DOCSLIB.ORG

Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions Maximilian Zinkus Tushar M. Jois Johns Hopkins University Johns Hopkins University [email protected] [email protected] Matthew Green Johns Hopkins University [email protected] May 27, 2021 arXiv:2105.12613v1 [cs.CR] 26 May 2021 Executive Summary In this work we present definitive evidence, analysis, and (where needed) speculation to answer the questions, (1) “Which concrete security measures in mobile devices meaningfully prevent unauthorized access to user data?” (2) “In what ways are modern mobile devices accessed by unauthorized parties?” and finally, (3) “How can we improve modern mobile devices to prevent unauthorized access?” We examine the two major platforms in the mobile space, iOS and Android, and for each we provide a thorough investigation of existing and historical security features, evidence- based discussion of known security bypass techniques, and concrete recommendations for remediation. In iOS we find a compelling set of security and privacy controls, empowered by strong encryption, and yet a critical lack in coverage due to under-utilization of these tools leading to serious privacy and security concerns. In Android we find strong protections emerging in the very latest flagship devices, but simultaneously fragmented and inconsistent security and privacy controls, not least due to disconnects between Google and Android phone manufacturers, the deeply lagging rate of Android updates reaching devices, and various software architectural considerations. We also find in both platforms exacerbating factors due to increased synchronization of data with cloud services. The markets for exploits and forensic software tools which target these platforms are alive and well. We aggregate and analyze public records, documentation, articles, and blog postings to categorize and discuss unauthorized bypass of security features by hackers and law enforcement alike. Motivated by an accelerating number of cases since Apple v. FBI in 2016, we analyze the impact of forensic tools, and the privacy risks involved in unchecked seizure and search. Then, we provide in-depth analysis of the data potentially accessed via law enforcement methodologies from both mobile devices and associated cloud services. Our fact-gathering and analysis allow us to make a number of recommendations for improving data security on these devices. In both iOS and Android we propose concrete improvements which mitigate or entirely address many concerns we raise, and provide analysis towards resolving the remainder. The mitigations we propose can be largely summarized as increasing coverage of sensitive data via strong encryption, but we detail various challenges and approaches towards this goal and others. It is our hope that this work stimulates mobile device development and research towards security and privacy, provides a unique reference of information, and acts as an evidence-based argument for the importance of reliable encryption to privacy, which we believe is both a human right and integral to a functioning democracy. Contents 1 Introduction 1 1.1 Summary of Key Findings . .3 1.1.1 Apple iOS . .4 1.1.2 Google Android & Android Phones . .6 2 Technical Background 8 2.1 Data Security Technologies for Mobile Devices . .8 2.2 Threat Model . .9 2.3 Sensitive Data on Phones . 10 3 Apple iOS 12 3.1 Protection of User Data in iOS . 12 3.2 History of Apple Security Features . 23 3.3 Known Data Security Bypass Techniques . 26 3.3.1 Jailbreaking and Software Exploits . 27 3.3.2 Local Device Data Extraction . 35 3.3.3 Cloud Data Extraction . 40 3.3.4 Conclusions from Bypasses . 41 3.4 Forensic Software for iOS . 42 3.5 Proposed Improvements to iOS . 43 4 Android 48 4.1 Protection of User Data in Android . 48 4.2 History of Android Security Features . 60 4.3 Known Data Security Bypass Techniques . 62 4.3.1 Rooting . 64 4.3.2 Alternative Techniques . 67 4.3.3 Local Device Data Extraction . 68 4.3.4 Cloud Data Extraction . 70 4.3.5 Conclusions from Bypasses . 72 4.4 Forensic Software for Android . 72 4.5 Proposed Improvements to Android . 73 2 5 Conclusion 76 A History of iOS Security Features 95 A.1 iOS Security Features Over Time . 95 A.1.1 Encryption and Data Protection over time . 95 A.1.2 Progression of passcodes to biometrics . 95 A.1.3 Introduction of the Secure Enclave . 96 A.1.4 Hardware changes for security . 96 A.1.5 Moving secrets to the cloud . 97 B History of Android Security Features 98 B.1 Android Security Features Over Time . 98 B.1.1 Application sandboxing . 98 B.1.2 Data storage & encryption . 99 B.1.3 Integrity checking . 99 B.1.4 Trusted hardware . 100 C History of Forensic Tools 101 C.1 Forensic Tools Access . 101 C.2 Forensic Tools Listing . 107 3 List of Figures 2.1 List of Targets for NIST Mobile Device Acquisition Forensics . 