Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Syncios Manager Mac User Guide
Syncios Manager Mac User Guide Syncios Manager Mac User Guide Overview Tutorials Introduction Music Management Key Features Video Management System & Device Requirements Photo Management Information Management App Management File Management Toolkit Installation & Interface FAQ Installation Version compare Main Interface Common issues Purchase & Registration Support & Contact Purchase Syncios Manager Support Register Syncios Manager Contact Page 1 Syncios Manager Mac User Guide Overview Introduction Key Features System & Device Requirements Introduction Thanks for using Syncios Manager for mac! Syncios Manager for Mac is a free iTunes alternative to easily manage iPhone, iPad and iPod Touch without iTunes, which offers you ultimate transfer solution between iOS/Android devices & Mac. Although there are various kinds of phone managers in the market, most of them are not compatible with both Android and iOS devices. Syncios smartphone manager is a cross-platform supported mobile and tablet manager tool, fully compatible with the two dominant smartphone operating systems – iOS and Android. Key Features Transfer music, ringtone, podcast, Audiobooks, iTunes U between iPhone/iPad/iPod touch and Mac without iTunes. Backup songs, playlists, videos and other media from iPhone, iPad, iPod touch or Android devices on Mac OS. All your personal information on iOS/Android devices, including contacts, messages and call history can be managed in a simple and safe way on Mac OS. Browse, export, add, new or delete files between mobile phone and Mac. Toolkit: 1-click backup and restore mobile data. Page 2 Syncios Manager Mac User Guide System Requirements Operating System: Mac OS X 10.9, 10.10, 10.11, 10.12, 10.13, 10.14 & 10.15 CPU: Intel Core 1GHz or faster Hard Disk Space:1G and above Device Requirements Android: Android 3 to Android 11 iOS: iOS 5, iOS 6, iOS 7, iOS 8, iOS 9, iOS 10, iOS 11, iOS 12, iOS 13 & iOS 14 Page 3 Syncios Manager Mac User Guide Installation & Interface Installation Main Interface Installation 1. -
The Kernel Report
The kernel report (ELC 2012 edition) Jonathan Corbet LWN.net [email protected] The Plan Look at a year's worth of kernel work ...with an eye toward the future Starting off 2011 2.6.37 released - January 4, 2011 11,446 changes, 1,276 developers VFS scalability work (inode_lock removal) Block I/O bandwidth controller PPTP support Basic pNFS support Wakeup sources What have we done since then? Since 2.6.37: Five kernel releases have been made 59,000 changes have been merged 3069 developers have contributed to the kernel 416 companies have supported kernel development February As you can see in these posts, Ralink is sending patches for the upstream rt2x00 driver for their new chipsets, and not just dumping a huge, stand-alone tarball driver on the community, as they have done in the past. This shows a huge willingness to learn how to deal with the kernel community, and they should be strongly encouraged and praised for this major change in attitude. – Greg Kroah-Hartman, February 9 Employer contributions 2.6.38-3.2 Volunteers 13.9% Wolfson Micro 1.7% Red Hat 10.9% Samsung 1.6% Intel 7.3% Google 1.6% unknown 6.9% Oracle 1.5% Novell 4.0% Microsoft 1.4% IBM 3.6% AMD 1.3% TI 3.4% Freescale 1.3% Broadcom 3.1% Fujitsu 1.1% consultants 2.2% Atheros 1.1% Nokia 1.8% Wind River 1.0% Also in February Red Hat stops releasing individual kernel patches March 2.6.38 released – March 14, 2011 (9,577 changes from 1198 developers) Per-session group scheduling dcache scalability patch set Transmit packet steering Transparent huge pages Hierarchical block I/O bandwidth controller Somebody needs to get a grip in the ARM community. -
Security Analysis of Docker Containers in a Production Environment
