WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2...

21
WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM Nathaniel Husted Steven Myers Indiana University Monday, April 4, 2011

Transcript of WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2...

Page 1: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A

STORMNathaniel Husted

Steven Myers

Indiana University

Monday, April 4, 2011

Page 2: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

MOBILE TO MOBILE MALWARE

• Bluetooth (Mabir/Cabir/Commwarrior) Vs. MMS (Mabir/Commwarrior)

• Symbian OS -- Dominant Market Share

• Feature Phones -- Dominant Phone Style

Malware Mal

war

e

Malware

BluetoothMMS

Monday, April 4, 2011

Page 3: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

ROADMAP

1. Related Work

2. Feature phones to smartphones: expanded threat surface

3. Requirements for studying malware spread

4. Interesting variables

5. Results

6. Conclusion

Monday, April 4, 2011

Page 4: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

RELATED WORK

• [CARETONNI07] - Analytical model...

• [SU06] - Analytical model...

• [WANG09] - Empirical data but without fine positioning...

• [CHANNAKESHAVA09] - Activity based data but no transmission during mobility...

Monday, April 4, 2011

Page 5: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

FEATURE PHONES TO SMARTPHONES

• Bluetooth to WiFi

• Larger threat surface

• More features

• More complex software

• Always on Internet

• Potential: Jailbroken iPhone’s with default SSH credentials

Google Developer Phonehttp://www.flickr.com/photos/tagzania/3119293948

Monday, April 4, 2011

http://www.flickr.com/photos/tagzania/3119293948
http://www.flickr.com/photos/tagzania/3119293948
Page 6: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

FEATURE PHONES TO SMARTPHONES

• Bluetooth to WiFi

• WiFi devices, when on, are always visible, Bluetooth devices must be discoverable to be visible

• WiFi management traffic is transparent

• WiFi has greater range than common Bluetooth devices

• WiFi has higher speeds

• We assume WiFi is always on

Monday, April 4, 2011

Page 7: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

1. Epidemiological Model

•S-E-I-R Model

•Susceptible

•Exposed

•Infected

•Recovered

LOOKING AT MALWARE SPREAD

5...4...3...2...1...

Exposure ExampleMonday, April 4, 2011

Page 8: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

LOOKING AT MALWARE SPREAD

2. Realistic Mobility Model - UdelModels

• High Spatial Fidelity

• High Temporal Fidelity

• Accurate Population Density

Example UdelModels Simulationhttp://www.udelmodels.eecis.udel.edu/

Monday, April 4, 2011

http://www.udelmodels.eecis.udel
http://www.udelmodels.eecis.udel
Page 9: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

LOOKING AT MALWARE SPREAD

3. Target Geographical Area -- CHICAGO

Population9056

[Landscan]

http://www.udelmodels.eecis.udel.edu/http://seamless.usgs.gov/hro.php

Monday, April 4, 2011

http://www.udelmodels.eecis.udel
http://www.udelmodels.eecis.udel
http://seamless.usgs.gov/hro.php
http://seamless.usgs.gov/hro.php
Page 10: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

LOOKING AT MALWARE SPREAD

• Infection Style: Parallel Vs. Serial

• Parallel -- Many devices targeted and infected all at once.

• Serial -- One device targeted and infected at one time.

• Exposure Time - Viral Spread Speed

• Susceptibility - Different phone hardware/software

• Broadcast Radius - 802.11g vs. 802.11n

Monday, April 4, 2011

Page 11: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

IMPORTANCE OF VIRAL SPREAD SPEED

Infected

Not-Infected

Monday, April 4, 2011

Page 12: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

EXPOSED POPULATIONS

0 5000 10000 150000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time(Seconds)

Frac

tion

of P

opul

atio

n In

fect

ed

Population Infections from 7:00AM − 11:00AM in Chicago

10s(Serial)10s(Parallel)30s(Serial)30s(Parallel)60s(Serial)60s(Parallel)120s(Serial)120s(Parallel)

Constants:Radius: 15m

Susceptibility: 100%Initial Infection: 1%

Monday, April 4, 2011

Page 13: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

IMPORTANCE OF SUSCEPTIBILITY

Infected

Not-Infected

Non-Susceptible

Monday, April 4, 2011

Page 14: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

SUSCEPTIBLE POPULATIONS

0 5000 10000 150000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time(Seconds)

Frac

tion

of P

opul

atio

n In

fect

ed

Population Infections at 7:00AM − 11:00AM in Chicago

5% Susc. (Ser)5% Susc. (Par)10% Susc. (Ser)10% Susc. (Par)25% Susc. (Ser)25% Susc. (Par)50% Susc. (Ser)50% Susc. (Par)75% Susc. (Ser)75% Susc. (Par)100% Susc. (Ser)100% Susc. (Par)

