Smartphone malware evolution revisited: Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. Android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform1. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.

[1]  M. Piercy Embedded devices next on the virus target list , 2004 .

[2]  George Lawton Is It Finally Time to Worry about Mobile Malware? , 2008, Computer.

[3]  Yuriy Bulygin,et al.  Epidemics of Mobile Worms , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[4]  F.C. Freiling,et al.  On the Effort to Create Smartphone Worms in Windows Mobile , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[5]  Brian D. Noble,et al.  Modeling epidemic spreading in mobile environments , 2005, WiSe '05.

[6]  Giovanni Vigna,et al.  Vulnerability Analysis of MMS User Agents , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[7]  Binshan Lin,et al.  Security aspects of mobile phone virus: a critical survey , 2008, Ind. Manag. Data Syst..

[8]  Marko Helenius,et al.  About malicious software in smartphones , 2006, Journal in Computer Virology.

[9]  Hao Chen,et al.  Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery , 2006, 2006 Securecomm and Workshops.

[10]  Albert-László Barabási,et al.  Understanding the Spreading Patterns of Mobile Phone Viruses , 2009, Science.

[11]  P. Coulton,et al.  Mobile phone vulnerabilities: a new generation of malware , 2004, IEEE International Symposium on Consumer Electronics, 2004.

[12]  Neal Leavitt,et al.  Mobile phones: the next frontier for hackers? , 2005, Computer.

[13]  Sahin Albayrak,et al.  Developing and Benchmarking Native Linux Applications on Android , 2009, MOBILWARE.

[14]  Tom Martin,et al.  Mobile phones as computing devices: the viruses are coming! , 2004, IEEE Pervasive Computing.

[15]  Mikko Hypponen,et al.  Malware goes mobile. , 2006, Scientific American.

[16]  Geoffrey M. Voelker,et al.  Can you infect me now?: malware propagation in mobile phone networks , 2007, WORM '07.