Protection and Prevention
You should never install anything from someone you don't trust. However, following this banal rule isn't always enough; some vulnerabilities are a result of programming errors within the device itself.
The first protection is to be a cautious user. Antivirus products often are there just to protect users from themselves. However, at times new viruses are created that break through traditional protections. For example, many users might forget to suspect a Bluetooth virus, simply because it's not yet a common form of infection. Your best defense is to maintain a high index of suspicion at all times.
In addition, it's best to keep the OS software current on your mobile device. This practice can help eliminate the same kind of risks that Windows XP users face. Unfortunately, updating a mobile device often requires a complete loss of data and can be a technically challenging project (for example, reflashing the ROM). Plus, even if it's easy, as is the case with Windows XP, most users simply ignore or don't know about patches and updates. In other words, if a user can't keep his desktop updated, he probably won't update his mobile phone or PDA.
With Windows-based PCs, patches are more or less homogeneous to the device. Not so in the mobile world. There are many flavors of embedded operating systems. For example, Platform Builder allows any manufacturer to compile its own, custom OEM version of Windows Mobile operating system. There are as many flavors of Windows Mobile as there are OEMs. In this case, a uniform security patch from Microsoft could break millions of deviceseven if the patch worked correctly, which hasn't always been the case lately. Thus, there are even more challenges when dealing with mobile device security.
This concludes our brief analysis of the Mosquito Trojan. We welcome input from others who may have more experience in embedded reverse engineering. For those looking to enter research in this field, the References section lists other books and articles that we've written on ARM-based reverse engineering.
Although the Mosquito Trojan is more of an annoyance than a real threat, it demonstrates that cell phone malware is a growing problem. As we've seen, the 911 virus in Tokyo knocked out the city's public emergency services number. With a growing variety of malware attacking a growing number of mobile devices, future attacks could be worse.