Constants:Radius: 15m

Exposure Time: 30sInitial Infection: 30 People

Monday, April 4, 2011

Page 15: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

IMPORTANCE OF BROADCAST RADIUS

Infected

Not-Infected

Monday, April 4, 2011

Page 16: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

BROADCAST RADIUS

0 5000 10000 150000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time(Seconds)

Frac

tion

of P

opul

atio

n In

fect

ed

Population Infections from 7:00AM − 11:00AM in Chicago

15m (Serial)15m (Parallel)30m (Serial)30m (Parallel)45m (Serial)45m (Parallel)

0 5000 10000 150000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time(Seconds)

Frac

tion

of P

opul

atio

n In

fect

ed

Population Infections from 7:00AM − 11:00AM in Chicago

15m (Serial)15m (Parallel)30m (Serial)30m (Parallel)45m (Serial)45m (Parallel)

100% Susceptible 25% SusceptibleConstants:

Exposure Time: 30sInitial Infection: 1%

Monday, April 4, 2011

Page 17: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

CONCLUSIONS

• Current U.S. city resident densities do not lead to epidemics, even with increased range

• Epidemics in the U.S. will only occur with very high (arguably unrealistic) susceptibility rates

• Parallel spread has little effect

• Mobile-to-mobile epidemics are the least of our worries...

• Privacy violating mobile malware -- Tapsnake

• SoundComber -- http://www.cs.indiana.edu/~kapadia/soundcomber-news.html

• Malware targeting mobile banking -- Mitmo

Monday, April 4, 2011

http://www.cs.indiana.edu/~kapadia/soundcomber-news.html
http://www.cs.indiana.edu/~kapadia/soundcomber-news.html
Page 18: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

QUESTIONS?

Monday, April 4, 2011

Page 19: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

REFERENCES

• [Landscan] http://www.ornl.gov/sci/landscan/(July 2010).

• [CARETONNI07] CARETTONI, L., MERLONI, C., AND ZANERO, S. Studying bluetooth malware propagation: The bluebag project. IEEE Security and Privacy 5, 2 (2007), 17–25.

• [SU06] SU, J., CHAN, K., MIKLAS, A., PO, K., AKHAVAN, A., SAROIU, S., DE LARA, E., AND GOEL, A. A preliminary investigation of worm infections in a bluetooth environment. In Proceedings of the 4th ACMworkshop on Recurring malcode (2006), ACM, p. 16.

• [WANG09] WANG, P., GONZALEZ, M., HIDALGO, C., AND BARABASI, A. Understanding the spreading patterns of mobile phone viruses. Science 324, 5930 (2009), 1071.

• [CHANNAKESHAVA09] CHANNAKESHAVA, K., CHAFEKAR, D., BISSET, K., KUMAR, V., AND MARATHE, M. EpiNet: a simulation framework to study the spread of malware in wireless networks. In Proceedings of the 2nd International Conference on Simulation Tools and Techniques (2009), ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), pp. 1– 10.

Monday, April 4, 2011

http://www.ornl.gov/sci/landscan/
http://www.ornl.gov/sci/landscan/
Page 20: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

SERIAL VS. PARALLEL INFECTIONS

Infected

Not-InfectedDont Walk

Dont Walk

Walk Walk

Monday, April 4, 2011

Page 21: WHY MOBILE TO MOBILE MALWARE WON’T CAUSE A STORM · BROADCAST RADIUS 0 5000 10000 15000 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Time(Seconds) Fraction of Population Infected Population

INFECTED POPULATIONS

0 5000 10000 150000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time(Seconds)

Frac

tion

of P

opul

atio

n In

fect

edPopulation Infections Between 7:00AM−11:00AM in Chicago With Incubation Per. of 30 Seconds

0.01 Initial(Serial)0.01 Initial(Parallel)0.05 Initial(Serial)0.05 Initial(Parallel)0.10 Initial(Serial)0.10 Initial(Parallel)

Monday, April 4, 2011


World Population: 7,244,272,280 (July 2014) Active Mobile Phones: 7,300,000,000 (2014) Unbanked: 2,500,000,000 Unbanked With Mobile Phones: 1,000,000,0000.

World Population: 7,244,272,280 (July 2014) Active Mobile Phones: 7,300,000,000 (2014) Unbanked: 2,500,000,000 Unbanked With Mobile Phones: 1,000,000,0000.

The human element. Population at risk = Static Populations + Mobile populations + Migrants.

