Cell Phone Malware

Google+ Pinterest LinkedIn Tumblr +

Not to be left out of the malicious attacker’s hit lists; cell phones (Apple’s® iPhone, RIM’s® Blackberry range etc) and other embedded systems are also prone to malware. Target specific custom crafted viruses and worms can create untold damage to these systems and their users or both. Because these systems can reach so far and wide the problem is becoming insidious and the spread of these types of malware can often be more akin to that of wildfire.

Unlimited Target Opportunities

If only because of the usage patterns of typical mobile and embedded systems are subjected to it is not hard to see how rapidly these types of malware can proliferate. For example every time you use your cell phone to contact another cell phone or telephony enabled VoIP system the opportunity for malware to invade exists.

With the average cell phone user making or receiving on average 12 calls per day the numbers take on staggering proportions very quickly. By applying the six degrees of separation to this mode of malware infection we that the potential exists for this type of malware to become globally distributed in a matter of hours not days as with most other types of computer malware.

Attacker Motivations

Apart from free phone calls what can the perpetrators of this malware possibly hope to gain? This is the first question to answer in order to be able to find the means by which they can be stopped.

Storage Capacity

Not only have the data storage capacities of the average cell phone have been sky-rocketing in recent times, so too has the variety of data types users elect to store on this class of devices.

Data storage rule number one states that the greater the storage capacity the faster you will fill it. So it is; that today we now store all sorts of user created information on our cell phones including photos, contact lists, personal details, banking credentials and other personally identifiable electronic information along with a plethora of other documents and communications information.

To fuel this need manufacturers are producing cell phones and other embedded systems with ever more copious quantities of internal and removable storage capabilities.

Functionality and Firmware Upgrades

The feature sets of cell phones and other embedded systems are delivered in part courtesy of the devices hardware capabilities and in part courtesy of the devices internal software commonly referred to as its firmware. Incorporation of newly developed features is often implemented in the firmware long before being incorporated as dedicated hardware functionality.

Today most new embedded systems have the capacity for user initiated field implemented firmware upgrades. Thus the code that runs your embedded systems can be modified “on-the-fly” as it were to deliver more functionality. This is no doubt a great marketing feature but one with a hidden and very malevolent underside.

Corruption of the new software (firmware upgrade) is; as with all software, very possible. You may have some unpredicted event interfering with the download and upgrade installation process. All manner of events may conspire to cause the installation to fail.

As annoying as this may seem, it is in fact not much of a problem since rectification of your failed firmware upgrade simply means that you must repeat the procedure, that is you reinstall until you eventually succeed. Corruption due to malware infection on the other hand is no laughing matter, particularly if that malware is a root kit or one that resides in RAM.

Publicly Accessible Networks

The heart of the problem however; is that these firmware upgrades are too often performed over publicly accessible networks and therein resides the danger. Most publicly accessible networks have

zero security and even the GSM mobiles encryption algorithm has; for quite some time now, been very easy to crack using rainbow tables and many other tools freely accessible via the Internet.

Detecting Cell Phone Malware Presence

Until now; the main factor contributing to the very low degree of resilience to attack commonly exhibited by cell phones and other embedded systems has been the serious lack of mechanisms capable of detecting malware in real time on this class of computing systems.  Fortunately; and not before time, a team from the Carnegie Mellon University’s Electrical and Computer Engineering Department have succeeded in creating a small and compact program that can detect remote malicious attacks, such as worms and viruses.

The Carnegie Mellon University’s software is reported to work with practically all cell phones and most other embedded systems such as those found in automobiles and many appliances. Through the use of a special mechanism that can verify the code running on any given remotely embedded system this new cyber-cop can root out the worst offenders by alerting users that their cell phone or car computer has been invaded by an unwanted rogue virus.

Theoretically, every piece of malware can be detected because its presence and activity alters instance specific parameters of the device that it has invaded. Simple viruses can be detected through their altered memory contents while characteristics typical of worms such as exorbitant hard drive storage capacity consumption and usage patterns can be used in their detection.

“Stealth” Cell Phone Malware

More advanced viruses that exhibit “stealth” capabilities may attempt to “hide” themselves from the host device. Yet; even this type of “stealthy” malware can still be detected because in order to exert their “hiding” capability they will consume processing time. The result is that they will slow down the detection system’s code verification processes and procedures to such an extent that this alone will indicate their presence.

It is important to note that in most instances this slow-down is not readily discernable to mere humans. However; with cell phone and embedded systems CPUs operating at many hundreds of millions of cycles per second this slowdown sticks out like a dogs b—s. Some viruses even hog the compromised system’s physical memory to such an extent that the compromised system’s performance is slowed to such an extent that even we humans cannot fail to notice.

Cell Phone “Key Logger” Malware

Various flavors of “key logger” malware have long had the capacity to faithfully record every keystroke and mouse click performed by a user. Passwords, account credentials, personal information, financial records, network authorization codes, keys and hashes are all prone to compromise via some form of “key logger” attack.

Zombie Cell Phones

Some of the newer generations of malware are even capable of turning the infected device into a “zombie” capable of executing instructions on demand or carrying out predefined instructions to obtain future “orders” from so-called “bot-masters” to snatch passwords and other personally identifiable information, run online scams and even participate in denial of service attacks.

Cell Phone“Dialer” Malware

Other more insidious malware commonly classified as “dialer” malware have the capacity to direct those systems that they have invaded to dial specific premium-rate numbers (porno etc.) and thereby run up a huge and exorbitant phone bills for which their unsuspecting victims are liable.

What makes much dialer malware so great a threat is their capability to do so “silently”. That is the malware takes great care to ensure that connection details, billing charges and the actual contents of the premium rate calls are not displayed or made known to the user in any way at the time the dialer executed its dial up functionality. Generally this category of malware also tends to tidy up after itself which usually means all traces including logs are automatically deleted at random, at shut-down time, at boot-up time or at some other predefined characteristic.

One of this later group exhibit an even more sophisticated behavior in that the malware passes information to its controller regarding the victim’s credit card daily limits or the amount of the prepaid call value remaining on the victim’s SIM card. In this way the malware can use up to a certain amount of credit as specified by its controller without drawing the undue attention of the victim.

Anyway way you look at it the end result is the same. The victim gets billed with the costs of running up the high phone bill charges and phone companies tend not to care whether if an abnormally high phone bill was due to the customer being an unwitting victim of an embedded computer or cell phone malware attack or not.


No doubt about it; the cyber wars arms race continues unabated as one area is dampened the villains find newer and more novel angles to exploit. There can be very little doubt that some of these individuals are very creative and lateral thinking is something that they have adopted. Thus those holding up the fight for the “goodies” must think laterally and proactively create a preventative cure rather than reactively dance to the malware authors’ dance.

Time and time again throughout history we have seen technologies used for “good” and “bad” in ways that the creators’ of those technologies never imagined nor could envision. We all see the world from a different perspective but can empathetically understand the perspective of others. This is what makes us human and makes the “perversion” if you like, of ideas and technologies not just possible but probable.


About Author

Leave A Reply