As mobile devices becoming more and more sophisticated with their computing power and memory, the attackers are slowing shifting their focus from PC to these Mobile devices. Unlike earlier generation of mobile devices, current mobile devices are as powerful as our computer systems with increased memory and performance along with built-in internet connectivity. All of us still may not have one computer system per user now, but each of us enjoy at least one geek cellphone in our pocket. More than just a fancy electronic gadget it has become necessity of the time.
For attackers it brings in great opportunity with high success rate as mobile devices represent low hanging fruit with more than 80% of mobile users have no knowledge of its intrinsic and security aspects. In addition to this, early days of mobile evolution with a low security profiles making it more vulnerable to easy traps.
In this direction, this book ‘Mobile Malware Attacks and Defense’ throws light on evolving trend of malwares targeted towards these mobile devices. It describes how to perform analysis of such malwares and ways to protect against such threats.
Here is the core information about the book,
Title: Mobile Malware Attacks and Defense
Author: Ken Dunham
Hardcover: 440 pages
Release Date: November 14, 2008
Here is the ‘Table of Contents’
- Chapter 1 – Introduction to Mobile Malware
- Chapter 2 – Visual Payloads
- Chapter 3 – Timeline of Mobile Malware, Hoaxes, and Threats
- Chapter 4 – Overview of Mobile Malware Families
- Chapter 5 – Taxonomy of Mobile Malware
- Chapter 6 – Phishing, SMishing, and Vishing
- Chapter 7 – Operating System and Device Vulnerabilities
- Chapter 8 – Analyzing Mobile Malware
- Chapter 9 – Forensic Analysis of Mobile Malware
- Chapter 10 – Debugging and Disassembly of MMC
- Chapter 11 – Mobile Malware Mitigation Measures
First half of the book covers basics of mobile malwares, different types, how they are different from traditional PC malwares, real life examples of such threats etc. This mainly prepares the ground for second half of the book where it gets more interesting with more technical stuff.
Chapter 6 puts focus on how attackers are using SMS (SMishing) and Phone based Phishing (Vishing) to lure naive users into their traps. It illustrates different types and presents techniques to detect & mitigate such attacks. Next chapter explain mobile OS aspects, how its different from traditional PC model and explains about security vulnerabilities specific to these devices.
I found last 3 chapters interesting as it covers specific techniques required for analyzing mobile malwares compared to PC viruses. It describes in detail on using MobileSandbox to safely analyze such malwares like we do using virtual boxes for normal PC viruses. Though ‘Mobile Forensics’ deserves a book in itself, author does a good job covering some of the fine prints to set the basics right. Debugging/Disassembling of malwares using various tools such as IDA Pro etc brings in more energy (if you are of my type ;)). This process is similar to our traditional reversing/debugging but there are some specifics w.r.t executable for different mobile platforms which are clearly illustrated here using real malwares.
Though you will crave for more, this book offers one of best insights on mobile malwares, their trends, analysis and protections against such threats for novice as well as experts.
eBook Link: http://www.megaupload.com/?d=9IOGHZM0