2 Chapter1·IntroductiontoMobileMalware Introduction Explosive growth in the mobile market of smartphones, personal digital assistants (PDA), and similar integrated devices like an iPhone has become evident since the turn of the century. Concurrent with this emergent growth in the mobile media market is the development of mature cyber-criminal fraud operations and the spread of the first mobile malware (MM) in the wild. Since at least 2000, select security experts have predicted gloom and doom about pending future attacks against smartphones and other mobile devices. In large part, they were wrong, not understanding all of the elements necessary to create the perfect storm for malicious attacks against mobile media. It takes more than technology vulnerabilities to result in exploitation--criminals testify to this fact on the Windows platform today! With a global explosion of mobile solutions and services, assets are increasingly integrated into this emergent medium. Criminals are already exploiting it for financial gain. The problem will certainly get worse before it gets better as this new market matures for an increasingly mobile society globally. This is the first book of its kind addressing malicious attacks against mobile devices. Some conferences now focus significantly on new devices and how to exploit, analyze, and manage these new solutions. With the rapid change of technology, continually strained technology staff capabilities, and a very mature global criminal market, the time is now to act upon mobile security. This book takes you through the foundational aspects of mobile security and mobile malware and equips you with the necessary knowledge and techniques to successfully lower risk against emergent mobile threats. W arning This book's contents do include discussions of exploits and attacks. Handle all data with caution and use ethical and legal guidelines to respond to the media in the book. We've done our best to sanitize all weaponized data and cripple any code that script kiddies might want to abuse for illegal or unethical actions. This book has been organized with a technical content flow that progresses from easy to more difficult. The first five chapters are easier to read for the nontechnical individual. Chapter 6 introduces higher mathematical models for working with phishing identification and mitigation and more complicated vishing attacks. Chapter 7 onwards dives into a wide range of technologies, exploits, and deep analysis of mobile malware (MM). Most importantly, each chapter is somewhat modular in design to support the geek in you, particularly when you need to look up reference material quickly in the book.