Georgia Tech Researchers Attack Cell Phone Malware

• By Dian Schaffhauser
• 11/16/09

Georgia Institute of Technology has received grant money to improve the security of mobile devices and the telecommunications networks on which they operate. A research team has begun developing methods of identifying and remotely repairing mobile devices that may be infected with viruses or other malware.

Assistant Professors Patrick Traynor and Jonathon Giffin in the School of Computer Science have received a three-year, $450,000 grant from the National Science Foundation to investigate whether cell service providers can detect infected devices on their respective networks. The researchers say that since infected devices often begin to over-use the network by sending a high volume of traffic to a known malicious Internet server or by suddenly generating a high volume of text messages, monitoring traffic patterns on the network should allow these infected phones to be located.

"Traditional cell phones have been ignored by attackers because they were specialty devices, but the new phones available today are handheld computers that are able to send and receive e-mail, surf the Internet, store documents and remotely access data--all actions that make them vulnerable to a wide range of attacks," said Traynor.

According to a campus write-up by Abby Vogel, malware on mobile devices can eavesdrop on user input, steal sensitive information, destroy stored information, or disable a device.

"Since mobile phones typically lack security features found on desktop computers, such as antivirus software, we need to accept that the mobile devices will ultimately be successfully attacked," said Giffin. "Therefore our research focus is to develop effective attack recovery strategies."

Once infected phones are identified, they'll need to be cleared of the malicious code. To that end, the researchers are developing basic mechanisms for remote repair methods, which will allow service providers to assist in the cleaning of infected devices without requiring that the phones be brought to a service center.

According to the team, this type of repair might require disabling certain functionality on the phone, such as the ability to use downloaded programs, until the malware is removed. But even while the repair is underway, phone calling and text messaging functionality would continue to operate.

"Using this remote repair strategy, the service provider no longer has to completely disable a phone," Giffin explained. "Instead they just put the device into a safe, but reduced, mode until the malware can be removed."

According the grant description, the researchers will build a cell network test bed with Alcatel-Lucent IMS products at the university to simulate how phones communicate over a network.

"We hope that developing these attack recovery strategies will let potential mobile phone and network attackers know that these response mechanisms are in place, ultimately making their attacks far less widespread or successful," said Traynor.