Malware that attacks mobile phones and other handheld devices has been the Next Big Threat for most of the last decade. And much like the Year of PKI, it’s never really materialized. Security experts have postulated that this is mainly because there’s not enough valuable data on these devices to attract the money-motivated attackers. But a new paper, “Understanding the Spreading Patterns of Mobile Phone Viruses,” from a group of scientists shows that the barriers are more likely market saturation and geography.
Until very recently, even the most advanced smartphones and handheld devices didn’t have the kind of storage capacity or connectivity options to make them attractive targets for malware authors. With the advent of WiFi- and Bluetooth-enabled devices such as the iPhone, Windows Mobile phones and others that also have enough internal storage to handle PowerPoints and other large files, those hurdles have been cleared. Now comes a theory from a group of scientists from Northeastern University with backgrounds in biology, medicine, computer science and physics on why we still haven’t seen the appearance of a massive mobile virus on the scale of Blaster or Code Red.
To completely oversimplify their findings, it comes down to the lack of a dominant mobile operating system and the fact that people move around a lot. In the paper, “Understanding the Spreading Patterns of Mobile Phone Viruses,” the authors explain that once a single mobile OS reaches a “phase transition point,” we’ll likely see a serious mobile malware problem.
“We find that while Bluetooth viruses can reach all susceptible handsets with time, they spread slowly due to human mobility, offering ample opportunities to deploy antiviral software. In contrast, viruses utilizing multimedia messaging services could infect all users in hours, but currently a phase transition on the underlying call graph limits them to only a small
fraction of the susceptible users,” they write.
The paper, written by Pu Wang, Marta C. Gonzalez, Cesar A. Hidalgo and Albert-Laszlo Barabasi of Northeastern University’s Center for Complex Network Research, is not the kind of scare mongering we’ve seen for years on the mobile threat. Instead, it’s a well-written scholarly look at why malware hasn’t made the leap to the mobile world yet. The authors focus on two distinct types of mobile malware: Bluetooth viruses and MMS viruses. Each has its own spreading charactersitics and requirements, with Bluetooth malware having the higher potential for spreading quickly and MMS viruses being more likely to spread widely.
Right now, smartphones hold less than five percent of the worldwide mobile phone market, and of that number, the market share is splintered among Symbian, PalmOS, Windows Mobile and other platforms. This has made it not only impractical but highly unprofitable for attackers to write malware specifically for such a niche attack surface. If you’re an attacker looking to get your malware on as many devices as possible, smaprtphones are not a smart bet.
A Bluetooth virus, for example, is highly likely to eventually find all of the potentially vulnerable handsets, thanks to the travel patterns of the handset owners, the authors found. However, because there’s no dominant OS, any virus would be limited by the market share of the platform it attacks.
“We find that while a Bluetooth virus can reach the full susceptible user base, its spread is slowed by human mobility, offering ample time for developing and deploying countermeasures. In contrast, MMS viruses can reach most susceptible users within hours. Their spread is limited, however, by the market share driven phase transition that fragments the underlying call graph, allowing us to predict that no major virus breakout is expected for OS with market share under the critical point associated with the user base,” they write. “Therefore, the current lack of major mobile virus outbreak can not be attributed to the absence of effective mobile viruses, but it is mainly rooted in the fragmentation of the call graph. Given, however, the rapid growth in the number of smartphones and the increasing market share of a few OS, it is not unconcievable that the phase transition point will be reached in the near future, raising the possibility of major viral outbreaks.”