Security analysis of Docker containers in a production environment Jon-Anders Kabbe Master of Science in Communication Technology Submission date: June 2017 Supervisor: Colin Alexander Boyd, IIK Co-supervisor: Audun Bjørkøy, TIND Technologies Norwegian University of Science and Technology Department of Information Security and Communication Technology Title: Security Analysis of Docker Containers in a Production Environment Student: Jon-Anders Kabbe Problem description: Deployment of Docker containers has achieved its popularity by providing an au- tomatable and stable environment serving a particular application. Docker creates a separate image of a file system with everything the application require during runtime. Containers run atop the regular file system as separate units containing only libraries and tools that particular application require. Docker containers reduce the attack surface, improves process interaction and sim- plifies sandboxing. But containers also raise security concerns, reduced segregation between the operating system and application, out of date or variations in libraries and tools and is still an unsettled technology. Docker containers provide a stable and static environment for applications; this is achieved by creating a static image of only libraries and tools the specific application needs during runtime. Out of date tools and libraries are a major security risk when exposing applications over the Internet, but availability is essential in a competitive market. Does Docker raise some security concerns compared to standard application deploy- ment such as hypervisor-based virtual machines? Is the Docker “best practices” sufficient to secure the container and how does this compare to traditional virtual machine application deployment? Responsible professor: Colin Alexander Boyd, ITEM Supervisor: Audun Bjørkøy, TIND Technologies Abstract Container technology for hosting applications on the web is gaining traction as the preferred mode of deployment. -
Isam: an Iphone Stealth Airborne Malware
iSAM: An iPhone Stealth Airborne Malware Dimitrios Damopoulos, Georgios Kambourakis, and Stefanos Gritzalis Info-Sec-Lab Laboratory of Information and Communications Systems Security, University of the Aegean, Samos, Greece {ddamop,gkamb,sgritz}@aegean.gr http://www.icsd.aegean.gr/info-sec-lab Abstract. Modern and powerful mobile devices comprise an attractive target for any potential intruder or malicious code. The usual goal of an attack is to acquire users’ sensitive data or compromise the device so as to use it as a stepping stone (or bot) to unleash a number of attacks to other targets. In this paper, we focus on the popular iPhone device. We create a new stealth and airborne malware namely iSAM able to wirelessly infect and self-propagate to iPhone devices. iSAM incorporates six different malware mechanisms, and is able to connect back to the iSAM bot master server to update its programming logic or to obey commands and unleash a synchronized attack. Our analysis unveils the internal mechanics of iSAM and discusses the way all iSAM components contribute towards achieving its goals. Although iSAM has been specifically designed for iPhone it can be easily modified to attack any iOS-based device. Keywords: Malware, iPhone, iOS, Jailbreak, Stealth, Airborne, Rootkit. 1 Introduction Mobile devices have evolved and experienced an immense popularity over the last few years. These devices have penetrated the market due to the variety of data services they offer, such as texting, emailing, browsing the Internet, documents editing, listening to music, watching videos and playing games in addition to the traditional voice services. As a result, analysts are expecting a mobile device population of 5 billion by 2015 [1]. -
Download Volume 13 (PDF)
Volume 13, Summer 2019 Copyright Ó 2019 Assistive Technology Industry Association ISSN 1938-7261 Assistive Technology Outcomes and Benefits | i The Role of Research in Influencing Assistive Technology Products, Policy, and Practice Volume 13, Summer 2019 Assistive Technology Outcomes and Benefits The Role of Research in Influencing Assistive Technology Products, Policy, and Practice Volume 13, Summer 2019 Editor in Chief Focused Issue Editor Jennifer L. Flagg Kathleen M. Murphy Center on KT4TT, University oF BuFFalo American Institutes For Research Publication Managers Associate Editors Victoria A. Holder Kate Herndon Tools For LiFe, Georgia Institute oF Technology American Printing House For the