their surfing on a tiny device they can carry around with them anyway (a smartphone). Most people will never have a 'netbook' or even know what one is, but they do know that you can now get phones which will display your email too and

        • by tomhudson (43916)

          RE Video Chat: We've had phones with video calling for a couple of years now - it's a dud despite their initial heavy promotion by Rogers (which I could have told them). Nobody wants to show other people that they're in the toilet, or in bed, or that they haven't got their makeup on, or that they're with friends when they said they'd be working late, or that they're naked in front of their PC surfing pr0n, or any one of a number of things ...

          RE: email: Get caught checking your email while driving, even

          • RE Video Chat...Nobody wants to show other people that they're in the toilet

            I don't generally call people from the toilet, so it's not an issue. Perhaps it would be for you. In my opinion video chat has not caught on because it is expensive and charged at extortionate rates. I expect that to change. Look at desktop computers and you'll see video chat being used all over the world.

            RE: email: Get caught checking your email while driving,

            And? What does the obvious danger of emailing/phoning while driaving have to do with smartphones and the use of email on them? Texting while riding a bike is also inadvisable, but it doesn't seem to have p

            • by tomhudson (43916)

              I don't generally call people from the toilet, so it's not an issue. Perhaps it would be for you. In my opinion video chat has not caught on because it is expensive and charged at extortionate rates. I expect that to change. Look at desktop computers and you'll see video chat being used all over the world.

              No, but people often seem to call me at the worst times ... Also, the video phone came with a flat-rate off-peak plan - it was a dud. People just don't want video chat when they're talking on their cell - probably because, if they're on their cell, they're doing something else at the same time ... like driving, shopping, out walking the dogs, cooking, whatever. It's a dud. We've had video chat on the pc for a decade, and conference-style standard-def video-in-a-server for almost a decade - it's a dud there

      • I agree. But I'm not sure how much longer consumers will have much of a choice. Smart phones are nice for the carriers because it allows them to tack on more services they can charge for. A couple weeks ago I went in to add a line to my AT&T account for my Dad. He's up in his late 60's and has had a pre-paid phone he kept in the car for emergencies, but it wouldn't work too well down on the farm. Last time I was down there, I kept getting pinged with emails, so I knew he could get service if he had

        • The phone didn't need to do anything other than make phone calls, but they didn't have any that would just make phone calls. Everything they had on display were smart phones. Even the most basic phone I could find came with the ability to get mobile TV. (which I admit is cool, but he'd never use it. )

          Yep - I looked at upgrading my Motorola v180 a few years ago; but kept it nonetheless. At the time, I had a job where I could have a camera in the office. If the phone had one, I would have had to leave it in

      • by EZway15 (1312183)

        Should we expect the mobile carriers to play a role here?

        Seems to me that they should be able to see anomalous traffic and shut it down. Nest Pa?

        • Lesson Du Jour... (Score:3, Informative)

          by DavidShor (928926)
          This is a peeve of mine, a consequence of spending too long being tested on french grammar.

          It's "n'est-ce pas?".

          Word for word, that is "is it not?". Figuratively, it's the equivalent of "No?". The "ce", or "it", is usually silent.

    • by Darkness404 (1287218) on Sunday April 05, 2009 @03:11PM (#27467395)

      You have the people harping on how cool Android will be because one won't "be locked into one app store" etc.. But in the back of my mind that just increases the risk of someone downloading some "Cool free app" that happens to be a malware app. It only has to happen a few times before the reputation gets out there. And it will happen because people see pops ups now that say, "Hey you have mal ware, down load our malware cleaner." And then they click and install nothing but malware.

      But Android will end up being diverse enough to withstand most malware. Even if Android is running on 100% of the phones, not all of them are going to run exploitable versions, others will have more restrictions, still others might be without data and won't receive updates locking them into a specific version.

      Also, Android is Linux. You aren't root. Theres nothing you can do to totally mess up your phone. Get a virus? No problem, just delete that user and start again. Sure, you have the downside of losing some contact info if it wasn't backed up, but its sure easier than buying a new phone.

    • Re: (Score:1, Insightful)

      by Cyberax (705495)

      You forget one thing: virus can very well exploit the phone itself, without any need for AppStore applications.

      For example, through a hole in Flash interpreter or exploitable JavaScript vulnerability.

