Mobile and Pervasive Home > Proximity Driven Mobile Malware

Proximity Driven Mobile Malware

Overview

Background

This project investigated software vulnerabilities in today's mobile devices and in particular the potential for malicious software spreading between mobile devices using Bluetooth wireless transmission. This is an area of great importance given the widespread use of Bluetooth equipped mobile devices and the fact that these devices are becoming increasingly powerful computing platforms with unified operating systems. The aim was to understand the means that mobile malware has for replicating itself through exploiting both technical and social features of Bluetooth use. The University of Bath researchers had previously gained valuable understanding of people's behaviours with Bluetooth through the Cityware project (see www.cityware.org.uk). The Computer Science department at UCSD is currently hosting a research project on Mobile Malware and has identified Bluetooth as one very likely way of propagating malicious software between mobile devices.

Aims and contributions

This joint (UCSD/University of Bath) project focused on two main areas:

• Mobility and contact patterns of mobile devices, and
• Devices' and users' susceptibility to proximity based attacks.

Investigation of both areas used Bluetooth both as the means to discover devices and to convey information - and malware - between devices. However, the modelling and analysis of mobility and contact patterns was also valuable in studying the spread of mobile malware via the cellular phone network.

The first phase of the project focused on deploying a passive Bluetooth sensor system at UCSD, similar to that deployed by the Bath researchers as part of the Cityware project, and a number of Bluetooth "honeypots" that advertised themselves as susceptible to wireless attack. It was assumed that the Bluetooth configuration strategies used by US mobile operators may have led to less awareness and use of Bluetooth in the US compared to the UK. Hence, Bluetooth-based applications were installed to encourage mobile phone users to turn on their Bluetooth. The deployment of static Bluetooth sensors in this first phase was at locations around the UCSD campus and were augmented by the use of mobile Bluetooth sensors on the UCSD campus and at other public locations in the San Diego area. The existing static Bluetooth sensors in Bath, based on desktop and notebook PC platforms, were augmented by additional static and mobile Bluetooth sensors and honeypots. A combination of embedded Linux platforms were used(e.g. Soekris boards with additional Bluetooth hardware) and mobile phones as the basis of the sensor networks and honeypots. The outcome of this first phase produced empirical data from which to model and analyse patterns of Bluetooth behaviour and contact in the San Diego and Bath areas. It also enabled the development of an initial understanding of differences in the use of Bluetooth equipped mobile devices in the US and the UK.

The second phase of the project investigated the combination of technical and human vulnerabilities to proximity-based malware attacks. Bath led the study of human behaviour in relation to content sharing over wireless communication. Specifically, the aim was to understand the extent to which users are willing to accept digital content (pictures, music, electronic business cards etc) over Bluetooth, SMS and MMS, both from people in their address book and strangers. Bath has done work in this area in relation to Bluetooth, while UCSD has looked at address book based content sharing. A Bath PhD student worked on this section of the project while UCSD led the investigation of the technical vulnerability of mobile devices to attacks over Bluetooth. We will start by investigating known attacks such as Bluesnarfing, Bluedump and Bluebump. Typical platforms investigated were Symbian mobile phones, but also included Microsoft Windows running on notebook computers. Potential for commercial impact includes improved security in mobile device systems design and also mobile application design resulting from vulnerabilities revealed by the project. The project also suggested solutions to mitigate security issues that were discovered.