[13]

Why target people specifically? A phone has all the tools necessary to infect every other peer they can reach. Almost instant billion device botnet, each with a new list of targets to infect in the contacts book. It'll be interesting if this does happen, and the same mistakes as early worms are made (global internet pipe denial of service by probes attempting to find new hosts to infect).

[ck2]

Whoa, never thought of that, but blackhats certainly will.

If they get one celebrity, they could get all their friends.

I predict a second one of these https://wikipedia.org/wiki/2014_celebrity_photo_hack

Ironically this time iphone users will be protected.

[13]

Probably has engineering challenges past what you would normally face, which thankfully makes a 1B device botnet a little unrealistic. I can't imagine how you'd even begin to control such a thing, just a sequential numerical list of the clients is 4GB. Scary prospect though.

[endymi0n]

Not too far off.

There's your discovery layer: https://en.wikipedia.org/wiki/Kademlia

C&C: http://www.reddit.com/r/netsec/comments/2pmmfu/using_the_blo...

Persistence Layer: https://github.com/cockroachdb/cockroach

Dissemination Layer: https://en.wikipedia.org/wiki/Gossip_protocol

Sprinkle in some AES and public / private keys for verification and you're done.

Sequential list isn't needed.

(well, all the robust & stealthy large systems engineering together with the low level exploit knowledge is probably a little too much for one person to pull it off, but for a Hacking Team or nation sized actor it's quite doable)

[Jare]

The bot can call home to ask if/when more infections are desired, so the attack can elastically adapt to remain viable and not overwhelm the resources it needs.

[raisedbyninjas]

Why bother with a botnet when you already have access to their gmail account. Search for bank emails in their inbox, script a password reset on the account, drain account.

[Oletros]

How so?