      And that's when iPhone monoculture is going to bite you.

    • Either way, I dread the day that we have to run anti-virus on our phones.

      Personally I look forward to the day when I can run any software I like on my phone and my carrier can't lock it down and/or override my own settings. If that implies I have to worry about viruses then so be it. TFA (PDF) states that at least 420 already exist anyway, and I know Avira already offers anti-virus for certain mobile platforms.

    • I know Apple gets flamed a lot around here by people for not being open enough and forcing developers to release apps through the app store, but I've seen it as an attempt to delay and try to prevent malware on the iPhone.

      Really, I doubt that malware prevention is even on Apple's list of reasons for marshaling application development through its App Store. If it is, it's waaaay down the list. It is a marketing decision the way Nintendo exhibited tight control over who published games for the NES, or the way the iPod and iTunes service are tightly integrated and interoperability severely restricted.

      Apple's App Store is about image and "synergies" and lock-in and creating a captive market. That is all. Not only does it not

  • by Landak (798221) <Landak@gmail.com> on Sunday April 05, 2009 @02:44PM (#27467225) Homepage
    The fact that we've yet to see a large mobile phone virus outbreak is wonderful proof that, (in many cases) shoddy coding, idiotic users, dodgy design methods and ample methods of communication between devices and "the wider world" does not automatically imply "virus city".

    The distributed and diverse nature of the mobile OS market means that there have never been (to my knowledge) any large infections on the scale of Blaster or so forth, and yet many (popular!) phones that I've used have had simply *awful* OSes, with known security risks, monolithic kernels, and a wide install base. Such are the benefits of not having a monopoly!

    Perhaps if Microsoft were the power it wants to be in the mobile market, we'd be far more familiar with large-scale infections of mobiles. I'm bloody glad it isn't -- MMS messages are down-right extortionate!
    • It doesn't hurt that most people don't run MS-Word and Outlook on their phones. Or an easily-compromised web server. Or have a bunch of open ports.

      Ironically, unlike a PC, there's only a few ways for a virus to phone home on a phone.

    • by jonbryce (703250)

      Symbian seems to have a worse track record for viruses than Windows Mobile.

    • Disclaimer: I'm not a programmer. This post is speculation.

      There's also the issue of resources. I think most programmers, nowadays, don't optimize code for minimal resource usage. Virus writers are most likely no different, and thus, probably aren't accustomed to coding for platforms with as few resources as cellphone and other handheld devices. There have been a couple stories on /. about vulnerabilities (buffer-overflows, mostly) in different software that could potentially be dangerous, but are di
      • by Mazin07 (999269)
        You'd be surprised at how much you can do in a tiny amount of memory, and even cheap cellphones have a relatively huge amount of memory. Virus writers who know enough to exploit cellphones could code rings around your average cellphone app programmer. Just take a moment and compare your average cellphone's processing power to nineties-era computers and you'll see that memory-usage is the last thing a cellphone-virus writer needs to worry about.
  • It won't (Score:3, Insightful)

    by Darkness404 (1287218) on Sunday April 05, 2009 @02:45PM (#27467229)
    Currently, there are a ton of mobile phone platforms, unlike the desktop. This keeps the number of viruses down, secondly, most phones run slightly modified versions of the OS, not plain versions making exploiting the same hole difficult in the large scheme of things. So as long as a vendor doesn't dominate the Mobile OS market (and with Windows Mobile, Android, Symbian and iPhone OS all going to want to stay in business, it won't) I don't see viruses as being a problem at all.
  • by JustOK (667959) on Sunday April 05, 2009 @02:49PM (#27467253) Journal

    Wouldn't reversing polarity on the flux capacitor and diverting all power to the medical/av deflector prevent the spread of a virus?

  • Great, first they make me pay for incoming texts, I wonder how much it'll cost to catch a virus? I'm guessing $1 for receiving it, $1 for each message the virus sent, then another $50 to remove the virus. Of course, 3rd party repairs on the phone are prohibited by the contract, so they've got all the motivation they need to do absolutely nothing to stop viruses.
  • So far, none of the MMS messages I have sent has ever been recieved, so Viruses are probably held back by the lack of compatibility between networks/handsets. As MMS will be dead in less than a year because e-mail does the same job for free, I dont see this as a major issue.

"Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats." -- Howard Aiken

Working...