On Mobile Viruses Exploiting Messaging and Bluetooth Services

Abstract

The exponential growth of mobile messaging worldwide has made it an indispensable tool for social and business interactions. The interoperability between SMS (short messaging service) and IM (instant messaging) networks has enabled mobile users to communicate over the Internet seamlessly. However, the proliferation of cellular phones and handheld devices with messaging capability has also attracted virus writers who increasingly develop malware targeted to mobile handheld devices. The mobile viruses discovered so far have exploited vulnerabilities in Bluetooth to infect a nearby device and then use SMS to spread itself to other devices in the mobile network. This problem is expected to become worse with the growth of MMS (multimedia messaging service), mobile games, mobile commerce and peer-to-peer file-sharing in the near future. We investigate the propagation of mobile worms and viruses that spread primarily via SMS/MMS messages and short-range radio interfaces such as Bluetooth. First, we study these vulnerabilities in-depth so that appropriate malware behavior models can be developed. Next, we study the propagation of a mobile virus similar to Commwarrior in a cellular network using data from a real-life SMS customer network. Each handheld device is modeled as an autonomous mobile agent capable of sending SMS messages to others (via an SMS center), and is capable of discovering other devices equipped with Bluetooth. Since mobile malware targets specific mobile OSs, we consider diversity of deployed software stacks in the network. Our results reveal that hybrid worms that use SMS/MMS and proximity scanning (via Bluetooth) can spread rapidly within a cellular network, making them potential threats in public meeting places such as sports stadiums, train stations, and airports