Intrusion and Protection of Mobile Devices

With the development of mobile hardware and software, Mobile device is becoming a mini PC device, and even more powerful to some extent, as Mobile communication device, WIFI device, Bluetooth device and Infrared device. Mobile device operating systems provide more and diversified functions and software. As a result, Mobile device viruses are able to intrude the mobile system through traditional and mobile specified ways. Carbir and its variants demonstrate ways to spread via Bluetooth, Skull and its variants demonstrate ways to disable system functions and lead mobile unable to work properly. Could mobile viruses do even more harm to the system? Unfortunately, the answer is yes!
In this paper, I will first introduce new ways that mobile virus writers might use in the near future, like tricks to force users to do hard reset, executable file infection in Symbian, mobile virus polymorph, new ways to spread themselves etc. Then I will propose an integrated mobile protection system which includes a powerful virus scanner and a multi-dimension real-time monitor set. Virus scanner must support both the traditional pattern-scanning method and heuristics method which I will go a little further to describe its main rules. Real-time monitors include low level monitors like file system monitor and network monitor and high level monitors like Bluetooth monitor, MMS monitor and email monitor etc.


With the development of mobile hardware and software, Mobile device is becoming a mini PC device, and even more powerful to some extent, as Mobile communication device, WIFI device, Bluetooth device and Infrared device. Mobile device operating systems provide more and diversified functions and software. As a result, Mobile device viruses are able to intrude the mobile system through traditional and mobile specified ways. Carbir and its variants demonstrate ways to spread via Bluetooth, Skull and its variants demonstrate ways to disable system functions and lead mobile unable to work properly. Could mobile viruses do even more harm to the system? Unfortunately, the answer is yes!
In this paper, I will first introduce new ways that mobile virus writers might use in the near future, like tricks to force users to do hard reset, executable file infection in Symbian, mobile virus polymorph, new ways to spread themselves etc. Then I will propose an integrated mobile protection system which includes a powerful virus scanner and a multi-dimension real-time monitor set. Virus scanner must support both the traditional pattern-scanning method and heuristics method which I will go a little further to describe its main rules. Real-time monitors include low level monitors like file system monitor and network monitor and high level monitors like Bluetooth monitor, MMS monitor and email monitor etc.

References

Association of Anti Virus Asia Researchers Conference 2006