ATLANTA - November 10 2009 - Smart phones -- like BlackBerrys and iPhones -- have becomeindispensable to today's highly mobile workforce and tech-savvyyoungsters. While these devices keep friends and colleagues just a fewthumb-taps away, they also pose new security and privacy risks.

"Traditional cell phones have been ignored by attackers because theywere specialty devices, but the new phones available today are handheldcomputers that are able to send and receive e-mail, surf the Internet,store documents and remotely access data -- all actions that make themvulnerable to a wide range of attacks," said Patrick Traynor, assistantprofessor in the School of Computer Science at the Georgia Institute ofTechnology.

Traynor and Jonathon Giffin, also an assistant professor in theSchool of Computer Science, recently received a three-year $450,000grant from the National Science Foundation to develop tools thatimprove the security of mobile devices and the telecommunicationsnetworks on which they operate. These Georgia Tech faculty, togetherwith a team of graduate students, are developing methods of identifyingand remotely repairing mobile devices that may be infected with virusesor other malware.

Malware can potentially eavesdrop on user input or otherwise stealsensitive information, destroy stored information, or disable a device.Attackers may snoop on passwords for online accounts, electronicdocuments, e-mails that discuss sensitive topics, calendar andphonebook entries, and audio and video media.

"Since mobile phones typically lack security features found ondesktop computers, such as antivirus software, we need to accept thatthe mobile devices will ultimately be successfully attacked. Thereforeour research focus is to develop effective attack recovery strategies,"explained Giffin.

The researchers plan to investigate whether cellular serviceproviders -- such as AT&T and Verizon Wireless -- are capable ofdetecting infected devices on their respective networks. Since infecteddevices often begin to over-utilize the network by sending a highvolume of traffic to a known malicious Internet server or by suddenlygenerating a high volume of text messages, monitoring traffic patternson the network should allow these infected phones to be located,according to the researchers.

"While a single user might realize that a phone is behavingdifferently, that person probably won't know why. But a cell phoneprovider may see a thousand devices behaving in the same way and havethe ability to do something about it," said Traynor.

Once infected devices are located, those phones will need to becleared of the malicious code. To accomplish this, the researchers aredeveloping remote repair methods, which will allow service providers toassist in the cleaning of infected devices without requiring that thephones be brought to a service center. The methods will also have towork without much effort on the part of the customer.

This repair may require disabling some functionality on the phone,such as the ability to use downloaded programs, until the maliciousprogram is located and removed. While the repair is underway, phonecalling and text messaging functionality would continue to operate.

"Using this remote repair strategy, the service provider no longerhas to completely disable a phone. Instead they just put the deviceinto a safe, but reduced, mode until the malware can be removed," saidGiffin.

To assess their proposed methods of finding andrepairing infected mobile devices, the researchers plan to build acellular network test bed at Georgia Tech that will simulate howcellular devices communicate over a network.

"We hope thatdeveloping these attack recovery strategies will let potential mobilephone and network attackers know that these response mechanisms are inplace, ultimately making their attacks far less widespread orsuccessful," said Traynor.

This material is based upon work supported by the NationalScience Foundation (NSF) under Award No. CNS-0916047. Any opinions,findings, conclusions or recommendations expressed in this publicationare those of the researcher and do not necessarily reflect the views ofthe NSF.

###

Research News & Publications Office

Georgia Institute of Technology

75 Fifth Street, N.W., Suite 100

Atlanta, Georgia 30308 USA

MediaRelations Contacts: Abby Vogel (404-385-3364); E-mail:(avogel@gatech.edu) or John Toon (404-894-6986); E-mail:(jtoon@gatech.edu).

Writer: Abby Vogel