Making Carriers Shoulder Smartphone Security

alphadogg writes "Georgia Tech researchers have received a $450,000 NSF grant to boost security of iPhones, BlackBerries and other smartphones and the wireless networks on which they run. And it's those networks where the researchers are really zeroing in. The researchers are looking into ways wireless carriers such as AT&T and Verizon can detect malware on devices and clean up the devices before they do further damage. 'While a single user might realize that a phone is behaving differently, that person probably won't know why,' says Patrick Traynor, assistant professor at Georgia Tech’s School of Computer Science. 'But a cell phone provider may see a thousand devices behaving in the same way and have the ability to do something about it.' Georgia Tech is going to build out a cellular network test bed to try out its remote repair techniques."

Anyone else have a bad feeling about this?

[rolfwind]

The researchers are looking into ways wireless carriers such as AT&T and Verizon can detect malware on devices and clean up the devices before they do further damage.

Last time a company had access to the contents of a device (Amazon -> Kindle), they caused a really big uproar.

Re:Anyone else have a bad feeling about this?

[nine-times]

Yeah, it seems like it has to be a fine line. Like what gets defined as "malware"? Anything that uses more bandwidth than the carrier likes?

It reminds me slightly of broadband providers blocking port 25 in order to prevent spam. I don't mind that as a concept, but if so they should be willing to open it on request without too much of a hassle. Charging an extra $15 a month to open it seems like they're not really trying to cut down on spam, but rather trying to milk their customers by charging for things that really should come free with access.

Re:Anyone else have a bad feeling about this?

I am leery of giving unfettered regulatory power to a gatekeeper that has obvious financial interests to act in a manner that conflicts with my own:

No, I dont run spam botnets, nor do I write malware; however, what about people that write SSH proxies to bypass walled garden policies on their devices? If the verbiage of the "agreement" about malware is poorly written, this useful software could (and likely would) be classified as "Malware", and systematically removed from connected devices.

I would settle for the following scenario though:

$Telco detects that I have $Malware installed on $Device. They call me on either my landline or my cell, and inform me of the infection-- THEN-- OFFER to remove it for me.

Depending on my decision, they remove it remotely, or they don't remove it.

This way, the control of what is running on my phone is still ultimately MY decision as the consumer, and is not the authority of an outside and financially motivated regulator.

signs your smartphone's been p0wned

[girlintraining]

Upon turning on your phone, it demands a cookie.

Your phone tells you it needs antivirus installed.

Hold music is replaced by a twisted AI that sings about cake and says it's okay if you want to leave (a message). ...

Re:signs your smartphone's been p0wned

[highbulp]

Upon turning on your phone, it demands a cookie.

And if you give your phone a cookie, it's going to ask for a glass of milk. One thing will lead to another, and soon it will want your social security number.

Oh great

[the_Bionic_lemming]

So they are going to deploy the ability to remotely update the users device. Because the bad guys will never figure out how the company does it. I can see it now. An entire carriers smart cell line bricked by a remote exploit that updates phones.

Re:Contract addendums

[peragrin]

you forgot all contacts entered into this phone are open to our marketing department. all photos taken can be used by the carrier for advertisements. all calls made will be recored to insure "quality" control

Bitpipe

[BodeNGE]

Wireless Internet Providers are just that, ISP's. They should have the same level of monitoring and control of the sites I surf and the applications I run as a terrestrial ISP, ie NONE. I can see that they would welcome this move, it helps them disguise the fact that they have become dumb bitpipes and are losing money on value added services.

In the corporate space however there are device management solutions available for Windows Mobile, Blackberry and Symbian that have seldom been rolled out at carrier level. These can lock down devices so that malware cannot be installed, and unauthorized applications removed. I cannot see that working as a consumer proposition, it really doesn't work well at the corporate level either. importantly these solutions are all at the IP layer (dumb bitpipe) and don't care how the device connects to the management server. ActiveSync, WiFi, cellular connection (and yes, via SMS too) will all trigger a wiped device or an app uninstall.

Nothing to do with telcos. Move along.

Why is the NSF?

[joocemann]

Spending money to facilitate better service for these private businesses who have not only made billions from customers, but took billions of tax dollars and screwed us as citizens.

NSF should not be paying a cent for this. The issues need to become prominent enough for the customers to demand better products from the oligopoly of telcos.

Re:Not a big issue...

[bertoelcon]

Because Apple checks all programs for the iPhone, no bad programming can ever get through.

You in the market for a bridge in the Brooklyn area?