11 3.1 iPhone Passcode Setup Interface . 13 3.2 Apple Code Signing Process Documentation . 14 3.3 iOS Data Protection Key Hierarchy. Each arrow . 15 3.4 List of iOS Data Protection Classes . 16 3.5 List of Data Included in iCloud Backup . 18 3.6 List of iCloud Data Accessible by Apple . 19 3.7 List of iCloud Data Encrypted “End-to-End” . 19 3.8 Secure Enclave Processor Key Derivation . 21 3.9 LocalAuthentication Interface for TouchID/FaceID . 22 3.12 Apple Documentation on Legal Requests for Data . 27 3.14 Alleged Leaked Images of the GrayKey Passcode Guessing Interface . 31 3.17 List of Data Categories Obtainable via Device Forensic Software . 36 3.18 Cellebrite UFED Touch 2 . 37 3.19 Cellebrite UFED Interface During Extraction of an iPhone . 38 3.20 Records from Arizona Law Enforcement Agencies Documenting Passcode Recovery on iOS . 39 3.21 GrayKey by Grayshift . 40 3.22 List of Data Categories Obtainable via Cloud Forensic Software . 41 4.1 PIN Unlock on Android 11 . 49 4.2 Flow Chart of an Android Keymaster Access Request . 52 4.3 Android Boot Process Using Verified Boot . 53 4.4 Relationship Between Google Play Services and an Android App . 54 4.5 Signature location in an Android APK . 55 4.6 Installing Unknown Apps on Android . 56 4.7 Android Backup Flow Diagram for App Data . 57 4.8 Android Backup Interface . 58 4.10 Google Messages RCS Chat Features . 59 4.9 List of Data Categories Included in Google Account Backup . 59 4.11 Google Messages Web Client Connection Error . 61 4.12 Google Duo Communication Flow Diagram . 61 4.14 Legitimate Bootloader Unlock on Android . 64 4 4.15 Kernel Hierarchy on Android . 65 4.16 Distribution of PHAs for Apps Installed Outside of the Google Play Store . 67 4.18 Extracting Data on a Rooted Android Device Using dd ............ 69 4.17 Autopsy Forensic Analysis for an Android Disk Image . 69 4.19 Cellebrite EDL Instructions for an Encrypted Alcatel Android Device . 70 4.20 Cellebrite UFED Interface During Extraction of an HTC Desire Android Device 71 C.1 Legend for Forensic Access Tables . 101 5 List of Tables 3.10 History of iOS Data Protection . 24 3.11 History of iPhone Hardware Security . 25 3.13 Passcode Brute-Force Time Estimates . 30 3.15 History of Jailbreaks on iPhone . 33 3.16 History of iOS Lock Screen Bypasses . 34 4.13 History of Android (AOSP) Security Features . 63 C.2 iOS and Android Forensic Tool Access (2019) . 102 C.3 iOS and Android Forensic Tool Access (2018) . 103 C.4 iOS and Android Forensic Tool Access (2017) . 104 C.5 iOS Forensic Tool Access (2010–2016) . 105 C.6 Android Forensic Tool Access (2010–2016) . 106 C.7 History of Forensic Tools (2019) . 107 C.8 History of Forensic Tools (2018) . 108 C.9 History of Forensic Tools (2017) . 109 C.10 History of Forensic Tools (2010–2016) . 110 Chapter 1 Introduction Mobile devices have become a ubiquitous component of modern life. More than 45% of the global population uses a smartphone [1], while this number exceeds 80% in the United States [2]. This widespread adoption is a double-edged sword: the smartphone vastly improves the amount of information that individuals can carry with them; at the same time, it has created new potential targets for third parties to obtain sensitive data. The portability and ease of access makes smartphones a target for malicious actors and law enforcement alike: to the former, it provides new opportunities for criminality [3, 4, 5]. To the latter it offers new avenues for investigation, monitoring, and surveillance [6, 7, 8]. Over the past decade, hardware and software manufacturers have acknowledged these concerns, in the process deploying a series of major upgrades to smartphone hardware and operating systems. These include mechanisms designed to improve software security; default use of passcodes and biometric authentication; and the incorporation of strong encryption mechanisms to protect data in motion and at rest. While these improvements have enhanced the ability of smartphones to prevent data theft, they have provoked a backlash from the law enforcement community. This reaction is best exemplified by the FBI’s “Going Dark” initiative [8], which seeks to increase law enforcement’s access to encrypted data via legislative and policy initiatives. These concerns have also motivated law enforcement agencies, in collaboration with industry partners, to invest in developing and acquiring technical means for bypassing smartphone security features. This dynamic broke into the public consciousness during the 2016 “Apple v. FBI” controversy [9, 10, 11, 12], in which Apple contested an FBI demand to bypass technical security measures. However, a vigorous debate over these issues continues to this day [6, 7, 13, 14, 15, 16].
Recommended publications
  • Syncios Manager Mac User Guide

