An Overview of Mobile Devices Security Issues and
Countermeasures
Ting Zhao, Gang Zhang, Lei Zhang
*
School of Computer Science and Technology, Tianjin University
Tianjin, China
E-mail: zhaoting@tju.edu.cn, gzhang@tju.edu.cn, lzhang@tju.edu.cn
*
Abstract—Mobile security draws more attention while the mobile
device gains its popularity. Malwares just like viruses, botnet and
worms, become concerns since the frequently leakage of personal
information. This paper investigates malicious attacks through
Bluetooth and malwares in different operating systems of mobile
devices such as Blackberry OS, iOS, Android OS and Windows
Phone. Besides, countermeasures of vulnerability are also
discussed to protect the security and privacy of mobile devices.
Keywords-mobile security; information leakage; malware;
malicious attack; countmeasures
I. INTRODUCTION
In today’s world, mobile phones are not simply for calling
and sending information. They can be treated as a personal
computer, video camera, portable media player, GPS, and more.
Variety of functions naturally leads to sophisticated internal
constructs in mobile devices, and at the same time makes them
more vulnerable to bugs. Viruses, worms, and other malwares
are always danger since they can steal information and render
devices useless. Besides, as the mobile devices can be
connected to other equipments through Bluetooth or USB
interface, the presence of one phone carrying virus can become
a threaten to the safety of other mobile devices.
To tackle the security issues, we have to understand
different concepts of security. As defined by [1], malware is a
software designed to infiltrate a computer system without the
owner's informed consent. The expression is a general term
first used by computer professionals, referring to various forms
of hostile, intrusive, or annoying software or program codes.
When applying the term to mobile devices, it essentially refers
to the same thing, but is harder to tackle. There are many
different operating systems, and each one owns diverse
functionality, so it is hard to develop powerful antivirus
software running on all types of operating systems to resist
kinds of viruses. It once has been thought that the high level of
complexity a virus achieves can embarrass itself from creating
a large number of viruses. This misguided security ignorance
once resulted in fundamental security risks for the operating
systems.
II. H
ISTORY
As mentioned in [2], Cabir, a computer worm developed in
2004 is designed to infect mobile phones running in the
Symbian operating system [3]. It is believed to be the first
worm that infected mobile phones. When a phone is infected
by Cabir, the message “Caribe” is shown on the phone's display,
and will appear every time the phone is turned on. Through
Bluetooth technology, the worm then attempts to infect other
phones. The worm was not sent out into the wild, but sent
directly to anti-virus firms who believed Cabir in its current
state was harmless to mobile phones. The worm was developed
by a group of international hackers who call themselves 29A.
They created a “proof of concept” worm in order to catch
attention. The worm can attack and replicate on Bluetooth
enabled Series 60 phones that support the "Object Push Profile".
It can also infect non-Symbian phones, desktop computers and
even printers.
Even though the Cabir is credited as the first mobile device
virus, it was only regarded as a concept virus. All the virus did
was just to show that a virus could be created based on the
Symbian OS. The virus appearance spurs the developers of the
operating system, so the security level of the operating system
can be improved. Unfortunately, the source virus codes were
leaked into the Internet. Once being deliberately modified, it
can lead the virus more malicious than originally intended.
About a month after the cabir worm struck, the next mobile
virus, called “Duts” appeared. Duts was the first virus for the
windows CE platform, and the first file infector for mobile
devices. The Duts virus would infect the executables in the root
directory of the device if the user unconsciously permitted.
Soon after Duts, the Brador virus came out. The Brador virus
was the first backdoor virus for mobile devices. Backdoor is an
open port which waiting a remote host to connect to itself. So
the viruses can get into the system through the backdoor
without being discovered.
After the Brador virus, there were a large number of viruses
for the Symbian OS, most of which are Trojans. The reason
why so many Trojans appear is that the operating system
allows the unlimited download of games and other programs.
During the loading process, related codes were altered to
include the virus that will change customizations on the phone,
and render it useless.
In 2009, Kaspersky Lab announced that the first malicious
program, named Trojan-SMS. AndroidOS FakePlayer, had
been detected for smart phones running on Google’s Android
OS, and had already infected a number of mobile devices. The
new malicious program penetrates smart phones running
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
437
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
437
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
438
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
439
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
439
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
439
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
439
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
439
2014 International Conference on Wireless Communication and Sensor Network
978-1-4799-7091-9/14 $31.00 © 2014 IEEE
DOI 10.1109/WCSN.2014.95
439