The Mobile Malware Threat
Posted by Craig H on 5 May 2009
Last week, the BBC World Service radio programme Digital Planet included a piece on mobile phone viruses. This was based on research done at the Center for Complex Network Research (CCNR) entitled Understanding the Spreading Patterns of Mobile Phone Viruses.
Steve Litchfield of All About Symbian, pulling no punches, calls this “a load of BBC tosh”🙂 To be fair though, I don’t particularly blame the BBC, who have simply taken journalistic license with the report’s main conclusion: “it is not unconcievable[sic] that the phase transition point will be reached in the near future, raising the possibility of major viral outbreaks.”
Unfortunately for the BBC and Professor Barabási at the CCNR, I think the research is flawed. As Mikko Hyppönen of F-Secure points out, the “paper more or less ignores the effects of technical safeguards built into modern smartphones operating systems.” I think I can help them out with that, as I have a graph demonstrating the effect of the introduction of the Symbian platform security architecture: (click it for a more readable size)
The graph shows the number of new malware signatures discovered each month on the Symbian platform from June 2004 (when the Bluetooth worm Cabir, the first malware developed for Symbian OS, appeared) right up to last week (end of April 2009). To give a sense of perspective, that’s a total of 201 different signatures in nearly 5 years, as compared to over a million (yes, 1 000 000) new signatures on Windows PCs last year alone. The main point to note is the generally upward trend before March 2006, when the first phones including the Symbian platform security architecture started shipping (Nokia 3250 and Sony Ericsson P990i), and the generally downward trend after March 2006 as increasing numbers of phones have platform security included.
Here’s what I think is misleading about the report:
- The title refers to “Viruses”, and yet none of the examples considered are viruses in the true sense. If you don’t think this matters, consider that a true virus can infect a system silently and invisibly, whereas all the malware we have seen on the Symbian Platform needs to be invited in by the phone user, confirming that they really want to install it (i.e. it is properly called a “trojan”).
- The model has a basic assumption that there are no security controls on the target phone. As we can see from the graph, if there had been no platform security then one might extrapolate the trend, prior to 2006, into explosive growth in malware, but there is platform security and there is no such trend.
- While acknowledging that MMS would play the biggest part in any rapid outbreak of malware on phones, the paper ignores the role of the MMSC in providing a control point for such spread. In fact many (most?) network operators today implement filtering on their MMSCs precisely to prevent such an outbreak.
Noting all of that, I think that the general public can rest safe in the assurance that there is no inevitable mobile phone virus pandemic, and the BBC should feel at least a little embarrassed for suggesting that there is. I’m not saying that there isn’t a threat – there is, otherwise we wouldn’t have bothered with the massive effort involved in implementing the platform security architecure in the first place – but Symbian, the phone manufacturers and the network operators are all working together to minimise that threat, and thus far I’d say we’re doing a pretty good job!