Blind Elizabeth A. Persaud Carolyn P. Phillips Tools For LiFe, Georgia Insitute oF Technology Tools For LiFe, Georgia Institute oF Technology Caroline Van Howe Copy Editor Assistive Technology Industry Association Beverly Nau Assistive Technology Outcomes and Benefits (ATOB) is a collaborative peer-reviewed publication of the Assistive Technology Industry Association (ATIA). Editing policies oF this issue are based on the Publication Manual oF the American Psychological Association (6th edition) and may be Found online at www.atia.org/atob/editorialpolicy. The content does not reflect the position or policy of ATIA and no official endorsement should be inferred. Editorial Board Members and Managing Editors David Banes Beth Poss Managing Director, David Banes Access and Administrator, Montgomery County Schools, Inclusion Services Maryland Russell T. Cross Ben SatterField Director of Clinical Operations, Prentke Romich Research Consultant, Center for AT Company Excellence, Tools For LiFe at Georgia Institute oF Technology Anya Evmenova Associate Professor, Division of Special Judith Schoonover Education and disAbility Research, George Occupational Therapist and AT Consultant, Mason University Sterling, Virginia American Occupational Therapy Association, Lori Geist Inc. -
MOVR Mobile Overview Report April – June 2017
MOVR Mobile Overview Report April – June 2017 The first step in a great mobile experience TBD 2 The first step in a great mobile experience TBD 3 The first step in a great mobile experience Q1 2017 to Q2 2017 Comparisons Top Smartphones Top Smartphones Africa Asia Europe N. America Oceania S. America • New to the list this Apple iPhone 5S 1.3% 2.9% 4.1% 3.5% 3.9% 3.1% quarter are the Apple Apple iPhone 6 2.2% 4.8% 5.6% 9.3% 10.1% 4.5% iPhone SE and the Apple iPhone 6 Plus 0.8% 2.4% 0.9% 3.7% 3.2% 1.0% Samsung J7 Prime. Apple iPhone 6S 1.7% 4.4% 6.3% 11.0% 13.9% 3.1% Apple iPhone 6S Plus 0.7% 2.6% 1.1% 6.1% 4.6% 0.9% • Dropping off the list Apple iPhone 7 1.2% 2.9% 4.0% 7.6% 9.3% 2.2% are the Motorola Moto Apple iPhone 7 Plus 0.7% 3.1% 1.3% 6.9% 6.2% 1.1% G4, Samsung Galaxy J2 Apple iPhone SE 0.3% 0.6% 2.4% 2.2% 2.1% 1.0% (2015), and the Huawei P8 Lite 2.2% 0.3% 2.1% 0.2% 0.2% 0.6% Vodafone Smart Kicka. Motorola Moto G 0.0% 0.0% 0.1% 0.2% 0.0% 2.1% Motorola Moto G (2nd Gen) 0.0% 0.1% 0.0% 0.1% 0.1% 2.6% • North America and Motorola MotoG3 0.0% 0.1% 0.1% 0.2% 0.1% 3.1% Oceania continue to be Samsung Galaxy A3 1.2% 0.9% 2.2% 0.1% 0.2% 0.5% concentrated markets Samsung Galaxy Grand Neo 1.8% 0.8% 0.8% 0.1% 0.1% 0.6% for brands, with the Samsung Galaxy Grand Prime 0.5% 1.0% 1.5% 0.9% 0.1% 3.5% top smartphones Samsung Galaxy J1 1.8% 0.6% 0.3% 0.1% 0.3% 0.8% accounting for 63.7% and 74.4% Samsung Galaxy J1 Ace 2.5% 0.2% 0.0% 0.1% 0.3% 0.7% respectively. -
Rootless Containers with Podman and Fuse-Overlayfs
CernVM Workshop 2019 (4th June 2019) Rootless containers with Podman and fuse-overlayfs Giuseppe Scrivano @gscrivano Introduction 2 Rootless Containers • “Rootless containers refers to the ability for an unprivileged user (i.e. non-root user) to create, run and otherwise manage containers.” (https://rootlesscontaine.rs/ ) • Not just about running the container payload as an unprivileged user • Container runtime runs also as an unprivileged user 3 Don’t confuse with... • sudo podman run --user foo – Executes the process in the container as non-root – Podman and the OCI runtime still running as root • USER instruction in Dockerfile – same as above – Notably you can’t RUN dnf install ... 4 Don’t confuse with... • podman run --uidmap – Execute containers as a non-root user, using user namespaces – Most similar to rootless containers, but still requires podman and runc to run as root 5 Motivation of Rootless Containers • To mitigate potential vulnerability of container runtimes • To allow users of shared machines (e.g. HPC) to run containers without the risk of breaking other users environments • To isolate nested containers 6 Caveat: Not a panacea • Although rootless containers could mitigate these vulnerabilities, it is not a panacea , especially it is powerless against kernel (and hardware) vulnerabilities – CVE 2013-1858, CVE-2015-1328, CVE-2018-18955 • Castle approach : it should be used in conjunction with other security layers such as seccomp and SELinux 7 Podman 8 Rootless Podman Podman is a daemon-less alternative to Docker • $ alias -
