Summary

Recommendation ITU-T X.1213 analyses the background and potential security threats of smartphone-based botnets, and provides security capability requirements.

Along with the rapid development of mobile Internet devices and the widespread use of smartphones, surveys from worldwide organizations show that botnets, formerly targeting mostly personal computer (PC)-based networks, are now being replicated very quickly on smartphones. Currently, countries and regions with differing conditions and ecosystems have varying levels of constraints on the propagation of smartphone-based botnets. Analytical reports from various security companies and investigative organizations show noticeably different statistical data on the severity of the propagation of smartphone-based botnets. The potential threat of smartphone-based botnets is increasing very quickly in some regions and could possibly spread worldwide and turn from a regional issue into a serious global issue.

Compared with PCs and servers, smartphones have less processing power, storage space and battery life. However, the adversarial influence of smartphone-based botnets could have greater repercussions on users for the following reasons: 1) smartphones often store very important personally identifiable information (PII) and 2) if attacks on smartphones or on the operator's infrastructure occur, user experience may degrade significantly due to the prevalence of, and user dependence on, smartphones.