    Syncios Manager Mac User Guide

    Syncios Manager Mac User Guide Syncios Manager Mac User Guide Overview Tutorials Introduction Music Management Key Features Video Management System & Device Requirements Photo Management Information Management App Management File Management Toolkit Installation & Interface FAQ Installation Version compare Main Interface Common issues Purchase & Registration Support & Contact Purchase Syncios Manager Support Register Syncios Manager Contact Page 1 Syncios Manager Mac User Guide Overview Introduction Key Features System & Device Requirements Introduction Thanks for using Syncios Manager for mac! Syncios Manager for Mac is a free iTunes alternative to easily manage iPhone, iPad and iPod Touch without iTunes, which offers you ultimate transfer solution between iOS/Android devices & Mac. Although there are various kinds of phone managers in the market, most of them are not compatible with both Android and iOS devices. Syncios smartphone manager is a cross-platform supported mobile and tablet manager tool, fully compatible with the two dominant smartphone operating systems – iOS and Android. Key Features Transfer music, ringtone, podcast, Audiobooks, iTunes U between iPhone/iPad/iPod touch and Mac without iTunes. Backup songs, playlists, videos and other media from iPhone, iPad, iPod touch or Android devices on Mac OS. All your personal information on iOS/Android devices, including contacts, messages and call history can be managed in a simple and safe way on Mac OS. Browse, export, add, new or delete files between mobile phone and Mac. Toolkit: 1-click backup and restore mobile data. Page 2 Syncios Manager Mac User Guide System Requirements Operating System: Mac OS X 10.9, 10.10, 10.11, 10.12, 10.13, 10.14 & 10.15 CPU: Intel Core 1GHz or faster Hard Disk Space:1G and above Device Requirements Android: Android 3 to Android 11 iOS: iOS 5, iOS 6, iOS 7, iOS 8, iOS 9, iOS 10, iOS 11, iOS 12, iOS 13 & iOS 14 Page 3 Syncios Manager Mac User Guide Installation & Interface Installation Main Interface Installation 1.
  • The Kernel Report

