WHY MOBILE TO MOBILE MALWARE WONT CAUSE A STORM Nathaniel Husted - - PowerPoint PPT Presentation

why mobile to mobile malware won t cause a storm
SMART_READER_LITE
LIVE PREVIEW

WHY MOBILE TO MOBILE MALWARE WONT CAUSE A STORM Nathaniel Husted - - PowerPoint PPT Presentation

Feb 10, 2023 118 likes •339 views

WHY MOBILE TO MOBILE MALWARE WONT CAUSE A STORM Nathaniel Husted Steven Myers Indiana University Monday, April 4, 2011 MOBILE TO MOBILE MALWARE Bluetooth (Mabir/Cabir/Commwarrior) Vs. MMS (Mabir/Commwarrior) Symbian OS -- Dominant

slide-1
SLIDE 1

WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM

Nathaniel Husted Steven Myers

Indiana University

Monday, April 4, 2011

slide-2
SLIDE 2

MOBILE TO MOBILE MALWARE

  • Bluetooth (Mabir/Cabir/Commwarrior) Vs. MMS (Mabir/Commwarrior)
  • Symbian OS -- Dominant Market Share
  • Feature Phones -- Dominant Phone Style

Malware Malware Malware

Bluetooth MMS

Monday, April 4, 2011

slide-3
SLIDE 3

ROADMAP

  • 1. Related Work
  • 2. Feature phones to smartphones: expanded threat surface
  • 3. Requirements for studying malware spread
  • 4. Interesting variables
  • 5. Results
  • 6. Conclusion

Monday, April 4, 2011

slide-4
SLIDE 4

RELATED WORK

  • [CARETONNI07] - Analytical model...
  • [SU06] - Analytical model...
  • [WANG09] - Empirical data but without fine positioning...
  • [CHANNAKESHAVA09] - Activity based data but no transmission during mobility...

Monday, April 4, 2011

slide-5
SLIDE 5

FEATURE PHONES TO SMARTPHONES

  • Bluetooth to WiFi
  • Larger threat surface
  • More features
  • More complex software
  • Always on Internet
  • Potential: Jailbroken iPhone’s with default SSH credentials

Google Developer Phone

http://www.flickr.com/photos/tagzania/3119293948 Monday, April 4, 2011

slide-6
SLIDE 6

FEATURE PHONES TO SMARTPHONES

  • Bluetooth to WiFi
  • WiFi devices, when on, are always visible, Bluetooth devices must be discoverable to be visible
  • WiFi management traffic is transparent
  • WiFi has greater range than common Bluetooth devices
  • WiFi has higher speeds
  • We assume WiFi is always on

Monday, April 4, 2011

slide-7
SLIDE 7
  • 1. Epidemiological Model
  • S-E-I-R Model
  • Susceptible
  • Exposed
  • Infected
  • Recovered

LOOKING AT MALWARE SPREAD

5... 4... 3... 2... 1...

Exposure Example

Monday, April 4, 2011

slide-8
SLIDE 8

LOOKING AT MALWARE SPREAD

  • 2. Realistic Mobility Model - UdelModels
  • High Spatial Fidelity
  • High Temporal Fidelity
  • Accurate Population Density

Example UdelModels Simulation

http://www.udelmodels.eecis.udel.edu/ Monday, April 4, 2011

slide-9
SLIDE 9

LOOKING AT MALWARE SPREAD

  • 3. Target Geographical Area -- CHICAGO

Population 9056

[Landscan]

http://www.udelmodels.eecis.udel.edu/ http://seamless.usgs.gov/hro.php Monday, April 4, 2011

slide-10
SLIDE 10

LOOKING AT MALWARE SPREAD

  • Infection Style: Parallel Vs. Serial
  • Parallel -- Many devices targeted and infected all at once.
  • Serial -- One device targeted and infected at one time.
  • Exposure Time - Viral Spread Speed
  • Susceptibility - Different phone hardware/software
  • Broadcast Radius - 802.11g vs. 802.11n

Monday, April 4, 2011

slide-11
SLIDE 11

IMPORTANCE OF VIRAL SPREAD SPEED

Infected Not-Infected

Monday, April 4, 2011

slide-12
SLIDE 12

EXPOSED POPULATIONS

5000 10000 15000 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Time(Seconds) Fraction of Population Infected Population Infections from 7:00AM − 11:00AM in Chicago

10s(Serial) 10s(Parallel) 30s(Serial) 30s(Parallel) 60s(Serial) 60s(Parallel) 120s(Serial) 120s(Parallel)

