Slashdot Mirror
Pinning Down the Spread of Cell Phone Viruses
walrabbit writes "Wang et al (2009) (from Albert-László Barabási's lab) modeled the spread of mobile phone viruses based on anonymised call and text logs of 6.2 million customers spread over 10,000 towers. Their simulations shows that the spread is dependent on the market share of a particular handset, human mobility and mode of spread: bluetooth or MMS or hybrid. 'We find that while Bluetooth viruses can
reach all susceptible handsets with time, they spread slowly due to human mobility, offering ample
opportunities to deploy antiviral software. In contrast, viruses utilizing multimedia messaging services could
infect all users in hours, but currently a phase transition on the underlying call graph limits them to only a small
fraction of the susceptible users. These results explain the lack of a major mobile virus breakout so far and predict
that once a mobile operating system's market share reaches the phase transition point, viruses will pose a
serious threat to mobile communications.' You can read the full text (PDF) and supporting online information (PDF) (with interesting modelling data and diagrams)."
(Also summed up in a short article at CBC.)
... I use the old fashioned method of communication.
And don't share your phone promiscuously!
Abstinence is the way - don't use cell phones!
I was having this debate with someone the other night who believes that in 3 - 5 years every phone will be android. Personally I was arguing that Blackberry in the business world is pretty hard to beat and the iPhone has a sizable lead. But people tend to trade in their personal phones every couple years. Businesses usually get married to a platform and it's harder to move them away. Especially if they have invested in any applications.
I know Apple gets flamed a lot around here by people for not being open enough and forcing developers to release apps through the app store, but I've seen it as an attempt to delay and try to prevent malware on the iPhone. Personally that's one reason why I am uncool in the geek world and don't jailbreak mine. I know I've bitched about the bluetooth stack being locked down on the iPhone. I'd love to connect a freaking wireless keyboard to it sometimes. But at the same time, I see Apple's position on controlling the gateway beyond them "being evil locking people in".
You have the people harping on how cool Android will be because one won't "be locked into one app store" etc.. But in the back of my mind that just increases the risk of someone downloading some "Cool free app" that happens to be a malware app. It only has to happen a few times before the reputation gets out there. And it will happen because people see pops ups now that say, "Hey you have mal ware, down load our malware cleaner." And then they click and install nothing but malware.
And I think it is much more likely given how I've seen people use their phones on such a spur of a moment basis. The number of times I've seen people just be browsing and buy/download a ringtone or app on the spur of the moment. Especially if they are at a club and have already had a few to drink and aren't thinking. (I have to take away certain people's iphones when we go out to keep them from doing anything stupid).
Either way, I dread the day that we have to run anti-virus on our phones.
It also makes me think there are still reasons to keep the trusty old land line around.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
The fact that we've yet to see a large mobile phone virus outbreak is wonderful proof that, (in many cases) shoddy coding, idiotic users, dodgy design methods and ample methods of communication between devices and "the wider world" does not automatically imply "virus city".
The distributed and diverse nature of the mobile OS market means that there have never been (to my knowledge) any large infections on the scale of Blaster or so forth, and yet many (popular!) phones that I've used have had simply *awful* OSes, with known security risks, monolithic kernels, and a wide install base. Such are the benefits of not having a monopoly!
Perhaps if Microsoft were the power it wants to be in the mobile market, we'd be far more familiar with large-scale infections of mobiles. I'm bloody glad it isn't -- MMS messages are down-right extortionate!
My UID is prime. Is yours?
Currently, there are a ton of mobile phone platforms, unlike the desktop. This keeps the number of viruses down, secondly, most phones run slightly modified versions of the OS, not plain versions making exploiting the same hole difficult in the large scheme of things. So as long as a vendor doesn't dominate the Mobile OS market (and with Windows Mobile, Android, Symbian and iPhone OS all going to want to stay in business, it won't) I don't see viruses as being a problem at all.
Taxation is legalized theft, no more, no less.