    The Kernel Report

    The kernel report (ELC 2012 edition) Jonathan Corbet LWN.net [email protected] The Plan Look at a year's worth of kernel work ...with an eye toward the future Starting off 2011 2.6.37 released - January 4, 2011 11,446 changes, 1,276 developers VFS scalability work (inode_lock removal) Block I/O bandwidth controller PPTP support Basic pNFS support Wakeup sources What have we done since then? Since 2.6.37: Five kernel releases have been made 59,000 changes have been merged 3069 developers have contributed to the kernel 416 companies have supported kernel development February As you can see in these posts, Ralink is sending patches for the upstream rt2x00 driver for their new chipsets, and not just dumping a huge, stand-alone tarball driver on the community, as they have done in the past. This shows a huge willingness to learn how to deal with the kernel community, and they should be strongly encouraged and praised for this major change in attitude. – Greg Kroah-Hartman, February 9 Employer contributions 2.6.38-3.2 Volunteers 13.9% Wolfson Micro 1.7% Red Hat 10.9% Samsung 1.6% Intel 7.3% Google 1.6% unknown 6.9% Oracle 1.5% Novell 4.0% Microsoft 1.4% IBM 3.6% AMD 1.3% TI 3.4% Freescale 1.3% Broadcom 3.1% Fujitsu 1.1% consultants 2.2% Atheros 1.1% Nokia 1.8% Wind River 1.0% Also in February Red Hat stops releasing individual kernel patches March 2.6.38 released – March 14, 2011 (9,577 changes from 1198 developers) Per-session group scheduling dcache scalability patch set Transmit packet steering Transparent huge pages Hierarchical block I/O bandwidth controller Somebody needs to get a grip in the ARM community.
  • Security Analysis of Docker Containers in a Production Environment

    Security Analysis of Docker Containers in a Production Environment

    Security analysis of Docker containers in a production environment Jon-Anders Kabbe Master of Science in Communication Technology Submission date: June 2017 Supervisor: Colin Alexander Boyd, IIK Co-supervisor: Audun Bjørkøy, TIND Technologies Norwegian University of Science and Technology Department of Information Security and Communication Technology Title: Security Analysis of Docker Containers in a Production Environment Student: Jon-Anders Kabbe Problem description: Deployment of Docker containers has achieved its popularity by providing an au- tomatable and stable environment serving a particular application. Docker creates a separate image of a file system with everything the application require during runtime. Containers run atop the regular file system as separate units containing only libraries and tools that particular application require. Docker containers reduce the attack surface, improves process interaction and sim- plifies sandboxing. But containers also raise security concerns, reduced segregation between the operating system and application, out of date or variations in libraries and tools and is still an unsettled technology. Docker containers provide a stable and static environment for applications; this is achieved by creating a static image of only libraries and tools the specific application needs during runtime. Out of date tools and libraries are a major security risk when exposing applications over the Internet, but availability is essential in a competitive market. Does Docker raise some security concerns compared to standard application deploy- ment such as hypervisor-based virtual machines? Is the Docker “best practices” sufficient to secure the container and how does this compare to traditional virtual machine application deployment? Responsible professor: Colin Alexander Boyd, ITEM Supervisor: Audun Bjørkøy, TIND Technologies Abstract Container technology for hosting applications on the web is gaining traction as the preferred mode of deployment.
  • Isam: an Iphone Stealth Airborne Malware

    Isam: an Iphone Stealth Airborne Malware

    iSAM: An iPhone Stealth Airborne Malware Dimitrios Damopoulos, Georgios Kambourakis, and Stefanos Gritzalis Info-Sec-Lab Laboratory of Information and Communications Systems Security, University of the Aegean, Samos, Greece {ddamop,gkamb,sgritz}@aegean.gr http://www.icsd.aegean.gr/info-sec-lab Abstract. Modern and powerful mobile devices comprise an attractive target for any potential intruder or malicious code. The usual goal of an attack is to acquire users’ sensitive data or compromise the device so as to use it as a stepping stone (or bot) to unleash a number of attacks to other targets. In this paper, we focus on the popular iPhone device. We create a new stealth and airborne malware namely iSAM able to wirelessly infect and self-propagate to iPhone devices. iSAM incorporates six different malware mechanisms, and is able to connect back to the iSAM bot master server to update its programming logic or to obey commands and unleash a synchronized attack. Our analysis unveils the internal mechanics of iSAM and discusses the way all iSAM components contribute towards achieving its goals. Although iSAM has been specifically designed for iPhone it can be easily modified to attack any iOS-based device. Keywords: Malware, iPhone, iOS, Jailbreak, Stealth, Airborne, Rootkit. 1 Introduction Mobile devices have evolved and experienced an immense popularity over the last few years. These devices have penetrated the market due to the variety of data services they offer, such as texting, emailing, browsing the Internet, documents editing, listening to music, watching videos and playing games in addition to the traditional voice services. As a result, analysts are expecting a mobile device population of 5 billion by 2015 [1].
  • Download Volume 13 (PDF)

