Understanding the spread of malicious mobile-phone programs and their damage potential

Abstract

The fast growing market for smart phones coupled with their almost constant on-line presence makes these devices the new targets of malicious code (virus) writers. To aggravate the issue, the security level of these devices is far below the state-of-the art of what is used in personal computers. It has been recently found that the topological spread of multimedia message service (MMS) viruses is highly restricted by the underlying fragmentation of the call graph—the term topological here refers to the explicit use of the call graph topology to find vulnerable phones. In this paper, we study MMS viruses under another type of spreading behavior that locates vulnerable phones by generating a random list of numbers to be contacted, generally referred to as scanning. We find that hybrid MMS viruses including some level of scanning are more dangerous to the mobile community than their standard topological counterparts. Interestingly, this paper shows that the topological and scanning behaviors of MMS viruses can be more damaging in high and low market share cases, respectively. The results also show that given sufficient time, sophisticated viruses may infect a large fraction of susceptible phones without being detected. Fortunately, with the improvement of phone providers’ monitoring ability and the timely installations of patches on infected phones, one can contain the spread of MMS viruses. Our findings lead to a better understanding on how one could prevent the spread of mobile-phone viruses even in light of new behaviors such as scanning.