Constants: Radius: 15m Susceptibility: 100% Initial Infection: 1%

Monday, April 4, 2011

slide-13
SLIDE 13

IMPORTANCE OF SUSCEPTIBILITY

Infected Not-Infected Non-Susceptible

Monday, April 4, 2011

slide-14
SLIDE 14

SUSCEPTIBLE POPULATIONS

5000 10000 15000 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Time(Seconds) Fraction of Population Infected Population Infections at 7:00AM − 11:00AM in Chicago

5% Susc. (Ser) 5% Susc. (Par) 10% Susc. (Ser) 10% Susc. (Par) 25% Susc. (Ser) 25% Susc. (Par) 50% Susc. (Ser) 50% Susc. (Par) 75% Susc. (Ser) 75% Susc. (Par) 100% Susc. (Ser) 100% Susc. (Par)

Constants: Radius: 15m Exposure Time: 30s Initial Infection: 30 People

Monday, April 4, 2011

slide-15
SLIDE 15

IMPORTANCE OF BROADCAST RADIUS

Infected Not-Infected

Monday, April 4, 2011

slide-16
SLIDE 16

BROADCAST RADIUS

5000 10000 15000 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Time(Seconds) Fraction of Population Infected Population Infections from 7:00AM − 11:00AM in Chicago

15m (Serial) 15m (Parallel) 30m (Serial) 30m (Parallel) 45m (Serial) 45m (Parallel) 5000 10000 15000 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Time(Seconds) Fraction of Population Infected Population Infections from 7:00AM − 11:00AM in Chicago

15m (Serial) 15m (Parallel) 30m (Serial) 30m (Parallel) 45m (Serial) 45m (Parallel)

100% Susceptible 25% Susceptible Constants: Exposure Time: 30s Initial Infection: 1%

Monday, April 4, 2011

slide-17
SLIDE 17

CONCLUSIONS

  • Current U.S. city resident densities do not lead to epidemics, even with increased range
  • Epidemics in the U.S. will only occur with very high (arguably unrealistic) susceptibility rates
  • Parallel spread has little effect
  • Mobile-to-mobile epidemics are the least of our worries...
  • Privacy violating mobile malware -- Tapsnake
  • SoundComber -- http://www.cs.indiana.edu/~kapadia/soundcomber-news.html
  • Malware targeting mobile banking -- Mitmo

Monday, April 4, 2011

slide-18
SLIDE 18

QUESTIONS?

Monday, April 4, 2011

slide-19
SLIDE 19

REFERENCES

  • [Landscan] http://www.ornl.gov/sci/landscan/(July 2010).
  • [CARETONNI07] CARETTONI, L., MERLONI, C., AND ZANERO, S. Studying bluetooth malware

propagation: The bluebag project. IEEE Security and Privacy 5, 2 (2007), 17–25.

  • [SU06] SU, J., CHAN, K., MIKLAS, A., PO, K., AKHAVAN, A., SAROIU, S., DE LARA, E., AND GOEL,
  • A. A preliminary investigation of worm infections in a bluetooth environment. In Proceedings of the

4th ACMworkshop on Recurring malcode (2006), ACM, p. 16.

  • [WANG09] WANG, P

., GONZALEZ, M., HIDALGO, C., AND BARABASI, A. Understanding the spreading patterns of mobile phone viruses. Science 324, 5930 (2009), 1071.

  • [CHANNAKESHAVA09] CHANNAKESHAVA, K., CHAFEKAR, D., BISSET, K., KUMAR, V., AND

MARATHE, M. EpiNet: a simulation framework to study the spread of malware in wireless

  • networks. In Proceedings of the 2nd International Conference on Simulation Tools and Techniques

(2009), ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), pp. 1– 10.

Monday, April 4, 2011

slide-20
SLIDE 20

SERIAL VS. PARALLEL INFECTIONS

Infected Not-Infected Dont Walk Dont Walk Walk Walk

Monday, April 4, 2011

slide-21
SLIDE 21

INFECTED POPULATIONS

5000 10000 15000 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Time(Seconds) Fraction of Population Infected

Population Infections Between 7:00AM−11:00AM in Chicago With Incubation Per. of 30 Seconds 0.01 Initial(Serial) 0.01 Initial(Parallel) 0.05 Initial(Serial) 0.05 Initial(Parallel) 0.10 Initial(Serial) 0.10 Initial(Parallel) Monday, April 4, 2011