    Download Volume 13 (PDF)

    Volume 13, Summer 2019 Copyright Ó 2019 Assistive Technology Industry Association ISSN 1938-7261 Assistive Technology Outcomes and Benefits | i The Role of Research in Influencing Assistive Technology Products, Policy, and Practice Volume 13, Summer 2019 Assistive Technology Outcomes and Benefits The Role of Research in Influencing Assistive Technology Products, Policy, and Practice Volume 13, Summer 2019 Editor in Chief Focused Issue Editor Jennifer L. Flagg Kathleen M. Murphy Center on KT4TT, University oF BuFFalo American Institutes For Research Publication Managers Associate Editors Victoria A. Holder Kate Herndon Tools For LiFe, Georgia Institute oF Technology American Printing House For the Blind Elizabeth A. Persaud Carolyn P. Phillips Tools For LiFe, Georgia Insitute oF Technology Tools For LiFe, Georgia Institute oF Technology Caroline Van Howe Copy Editor Assistive Technology Industry Association Beverly Nau Assistive Technology Outcomes and Benefits (ATOB) is a collaborative peer-reviewed publication of the Assistive Technology Industry Association (ATIA). Editing policies oF this issue are based on the Publication Manual oF the American Psychological Association (6th edition) and may be Found online at www.atia.org/atob/editorialpolicy. The content does not reflect the position or policy of ATIA and no official endorsement should be inferred. Editorial Board Members and Managing Editors David Banes Beth Poss Managing Director, David Banes Access and Administrator, Montgomery County Schools, Inclusion Services Maryland Russell T. Cross Ben SatterField Director of Clinical Operations, Prentke Romich Research Consultant, Center for AT Company Excellence, Tools For LiFe at Georgia Institute oF Technology Anya Evmenova Associate Professor, Division of Special Judith Schoonover Education and disAbility Research, George Occupational Therapist and AT Consultant, Mason University Sterling, Virginia American Occupational Therapy Association, Lori Geist Inc.
  • MOVR Mobile Overview Report April – June 2017

