Áine Curry 08406804Brian Flaherty 12232197Reggie Sugrue 12231292

Mobile Device Malware and Viruses

Mobile devices have become more technical in recent years.• Wireless connectivity

• Short range connections via Bluetooth

• Mobile Applications

• This has lead to the increased vulnerability of mobile device

Introduction

Attacks increased by 185 %• increased number of mobile devices

99% of these attacks related to Android Mobile devices

Mobile Malware 2012

Android is the most popular operating system• 75% of the market share

Android Applications widely available• Anyone can post App’s to Google’s Android Market

Android is slow in fixing detected flaw

What makes Android vulnerable to Attacks?

March 2013 – First discovered mobile malware attack• Stole SMS messages, call logs, contacts and phone data

December 2012 – Malware used to steal €36 million from 30,000 bank accounts

Recent Malware Attacks

• Collect device data - 28%

• Spies on user - 25%

• Send content - 24%

SMishing, Fake Apps, Stealing Information such as bank details – major threats

Main Types of Malware

Fake Apps

Bring Your Own Disaster?

• Unknown third-party access via mobile apps

• Challenges in tracking data 

• Data management, segregation difficult for compliance

• Stolen, lost mobile devices leak data 

• Disgruntled employees a risk

BYOD

• Financial• Main reason for malware

• Social• Boosting image as a hacker

• Political Agendas• Trojan implanted in a popular app

supporting “Arab Spring”

Motives

2 methods of detection:

• Simple detection techniques

• Technical detection technique

How to detect mobile malware

Symptoms of Mobile malware• Slow performance

• Quick battery consumption

• Applications refusing to open or work

• Automatic sending of text message to contacts

• GPS active even when a program is not running

Simple detection techniques

Static Analysis• Detects malware in operating systems by dissembling mobile device

Dynamic Analysis• Mobile device is isolated into a virtual machine and behaviour is monitored

Application Permission Analysis• Performs permission checks on installed applications

Technical Detection Techniques

• Defence against Malware & Viruses

• Smarthphones can be attacked in two mediums

• Corporate level

• Everyday Users

Recommendations

Organizations need security because member of enterprise are accessing information on their mobile devices.

National Institute of Standards and Technology provide security guidelines.

4 different categories of security that organizations should fall under according with NIST guidelines.

Organizations

1) General Policy – enforce enterprise security like monitoring when policy violations occur.

2) Encryptions Policy – making sure that there is strong encryption to prevent attacks.

3) Authentication – making sure that users must pass security breaches to get access.

4) Restriction – restricting people who you don’t want to have access to your resources.

4 Categories

Abbreviated for Bring Your Own Devices to Work.

People bring these devices to work but there must be security policies for these devices as well as the organization original hardware.

Organizations should specify what devices are allowed.

Define what sites are allowed to be used and companies should have a employee exit strategy.

BYOD

Users use smartphones everyday carrying out transactions with sensitive information like e-mails and bill payments.

Current day users are blissfully unaware of the malware and viruses that can possible interact with their devices.

Users should gain education of what malicious kinds of attacks are out there and what security is available.

Everyday Users

Install anti-virus software on their mobile devices.

Do not connect to unusual Wi-Fi network.

Avoid clicking links that come from unsecure sources as this can forward users on to harmful sites.

Avoid geo-tagging if people you don’t know will have access to the information.

Make sure there is encryption system in your device.

Helpful Tips for Users

Going to get worse before it gets better because Users are only getting to grips with mobile security.

Mobile devices are less protected than computers.

More sophisticated methods be introduced so it will be harder to pin down.

Examples of future threats are SMS phishing and NFC pay-service corruption.

Future of Mobile Malware & Viruses