Abstract
While mobile malware has played a relatively small role compared to the behemoth of desktop malware, the changes both in the capability as well as in the proliferation of the mobile devices will steadily increase the attractiveness of mobile devices as resources to be attacked. The increased usage and connectivity of mobile devices opens up a much larger set of attack vectors to compromise these devices. In this paper, we discuss how the new features of mobile devices opens up the capability to create a new generation of mobile malware which is capable of realistically spreading epidemically on a fully mobile infection vector. We present a prototype of such a mobile malware that uses these features to replicate itself and spread over a mobile device-to-device vector. Using simulations we give quantitative support for the number of mobile devices and conditions needed to for an epidemic spread of mobile malware and present infection scenarios in downtown Chicago. Our results show that the recent growth and market dominance of just a handful of mobile phone companies and the trend towards mobile operating systems monoculture has already created a viable substrate for epidemic mobile malware.