Slashdot Mirror

← Back to Stories (view on slashdot.org)

Making Carriers Shoulder Smartphone Security

Posted by timothy on from the wait-for-per-byte-malware-removal-fee dept.

alphadogg writes "Georgia Tech researchers have received a $450,000 NSF grant to boost security of iPhones, BlackBerries and other smartphones and the wireless networks on which they run. And it's those networks where the researchers are really zeroing in. The researchers are looking into ways wireless carriers such as AT&T and Verizon can detect malware on devices and clean up the devices before they do further damage. 'While a single user might realize that a phone is behaving differently, that person probably won't know why,' says Patrick Traynor, assistant professor at Georgia Tech’s School of Computer Science. 'But a cell phone provider may see a thousand devices behaving in the same way and have the ability to do something about it.' Georgia Tech is going to build out a cellular network test bed to try out its remote repair techniques."

15 of 57 comments (clear)

  1. Anyone else have a bad feeling about this? by rolfwind · · Score: 5, Insightful

    The researchers are looking into ways wireless carriers such as AT&T and Verizon can detect malware on devices and clean up the devices before they do further damage.

    Last time a company had access to the contents of a device (Amazon -> Kindle), they caused a really big uproar.

    1. Re:Anyone else have a bad feeling about this? by XPeter · · Score: 2, Informative

      T-Mobile -> Sidekick is another failed example.

      --
      "The difference between genius and stupidity is that genius has it's limits" - Albert Einstein
    2. Re:Anyone else have a bad feeling about this? by nine-times · · Score: 4, Insightful

      Yeah, it seems like it has to be a fine line. Like what gets defined as "malware"? Anything that uses more bandwidth than the carrier likes?

      It reminds me slightly of broadband providers blocking port 25 in order to prevent spam. I don't mind that as a concept, but if so they should be willing to open it on request without too much of a hassle. Charging an extra $15 a month to open it seems like they're not really trying to cut down on spam, but rather trying to milk their customers by charging for things that really should come free with access.

    3. Re:Anyone else have a bad feeling about this? by Anonymous Coward · · Score: 3, Insightful

      I am leery of giving unfettered regulatory power to a gatekeeper that has obvious financial interests to act in a manner that conflicts with my own:

      No, I dont run spam botnets, nor do I write malware; however, what about people that write SSH proxies to bypass walled garden policies on their devices? If the verbiage of the "agreement" about malware is poorly written, this useful software could (and likely would) be classified as "Malware", and systematically removed from connected devices.

      I would settle for the following scenario though:

      $Telco detects that I have $Malware installed on $Device. They call me on either my landline or my cell, and inform me of the infection-- THEN-- OFFER to remove it for me.

      Depending on my decision, they remove it remotely, or they don't remove it.

      This way, the control of what is running on my phone is still ultimately MY decision as the consumer, and is not the authority of an outside and financially motivated regulator.

  2. Contract addendums by Anonymous Coward · · Score: 2, Insightful

    Next, they'll add into their contracts: 'Costumer does not own their phone. We reserve the right to make whatever changes to the device we deem acceptable. Any and all changes made that cause injury or loss of use of the device are not cause for release from this contract.'

    1. Re:Contract addendums by peragrin · · Score: 4, Funny

      you forgot all contacts entered into this phone are open to our marketing department. all photos taken can be used by the carrier for advertisements. all calls made will be recored to insure "quality" control

      --
      i thought once I was found, but it was only a dream.
  3. signs your smartphone's been p0wned by girlintraining · · Score: 4, Funny

    Upon turning on your phone, it demands a cookie.

    Your phone tells you it needs antivirus installed.

    Hold music is replaced by a twisted AI that sings about cake and says it's okay if you want to leave (a message). ...

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:signs your smartphone's been p0wned by highbulp · · Score: 4, Funny

      Upon turning on your phone, it demands a cookie.

      And if you give your phone a cookie, it's going to ask for a glass of milk. One thing will lead to another, and soon it will want your social security number.

  4. Oh great by the_Bionic_lemming · · Score: 5, Interesting

    So they are going to deploy the ability to remotely update the users device. Because the bad guys will never figure out how the company does it. I can see it now. An entire carriers smart cell line bricked by a remote exploit that updates phones.

    --
    _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  5. Bitpipe by BodeNGE · · Score: 5, Insightful
    Wireless Internet Providers are just that, ISP's. They should have the same level of monitoring and control of the sites I surf and the applications I run as a terrestrial ISP, ie NONE. I can see that they would welcome this move, it helps them disguise the fact that they have become dumb bitpipes and are losing money on value added services.

    In the corporate space however there are device management solutions available for Windows Mobile, Blackberry and Symbian that have seldom been rolled out at carrier level. These can lock down devices so that malware cannot be installed, and unauthorized applications removed. I cannot see that working as a consumer proposition, it really doesn't work well at the corporate level either. importantly these solutions are all at the IP layer (dumb bitpipe) and don't care how the device connects to the management server. ActiveSync, WiFi, cellular connection (and yes, via SMS too) will all trigger a wiped device or an app uninstall.

    Nothing to do with telcos. Move along.

  6. Why is the NSF? by joocemann · · Score: 4, Insightful

    Spending money to facilitate better service for these private businesses who have not only made billions from customers, but took billions of tax dollars and screwed us as citizens.

    NSF should not be paying a cent for this. The issues need to become prominent enough for the customers to demand better products from the oligopoly of telcos.

    1. Re:Why is the NSF? by OctoberSky · · Score: 2, Insightful

      Spending money to facilitate better service for these private businesses who have not only made billions from customers, but took billions of tax dollars and screwed us as citizens.

      NSF should not be paying a cent for this. The issues need to become prominent enough for the customers to demand better products from the oligopoly of telcos.

      I'm usually quite on board with the government not paying money to help businesses further their own causes, but there are exceptions to every rule.

      This should be seen as acceptable, just like it's seen as acceptable for the government to pay for the NHSTA to crash cars to test them. Those tests are given back to the manufacturers to make... wait for it... better cars. Sure it helps the manufacturers, but more importantly it helps the consumer, or more important to the governments cause, the citizenry.

      No government can safely doll out money and not expect it to get back into the pockets of big business somewhere down stream in commerce. To think so is asinine (and I'm not suggesting that's what your suggesting). But there has to be exceptions, and this one, I think falls under such exceptions.

  7. Re:Not a big issue... by bertoelcon · · Score: 3, Insightful

    Because Apple checks all programs for the iPhone, no bad programming can ever get through.

    You in the market for a bridge in the Brooklyn area?

    --
    Anything can be found funny, from a certain point of view.
  8. Re:Not a big issue... by socsoc · · Score: 2, Informative

    no bad programming can ever get through

    You realize that Apple doesn't vet the programming and there have been approved apps that later got revoked or the ire of the community for being shady?

  9. Mobile devices are the same as your computer! by Anonymous Coward · · Score: 2, Insightful

    Seriously, how many people think it's a good idea to let your ISP into your computer. Controlling it, installing/removing software, etc. Nobody would stand for that.

    Mobile devices are not that different. They are still your personal computer and nobody should be screwing with it unless you explicitly allow it.

    Now the phone company is certainly within their rights to degrade or isolate malfunctioning devices on their network but they better be doing that at the network level and not actually touch your device. They also better not completely disconnect a device just because it's malfunctioning. People's lives can depend on a phone working. In the case of a virus infected or otherwise malfunctioning device they could isolate its functionality on the network so that it can only be used with certain critical functions.