Mobile botnet attack prediction

There is an interesting prediction on the Freedom to Tinker blog by Timothy B Lee.

2011 will see the outbreak of the first massive botnet/malware that attacks smartphones, most likely iPhone or Android models running older software than the latest and greatest. If Android is the target, it will lead to aggressive finger-pointing, particularly given how many users are presently running Android software that’s a year or more behind Google’s latest—a trend that will continue in 2011.

I think this is possible but unlikely, the reasoning is that while there are many smartphones, there is not the monoculture that fuelled botnets on the wired internet. The chance of one infected phone being able to find a nearby phone that it can spread to is much less that the similarly infected Windows PC.

If the exploit applies to a specific variant, (say release Android 2.1) then it will need to find a similar phone by probing nearby IP addresses. If these phones make up say 30% of the user base (I’m being very generous here) and say 50% of the IPs probed are active and connected means that 1 about 7 probes could hit a target.

Firstly I think users are going to notice fairly quickly the increase in data usage, battery life, phone temperature, or slowness of other applications.

Networks will filter these connections pretty quickly, because network bandwidth is a prized commodity in the air interface. They have the monitoring and filtering equipment in the major markets, in the minor markets data pricing means that many users have this switched off unless they actually need it.

Google, Apple and others control the platforms and have remote deletion capabilities in these devices, so this sort of malware could be quickly removed by these companies taking action, and no user or network operator consultation would need to happen. Meaning that the malware would be eradicated very quickly.

The last factor mitigation this is that mobiles are built on Linux, and other Unix variants (BSD for the iPhone) and remote triggered compromise of these systems is much harder that even today’s windows boxes.

There is no room for complacency, but this one wont happen.


One Response to Mobile botnet attack prediction

  1. Rakkhi says:

    Some good points on discovery and shutdown but the spreading doesn’t necessarily require Infected phones to find peers by ip address. There are many ways it could spread:
    SMS all contacts on phone
    Redirect browser on launch to infected site
    post link as exploited user on connected social networking sites

    Android is probably the most vulnerable as android patches take a long time to roll out due to carrier customizations. Apple isn’t great at patching security bugs but iOs owners at least upgrade faster and more consistently

    The uses of a smartphone bot net would also be interesting. Presumably they would be less useful for ddos but maybe SMS spam? Some new business models may even emerge.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: