Grant awarded to improve the security of mobile devices and cellular networks

Nov 10, 2009
With a new grant, Georgia Tech computer scientists Jonathon Giffin (left) and Patrick Traynor are developing cell phone remote repair methods, which will allow service providers to assist in cleaning infected devices. Credit: Georgia Tech Photo: Gary Meek

Smart phones -- like BlackBerrys and iPhones -- have become indispensable to today's highly mobile workforce and tech-savvy youngsters. While these devices keep friends and colleagues just a few thumb-taps away, they also pose new security and privacy risks.

"Traditional cell phones have been ignored by attackers because they were specialty devices, but the new phones available today are handheld computers that are able to send and receive e-mail, surf the Internet, store documents and remotely access data -- all actions that make them vulnerable to a wide range of attacks," said Patrick Traynor, assistant professor in the School of Computer Science at the Georgia Institute of Technology.

Traynor and Jonathon Giffin, also an assistant professor in the School of Computer Science, recently received a three-year $450,000 grant from the National Science Foundation to develop tools that improve the of mobile devices and the on which they operate. These Georgia Tech faculty, together with a team of graduate students, are developing methods of identifying and remotely repairing mobile devices that may be infected with viruses or other malware.

Malware can potentially eavesdrop on user input or otherwise steal sensitive information, destroy stored information, or disable a device. Attackers may snoop on passwords for online accounts, electronic documents, e-mails that discuss sensitive topics, calendar and phonebook entries, and audio and video media.

"Since mobile phones typically lack security features found on desktop computers, such as antivirus software, we need to accept that the mobile devices will ultimately be successfully attacked. Therefore our research focus is to develop effective attack recovery strategies," explained Giffin.

The researchers plan to investigate whether cellular service providers -- such as AT&T and Verizon Wireless -- are capable of detecting infected devices on their respective networks. Since infected devices often begin to over-utilize the network by sending a high volume of traffic to a known malicious Internet server or by suddenly generating a high volume of text messages, monitoring traffic patterns on the network should allow these infected phones to be located, according to the researchers.

"While a single user might realize that a phone is behaving differently, that person probably won't know why. But a cell phone provider may see a thousand devices behaving in the same way and have the ability to do something about it," said Traynor.

Once infected devices are located, those phones will need to be cleared of the malicious code. To accomplish this, the researchers are developing remote repair methods, which will allow service providers to assist in the cleaning of infected devices without requiring that the phones be brought to a service center. The methods will also have to work without much effort on the part of the customer.

This repair may require disabling some functionality on the phone, such as the ability to use downloaded programs, until the malicious program is located and removed. While the repair is underway, phone calling and text messaging functionality would continue to operate.

"Using this remote repair strategy, the service provider no longer has to completely disable a phone. Instead they just put the device into a safe, but reduced, mode until the malware can be removed," said Giffin.

To assess their proposed methods of finding and repairing infected , the researchers plan to build a cellular network test bed at Georgia Tech that will simulate how cellular devices communicate over a network.

"We hope that developing these attack recovery strategies will let potential mobile phone and network attackers know that these response mechanisms are in place, ultimately making their attacks far less widespread or successful," said Traynor.

Source: Georgia Institute of Technology

Explore further: Putting net neutrality in context

add to favorites email to friend print save as pdf

Related Stories

Wireless World: Industry mum on attacks

Oct 14, 2005

Who do most IT professionals call when there has been a breach of security -- an attack by hackers seeking to steal information from mobile phones and personal digital assistants? Is it the FBI or the CIA or the NSA or the ...

Wireless World: A looming 'cell hell'

Jul 14, 2006

You may have left it in the back seat of the cab. Or in the booth at the restaurant at lunch. Or even at your client's office. Whatever the case may be, it is likely that you lost your mobile phone last year. Research shows ...

U r pwned: text messaging paves way for hacking

Jul 30, 2009

(AP) -- Getting a text message is akin to someone sliding a piece of mail under your door: You may not have asked for it, you can't stop its delivery and you have to deal with it whether you want to or not.

Trend Micro Offers New Mobile Security

Dec 06, 2004

Trend Micro, Inc., a leader in network antivirus and Internet content security software and services, today announced the availability of Trend Micro Mobile Security, providing antivirus and anti-spam protection for SMS messaging ...

Recommended for you

Putting net neutrality in context

Feb 27, 2015

After much litigation, public demonstration and deliberation, the US Federal Communications Commission (FCC) voted 3 to 2 to adopt open internet rules. While the substantive details of the decision are not yet known, the rules ...

Key facts on US 'open Internet' regulation

Feb 26, 2015

A landmark ruling by the US Federal Communications Commission seeks to enshrine the notion of an "open Internet," or "net neutrality." Here are key points:

FCC allows city-owned Internet providers to expand

Feb 26, 2015

(AP)—People in small communities may get better, cheaper access to the Internet after the Federal Communications Commission ruled Thursday that city-owned broadband services can expand into areas overlooked by commercial ...

Regulators move to toughen Internet provider rules

Feb 26, 2015

(AP)—Internet service providers like Comcast, Verizon, AT&T, Sprint and T-Mobile would have to act in the "public interest" when providing a mobile connection to your home or phone, under new rules being ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.