The described embodiments generally relate to wireless communication devices and computer networks. More particularly, the described embodiments relate to the detection and disposition of unauthorized executable instructions on a wireless device.
Wireless networking connects one or more wireless devices to other computer devices without a direct electrical connection, such as a copper wire or optical cable. Wireless devices communicate data, typically in the form of packets, across a wireless or partially wireless computer network and open a “data” or “communication” channel on the network such that the device can send and receive data packets. The wireless devices often have wireless device resources, such as programs and hardware components, which individually and cooperatively operate to use and generate data in accordance to their design and specific protocol or configuration, such as using open communication connections to transmit and receive data on the network.
Wireless devices are being manufactured with increased computing capabilities and are becoming tantamount to personal computers. These “smart” wireless devices, such as cellular telephones, have application programming interfaces (“APIs”) installed onto their local computer platform that allow software developers to create software applications that operate on the cellular telephone. The API sits between the wireless device system software and the software application, making the cellular telephone functionality available to the application without requiring the software developer to have the specific cellular telephone system source code.
In one aspect, the integrity of the wireless device may be compromised by either the intended or non-intended downloading of certain executable instructions. In one scenario, such downloads may include a malicious program targeting cellular telephones, for example, spread through Bluetooth® wireless systems. Such executable instructions may be a worm program whose task could be as simple as stealing the cellular telephone's address book or generating costly and annoying text message spam. Another potential threat to the integrity of a wireless device may take the form of a “denial of service” attack on a wireless-service provider by making the cellular telephone dial many numbers in rapid succession. In another example, malicious applications may affect the operation of the wireless device, allowing the wireless device to be used for a different wireless network service provider than the one for which it was purchased. In this case, the original wireless network service provider may lose money if it subsidized the price of the wireless device based on the agreement that the wireless device would only be used on the original network service provider's network.
Furthermore, an initial scan of a downloaded application may not prove sufficient to detect possible malicious intent. It may be necessary to monitor the operation of the program to determine whether or not an application first thought to be authorized has either been modified or has indeed performed some unauthorized act, i.e., accessed a protected memory location.
In addition to the possible loss of device integrity due to either malicious or unintentional downloading of unauthorized executable instructions, a cellular carrier network may lose revenue by uncompensated downloading of otherwise non-malicious executables. For example, in many cases when a new mobile device is introduced to the market and is well received by the public, a host of software companies will attempt to cash in on the popularity of the product by offering third party applications. These executables, when made available to the user via sources other than the cellular manufacturer or carrier, not only may adversely affect the operation of the wireless device but may also result in millions of dollars in lost revenue.
Accordingly, it would be advantageous to provide an apparatus and method that allows for scanning a wireless device for executable instructions, monitoring its operation, and may include the deleting and otherwise disabling of such instructions based upon an authorization schema.