Contemporary mobile devices (cellular phones, wireless and handheld computing devices, etc.) are changing from single function devices to integrated platforms that contain open operating systems (e.g Symbian OS™, Windows® CE, Mobile Linux) and combine voice, data and video. Furthermore, mobile devices are being opened to multiple communication channels (e.g. WiFi, Bluetooth, Cellular, etc.), which further exposes them to external manipulation. These radical changes present a whole set of new opportunities, but at the same time, increase dramatically the device vulnerability to security hacks (e.g. worms, viruses, Trojan Horses, blended threats or otherwise potentially malicious or suspicious software, including any program or file that is harmful to a device, referred to collectively hereinafter as “malware”).
Communicating and messaging facilities of mobile devices may be used as the virus' transport media to infect other devices. Malicious code, once executed on a mobile device, can also use the phone log or phone address book to find new targets.
This problem has been recognized in Prior Art and various systems have been developed to provide a solution, for example:
U.S. Pat. No. 6,842,861 (Cox et al.) discloses a method and system for detecting viruses on handheld computers. The handheld computer is in communication with a computer system having a virus detection program. The method includes reading data from the handheld computer and writing the data at least temporarily to a database on the computer system. The data is scanned for viruses with the virus detection program. The method further includes updating data on the handheld computer based on results of the scanning.
US Patent Application No. 2003/084,321(Tarquini et al.) discloses a mobile device operable in a mobile telecommunications network comprising a memory module for storing data in machine readable format for retrieval and execution by a central processing unit and an operating system operable to execute an intrusion detection application stored in the memory module is provided. A node of a network for managing an intrusion detection system comprising a memory module for storing data in machine readable format for retrieval and execution by a central processing unit and an operating system comprising a network stack comprising a protocol driver and a media access control driver and operable to execute an intrusion protection system management application, the management application operable to receive text-file input defining a network-exploit rule and convert the text-file input into a signature file comprising machine-readable logic representative of an exploit-signature, the node operable to transmit the signature file to a mobile device over a radio frequency link is provided.
US Patent Application No. 2003/084,322 (Schertz et al.) discloses a computer comprising an operating system that controls the computer resources. An intrusion detection system is integrated with the operating system and operable to monitor the computer resources to detect, prevent and report intrusion attempts. An anti-virus system is further integrated with the operating system and operable to detect the presence of at least one virus in the computer resources.
US Patent Application No. 2003/135,749 and US Patent Application No. 2003/159,060 (both by Gales et al.) disclose a method of defining security conditions of a computer system for the purpose of detecting vulnerabilities. The method comprises the steps of specifying an attack representing a recognized vulnerability of the computer system, specifying at least one attribute of the specified attack, specifying at least one policy definition with respect to detecting the vulnerability of the specified attack, specifying at least one attribute of the specified policy definition, and specifying a remedy for the specified vulnerability.
US Patent Application No. 2003/162,575 (Morota et al.) discloses a cellular phone provided with a data transmitter, a detection result receiver and virus management information storage. The data transmitter transmits data to a virus detecting apparatus. The detection result receiver receives as virus management information a result of detection on whether the data transmitted by the data transmitter includes a computer virus. The virus management information storage stores the data and the virus management information about the data in association with each other.
US Patent Application No. 2003/200,460 (Morota et al.) discloses a system for detection of computer viruses in a portable telephone. The server device comprises a pattern data transmission request receiving unit which receives pattern data transmission requests that include the model name of the portable telephone, a pattern data extraction unit which extracts specified pattern data from a plurality of sets of pattern data on the basis of the model name of the portable telephone contained in the pattern data transmission requests received by the pattern data transmission request receiving unit, and a pattern data transmitting unit which transmits the specified pattern data extracted by the pattern data extraction unit to the portable telephone.
US Patent Application No. 2004/005,873 (Groenendaal et al.) discloses methods and systems for managing wireless devices in an enterprise. A first exemplary method manages the physical access points of a wireless network in an enterprise. A second exemplary method manages the assets of wireless devices in an enterprise. A third exemplary method enables virus detection within wireless devices. A fourth exemplary method manages wireless device data backup.
US Patent Application No. 2004/0127195 (An Ki Chul) discloses a mobile communication system and method for inactivating or curing mobile communication viruses. The system includes: a database associated with the mobile communication system, for storing at least one virus vaccine program; and a virus monitoring unit associated with the mobile communication system, for checking virus infection of received data, analyzing virus information, choosing one of virus vaccine programs that are stored in the database and inactivating the virus. Virus vaccine programs are timely updated over-the-air (OTA) whenever a new version of vaccine program is available.