Wouldn't reversing polarity on the flux capacitor and diverting all power to the medical/av deflector prevent the spread of a virus?
rewriting history since 2109
...when the iPhone's marketshare reaches the kind of threshold this article talks about that results in it being the most popular target for spreading malicious code. Because the irony will be lost on a lot of people here.
Great, first they make me pay for incoming texts, I wonder how much it'll cost to catch a virus? I'm guessing $1 for receiving it, $1 for each message the virus sent, then another $50 to remove the virus. Of course, 3rd party repairs on the phone are prohibited by the contract, so they've got all the motivation they need to do absolutely nothing to stop viruses.
War as we knew it was obsolete
Nothing could beat complete denial
- Emily Haines
So far, none of the MMS messages I have sent has ever been recieved, so Viruses are probably held back by the lack of compatibility between networks/handsets. As MMS will be dead in less than a year because e-mail does the same job for free, I dont see this as a major issue.
Sent from my ASR33 using ASCII
There's something important hidden in his data. The fact that mesh networks have issues they'll need to work out before they become viable. Substitute "valuable date" for "virus" and you'll understand.
sounds like a buzzword to me...
Right now, the Smart Phone is too fragmented, and so there is no "giant component" of cell-phone users with the same OS who are connected to each other. This, and not technical limitations, is the reason why there have not been any cell-phone virus breakouts.
However, we're getting pretty close to that point, and once a certain threshold is met, there will be a sudden "phase transition", and giant components will form.
It's "n'est-ce pas?".
Word for word, that is "is it not?". Figuratively, it's the equivalent of "No?". The "ce", or "it", is usually silent.
I know Apple gets flamed a lot around here by people for not being open enough and forcing developers to release apps through the app store, but I've seen it as an attempt to delay and try to prevent malware on the iPhone.
Really, I doubt that malware prevention is even on Apple's list of reasons for marshaling application development through its App Store. If it is, it's waaaay down the list. It is a marketing decision the way Nintendo exhibited tight control over who published games for the NES, or the way the iPod and iTunes service are tightly integrated and interoperability severely restricted.
Apple's App Store is about image and "synergies" and lock-in and creating a captive market. That is all. Not only does it not prevent malware, it in fact makes it a potentially far more serious problem, because it deliberately creates a monoculture ecosystem. Here are some points to consider:
* Viruses are not limited to platform/os--applications themselves can exhibit unintended vulnerabilities. An iPhone worm (or any mobile malware) isn't likely to be an application--it is more likely to be some malformed message/data packet/URL/etc that has nothing to do with qualifying for distribution via the App store, and more likely than not it will use an exploit in an app than in the iPhone OS as the quality of code in apps is more variable.
* The app store limits choice in apps, so each app is likely to have more market share, providing incentive for malware authors in the form of increased potential exposure.
* Apps in the app store are not vetted for security first and foremost--though I'm sure code quality is a factor, content is first and foremost--if it looks "cool" and is inoffensive and doesn't interfere with Apple's business strategies it can go on the app store over "less cool" alternatives that are more secure.
The app store might prevent most malicious apps from getting on the iPhone, but it won't protect against any other malware...plus, should Apple's app store ever gain some sort of dominance it presents a potentially extremely serious vulnerability to mobile network security.
Closing up the environment is NEVER the solution and almost inevitably leads to some sort of tragic failure. Why build a walled garden to keep it pretty when the vermin can dig under the wall and the seeds of weeds can blow over it with the wind? It is totally clear that the sole reason there hasn't been a major mobile virus outbreak is solely due to marketplace diversity. Even though that marketplace is full of closed players that is because it is young and fragmented. History has shown that such closed strategies promote the development of a dangerous monoculture.
It's refreshing to see that in this pre-shakeout industry that there are viable open-based alternatives like Andriod (and efforts like OpenMoko and Angstrom) fighting for presence. In the PC industry fragmentation gave way to a monoculture because consumers demanded interoperability and that demand was filled by a closed solution at a time when the modern Free software movement was in its infancy in the halls of academia. Now that inevitable demand for interoperability can be met with numerous diverse but interoperable Free solutions.