The human element. Population at risk = Static Populations + Mobile populations + Migrants.

Effect of Mobile Towers on House Sparrow Population

Effect of Mobile Towers on House Sparrow Population

Mobile Handset Population in Finland 2005-2011momie.comnet.aalto.fi/wp-uploads/Riikonen_Smura_2012...Mobile Handset Population in Finland 2005-2011 MoMIE project report May 15th, 2012

Mobile Handset Population in Finland 2005-2011momie.comnet.aalto.fi/wp-uploads/Riikonen_Smura_2012...Mobile Handset Population in Finland 2005-2011 MoMIE project report May 15th, 2012

MULTI-MOBILE AGENT MULTI-ROBOT SYSTEM Mobile Agent Cloning for Servicing Networked Robots 2 STIGMERGICALLY CONTROLLING A POPULATION OF HETEROGENEOUS MOBILE.

MULTI-MOBILE AGENT MULTI-ROBOT SYSTEM Mobile Agent Cloning for Servicing Networked Robots 2 STIGMERGICALLY CONTROLLING A POPULATION OF HETEROGENEOUS MOBILE.

FOR LEASE HILLTOP SHOPPING CENTER...POPULATION 2020 Estimated Population 0 T 12,352 55,374 111,221 2025 Projected Population 0 T 12,814 57,490 115,181 2010 Census Population 0 T 11,538

FOR LEASE HILLTOP SHOPPING CENTER...POPULATION 2020 Estimated Population 0 T 12,352 55,374 111,221 2025 Projected Population 0 T 12,814 57,490 115,181 2010 Census Population 0 T 11,538

L-2 POPULATION 142 L-2 POPULATION 0 L-2 POPULATION 3 L-2 ...

L-2 POPULATION 142 L-2 POPULATION 0 L-2 POPULATION 3 L-2 ...

Dynamic population mapping using mobile phone data - … · Dynamic population mapping using mobile phone data Pierre Devillea,b,c,1, Catherine Linardc,d,1,2, Samuel Martine, ...

Dynamic population mapping using mobile phone data - … · Dynamic population mapping using mobile phone data Pierre Devillea,b,c,1, Catherine Linardc,d,1,2, Samuel Martine, ...

Securing mobile population for White Hats

Securing mobile population for White Hats

MOBILE IS NOT · Source: Morgan Stanley Research 2.1B Mobile Users . 29.5% Population . 31% US Population . 51% Low Income

MOBILE IS NOT · Source: Morgan Stanley Research 2.1B Mobile Users . 29.5% Population . 31% US Population . 51% Low Income

Mobile Handset Population in Finland 2005-2011

Mobile Handset Population in Finland 2005-2011

Specialized in Ophthalmology...Source: United Nations, World Population Prospects: 2015 Revision Population Aged 65+ 0% 10% 20% 30% 40% 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5

Specialized in Ophthalmology...Source: United Nations, World Population Prospects: 2015 Revision Population Aged 65+ 0% 10% 20% 30% 40% 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5

Mobile Migrant Population Study Suriname-Summary

Mobile Migrant Population Study Suriname-Summary

Improved Response to Disasters and Outbreaks by Tracking ... · Tracking Population Movements with Mobile ... to Disasters and Outbreaks by Tracking Population Movements ... mobile

Improved Response to Disasters and Outbreaks by Tracking ... · Tracking Population Movements with Mobile ... to Disasters and Outbreaks by Tracking Population Movements ... mobile

0 192.168.0.1 /mobile/home.a TOTOLINK - … A3002MU...0 192.168.0.1 /mobile/home.a TOTOLINK - A3002MU V2.O.O 0 192.168.0.1 /mobile/logir TOTO The Smartest Network Device Welcome admin

0 192.168.0.1 /mobile/home.a TOTOLINK - … A3002MU...0 192.168.0.1 /mobile/home.a TOTOLINK - A3002MU V2.O.O 0 192.168.0.1 /mobile/logir TOTO The Smartest Network Device Welcome admin

Mobile Implementation Framework: Deploying Apps for Any Population

Mobile Implementation Framework: Deploying Apps for Any Population

Spatial patterns of fertility 0+population) Stats website .

Spatial patterns of fertility 0+population) Stats website .

0. mobile monday.vn hanoi Mobile or Death 20120503

0. mobile monday.vn hanoi Mobile or Death 20120503

Dynamic population mapping using mobile phone data - ut

Dynamic population mapping using mobile phone data - ut

0 0 0 0 UKOUG Development SIG Paul Chester. 0 0 APEX Mobile.

0 0 0 0 UKOUG Development SIG Paul Chester. 0 0 APEX Mobile.