US Patent Application No. 2004/172,551 (Fielding et al.) discloses a process of screening one or more software files to determine any that are recognized to have a matching hash signature with a file contained in a database of files known to be Virus, Trojan, Worm, or otherwise potentially malicious or suspicious element which can then be safely blocked, quarantined and/or deleted. This is accomplished through a method and apparatus running on a firewall, network device, mail server, server, personal computer, PDA, cell phone or wireless device to compare the hash signature of each incoming software file against a regularly updated database of known infected file hash signatures. One or more users can be alerted when an infected file is identified. If quarantined, the file is safely stored until virus software is updated properly with later developed virus definitions file(s), which are then used to eradicate or clean the infected file(s) or computer systems.
U.S. Patent Application No. 2004/209,608 (Kouznetsov et al.) discloses a system, method and computer program product for accessing security or content analysis functionality utilizing a mobile communication device. Included is an operating system installed on a mobile communication device capable of communicating via a wireless network. Further provided is an application program installed on the mobile communication device and executed utilizing the operating system for performing tasks. A scanning subsystem remains in communication with the application program via an application program interface. Such scanning subsystem is adapted for accessing security or content analysis functionality in conjunction with the tasks performed by the application program
U.S. Patent Application No. 2004/268,145 (Watkins et al.) discloses an apparatus, system, method and computer program product for verifying the integrity of remote network devices that request access to network services and resources. Unintended computer programs such as viruses, worms, or Trojan Horses, may compromise remote devices. The invention involves downloading verification software over the web into the web browser of a client for the purpose of performing checks to verify the integrity and security of the client's device or system. The results of such checks are returned over the web to be used in security decisions involving authentication and the granting of authorization to access services and resources.
U.S. Patent Application No. 2005/064,859 (Kotzin et al.) discloses a system and method for backing up a memory of a wireless subscriber device. The method involves creating an archived representation of the memory image in a backup server and scanning modified representations of the memory image for abnormalities, such as viruses or other malicious files. If a problem has occurred, the memory of the wireless subscriber device can be restored using an archived representation of the memory image.
International Publication No. WO2003/012,643 (Pak et al.) discloses a system, method and computer program product for programmable scanning for malicious content on a wireless client device. Initially, an anti virus program having an instruction set, is assembled in a programmable computing language. The anti virus program is implemented on a wireless client device. A scan for malicious code is performed on the wireless client device utilizing the anti-virus program, including scanning a memory of the device as well as an inbound or outbound data stream traversing a communication port of the client device
International Publication No. WO2003/012,644 (Kouznetsov et al.) discloses a scanning method in mobile devices, e.g. cellular phones, for viruses and other malware by updating malware scanners in the mobile devices over a wireless network using an application service provider.
International Publication No. WO2004/095,177 (Kouznetsov et al) discloses a platform-independent system and associated method for use with a mobile communication device. Included is a mobile communication device capable of communicating via a wireless network. Such a mobile communication device includes an operating system installed thereon. Associated therewith is a platform-independent scanning subsystem in communication with the operating system of the mobile communication device for scanning purposes. Further provided is a platform-independent application program interface for interfacing the operating system and the scanning subsystem. The platform-independent application program interface includes an abstract library for porting the platform-independent scanning subsystem to the mobile communication device and associated operating system.
International Publication No. WO2005/022,441 (Liang et al.) discloses a network level virus monitoring system capable of monitoring a flow of network traffic in any of a number of inspection modes depending upon the particular needs of a system administrator. The system includes a network virus sensor self registration module coupled to a network virus/worm sensor arranged to automatically self register the associated network virus/worm sensor. The monitoring provides an early warning of a virus attack thereby facilitating quarantine procedures directed at containing a virus outbreak. By providing such an early warning, the network virus monitor reduces the number of computers ultimately affected by the virus attack resulting in a concomitant reduction in both the cost of repair to the system and the amount of downtime. In this way, the inventive network virus monitor provides a great improvement in system uptime and reduction in system losses.
European Patent Application No. 1,184,772 (Bergroth et al.) discloses a method of protecting a wireless device against viruses, comprising maintaining a database of virus signatures on the device, updating the database by downloading virus signatures in a Short Message Service (SMS) Message, and searching for virus signatures in the memory of or files stored on the wireless device by comparison with the database.