Apple, Inc. Collegiate Purchase Program Premier Price List January 11, 2011
Apple, Inc. Collegiate Purchase Program Premier Price List January 11, 2011 Revisions to the December 7, 2010 Collegiate Purchase Program Premier Price List Effective January 11, 2011 PRODUCTS ADDED TO THE PRICE LIST PRODUCTS REPRICED ON THE PRICE LIST PRODUCTS REMOVED FROM THE PRICE LIST This Price List supersedes all previous Price Lists. Products subject to discontinuation without notice. Prices subject to change without notice. Education Solutions Apple iPod Learning Lab The Apple iPod Learning Lab provides schools with the ideal solution for managing multiple iPod devices in the classroom. The solution includes (20) iPod touch 8GB devices housed in a durable and easy-to-use Apple-exclusive mobile cart capable of storing and charging up to 40 iPod devices. The cart's ability to sync up to 20 iPod devices at a time from one computer makes it quick and easy to set up the devices for student use. The mobile cart's secure, roll-top door can be locked for safe iPod storage. The cart also includes room for storage of up to four notebook computers and a variety of iPod accessories. And, because the cart is mobile, it can be easily shared among multiple classrooms. Choose one of the pre-configured solutions below, or build your own custom iPod lab by visiting http://edu1.apple.com/custom_ipod_lab/. Recommended add-ons: The MacBook is an ideal companion for the Apple iPod Learning Lab. Create compelling education content with iLife and organize and share that content via iTunes. Apple Professional Development prepares teachers to effectively integrate iPod devices and podcasting into their curriculum. -
Open APPLE THESIS FINAL__1 .Pdf
THE PENNSYLVANIA STATE UNIVERSITY SCHREYER HONORS COLLEGE DEPARTMENT OF SUPPLY CHAIN AND INFORMATION SYSTEMS SUPPLY CHAIN AS A SWORD AND A SHIELD: LESSONS FROM APPLE LAUREN E. STERN SPRING 2013 A thesis submitted in partial fulfillment of the requirements for a baccalaureate degree in Supply Chain and Information Systems with honors in Supply Chain and Information Systems Reviewed and approved* by the following: Felisa Preciado Clinical Associate Professor of Supply Chain and Information Systems Thesis Supervisor John C. Spychalski Professor Emeritus of Supply Chain Management Honors Adviser * Signatures are on file in the Schreyer Honors College. i ABSTRACT In the past few decades, Apple has gone from being an incredible startup success story, to a company on the very brink of failure, to its current status as one of the most valuable and emulated companies in the world. It originally got its start through technological innovations, laser-like focus and a sometimes uncanny understanding for what consumers would want, and those things have certainly been constant themes during its periods of success. But one of the biggest reasons for its outstanding success in the past decade has been the way Apple has leveraged its supply chain both to control costs and to give it a competitive advantage unmatched by any of its competitors. This paper analyzes the Apple supply chain to try to identify the way in which Apple has taken advantage of its supply chain, adapted it to changes in the market, and used it as both a defensive and offensive competitive weapon to become one of the most successful and influential companies in the world. -
A Middleware Framework for Application-Aware and User-Specific Energy Optimization in Smart Mobile Devices
