Delivering Phone Fixes Over the Air
As smartphones continue to proliferate on networks around the world, they are increasingly under attack from malware and other malicious code. And because anti-virus solutions originally developed for desktops do not adapt well to the data and power constraints of mobile devices, new approaches to device security are needed to protect the growing smartphone category.
Researchers at Georgia Tech's College of Computing, having received a three-year, $450,000 grant from the National Science Foundation, are developing a "remote repair" solution that would enable wireless providers to investigate and repair compromised devices over the network. This approach eliminates the need to shut off service to the smartphone, a major problem for network providers as it can ultimately cost them customers.
According to a recent Dark Reading Security article,
...the project will build a "remote repair" option for service providers that lets them disable the malware they detect running on a user's smartphone. It would involve having a small base of trusted software on the phone.... [R]esearchers have even considered a virtual machine approach. "This software [on the handheld] responds to commands coming from the network to help the software take certain actions, [such as to] disable the [malicious] software and report information back to the network to help the network decide what the attack is.
However, this new approach is not without its complications. Some security experts have raised concerns about the effectiveness of the phone's trusted security software, when a virus could target and disable that code, eliminating the remote security functions. And because this solution gives wireless providers increased visibility and access to consumers' devices, there are obvious questions about the loss of privacy.
Researchers at Georgia Tech are currently working with open-source, Android-based phones and hope to publish their results next year.