Pervasive and Mobile Computing 20 (2015) 47–63 Contents lists available at ScienceDirect Pervasive and Mobile Computing journal homepage: www.elsevier.com/locate/pmc A middleware framework for application-aware and user-specific energy optimization in smart mobile devices Sudeep Pasricha a,∗, Brad K. Donohoo b, Chris Ohlsen c a Colorado State University, Fort Collins, CO 80523, USA b U.S. Department of the Air Force, Roy, UT 84067, UT 84067, USA c Woodward, Inc., Fort Collins, CO 80525, USA article info a b s t r a c t Article history: Mobile battery-operated devices are becoming an essential instrument for business, com- Received 5 August 2014 munication, and social interaction. In addition to the demand for an acceptable level of per- Received in revised form 22 December 2014 formance and a comprehensive set of features, users often desire extended battery lifetime. Accepted 7 January 2015 In fact, limited battery lifetime is one of the biggest obstacles facing the current utility and Available online 14 January 2015 future growth of increasingly sophisticated ``smart'' mobile devices. This paper proposes a novel application-aware and user-interaction aware energy optimization middleware Keywords: framework (AURA) for pervasive mobile devices. AURA optimizes CPU and screen back- Energy optimization Smart mobile systems light energy consumption while maintaining a minimum acceptable level of performance. Pervasive computing The proposed framework employs a novel Bayesian application classifier and management Machine learning strategies based on Markov Decision Processes and Q-Learning to achieve energy savings. Middleware Real-world user evaluation studies on Google Android based HTC Dream and Google Nexus One smartphones running the AURA framework demonstrate promising results, with up to 29% energy savings compared to the baseline device manager, and up to 5×savings over prior work on CPU and backlight energy co-optimization. -
The Rise and Imminent Fall of the N-Day Exploit Market in the Cybercriminal Underground
The Rise and Imminent Fall of the N-Day Exploit Market in the Cybercriminal Underground Mayra Rosario Fuentes and Shiau-Jing Ding Contents TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and 4 should not be construed to constitute legal advice. The information contained herein may not be applicable to all Introduction situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing 7 herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document Overview of Exploit Developers at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise 12 related to the accuracy of a translation, please refer to the original language official version of the document. Any Overview of Exploit Demand and discrepancies or differences created in the translation are Availability not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro 16 makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree Outdated Exploits that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. -
Beginners Guide to Developing for a Jailbroken Ios Plaxorm
Beginners Guide to Developing for a Jailbroken iOS Plaorm Priya Rajagopal Twier: @rajagp Blog: hp://www.priyaontech.com CocoaHeads, Jan 2012 Jailbreaking is Legal (..at least in the US) Priya Rajagopal, CocoaHeads,2012 Why develop for a jailbroken plaorm? • Develop run-Ume patches (.dylibs) that can be automacally loaded and shared across apps – Link with third part dylibs (eg- BTStack) • Hook into “system” apps and control plaorm behavior – Eg. Mobile Safari, Springboard • UUlize features not exposed through SDK’s public APIs to build something really cool Priya Rajagopal, CocoaHeads,2012 3 Why develop for a jailbroken plaorm? • More control over the plaorm – Terminal window, ssh, scp, rm etc. It’s a unix system. • Don’t need an Apple developer’s license – Self signed apps, pseudo signed apps • You don’t even need a Mac – You can even develop on the phone (Cool!) • Opons : – Distribute through Cydia – Internal Enterprise apps – Personal use. If you can’t find it, you can build it! Priya Rajagopal, CocoaHeads,2012 4 Tethered vs. Untethered Jailbreak • Tethered – You need to tether your device to your PC to reboot it. Quite inconvenient • Untethered – You don’t need to tether your device to your PC to reboot it. • ParUal Untethered – Tethered but you can reboot untethered to enable minimal funcUonality Priya Rajagopal, CocoaHeads,2012 5 Jailbreak Sogware (If its not free, it’s a scam) • RedSn0w (Mac /Windows) • Jailbreakme.com (Web) • PwnageTool (Mac) • GreenPois0n (Mac/Windows) Priya Rajagopal, CocoaHeads,2012 6 Status of iOS Jailbreak