    MOVR Mobile Overview Report April – June 2017

    MOVR Mobile Overview Report April – June 2017 The first step in a great mobile experience TBD 2 The first step in a great mobile experience TBD 3 The first step in a great mobile experience Q1 2017 to Q2 2017 Comparisons Top Smartphones Top Smartphones Africa Asia Europe N. America Oceania S. America • New to the list this Apple iPhone 5S 1.3% 2.9% 4.1% 3.5% 3.9% 3.1% quarter are the Apple Apple iPhone 6 2.2% 4.8% 5.6% 9.3% 10.1% 4.5% iPhone SE and the Apple iPhone 6 Plus 0.8% 2.4% 0.9% 3.7% 3.2% 1.0% Samsung J7 Prime. Apple iPhone 6S 1.7% 4.4% 6.3% 11.0% 13.9% 3.1% Apple iPhone 6S Plus 0.7% 2.6% 1.1% 6.1% 4.6% 0.9% • Dropping off the list Apple iPhone 7 1.2% 2.9% 4.0% 7.6% 9.3% 2.2% are the Motorola Moto Apple iPhone 7 Plus 0.7% 3.1% 1.3% 6.9% 6.2% 1.1% G4, Samsung Galaxy J2 Apple iPhone SE 0.3% 0.6% 2.4% 2.2% 2.1% 1.0% (2015), and the Huawei P8 Lite 2.2% 0.3% 2.1% 0.2% 0.2% 0.6% Vodafone Smart Kicka. Motorola Moto G 0.0% 0.0% 0.1% 0.2% 0.0% 2.1% Motorola Moto G (2nd Gen) 0.0% 0.1% 0.0% 0.1% 0.1% 2.6% • North America and Motorola MotoG3 0.0% 0.1% 0.1% 0.2% 0.1% 3.1% Oceania continue to be Samsung Galaxy A3 1.2% 0.9% 2.2% 0.1% 0.2% 0.5% concentrated markets Samsung Galaxy Grand Neo 1.8% 0.8% 0.8% 0.1% 0.1% 0.6% for brands, with the Samsung Galaxy Grand Prime 0.5% 1.0% 1.5% 0.9% 0.1% 3.5% top smartphones Samsung Galaxy J1 1.8% 0.6% 0.3% 0.1% 0.3% 0.8% accounting for 63.7% and 74.4% Samsung Galaxy J1 Ace 2.5% 0.2% 0.0% 0.1% 0.3% 0.7% respectively.
  • Rootless Containers with Podman and Fuse-Overlayfs

    Rootless Containers with Podman and Fuse-Overlayfs

    CernVM Workshop 2019 (4th June 2019) Rootless containers with Podman and fuse-overlayfs Giuseppe Scrivano @gscrivano Introduction 2 Rootless Containers • “Rootless containers refers to the ability for an unprivileged user (i.e. non-root user) to create, run and otherwise manage containers.” (https://rootlesscontaine.rs/ ) • Not just about running the container payload as an unprivileged user • Container runtime runs also as an unprivileged user 3 Don’t confuse with... • sudo podman run --user foo – Executes the process in the container as non-root – Podman and the OCI runtime still running as root • USER instruction in Dockerfile – same as above – Notably you can’t RUN dnf install ... 4 Don’t confuse with... • podman run --uidmap – Execute containers as a non-root user, using user namespaces – Most similar to rootless containers, but still requires podman and runc to run as root 5 Motivation of Rootless Containers • To mitigate potential vulnerability of container runtimes • To allow users of shared machines (e.g. HPC) to run containers without the risk of breaking other users environments • To isolate nested containers 6 Caveat: Not a panacea • Although rootless containers could mitigate these vulnerabilities, it is not a panacea , especially it is powerless against kernel (and hardware) vulnerabilities – CVE 2013-1858, CVE-2015-1328, CVE-2018-18955 • Castle approach : it should be used in conjunction with other security layers such as seccomp and SELinux 7 Podman 8 Rootless Podman Podman is a daemon-less alternative to Docker • $ alias
  • Apple, Inc. Collegiate Purchase Program Premier Price List January 11, 2011

    Apple, Inc. Collegiate Purchase Program Premier Price List January 11, 2011

    Apple, Inc. Collegiate Purchase Program Premier Price List January 11, 2011 Revisions to the December 7, 2010 Collegiate Purchase Program Premier Price List Effective January 11, 2011 PRODUCTS ADDED TO THE PRICE LIST PRODUCTS REPRICED ON THE PRICE LIST PRODUCTS REMOVED FROM THE PRICE LIST This Price List supersedes all previous Price Lists. Products subject to discontinuation without notice. Prices subject to change without notice. Education Solutions Apple iPod Learning Lab The Apple iPod Learning Lab provides schools with the ideal solution for managing multiple iPod devices in the classroom. The solution includes (20) iPod touch 8GB devices housed in a durable and easy-to-use Apple-exclusive mobile cart capable of storing and charging up to 40 iPod devices. The cart's ability to sync up to 20 iPod devices at a time from one computer makes it quick and easy to set up the devices for student use. The mobile cart's secure, roll-top door can be locked for safe iPod storage. The cart also includes room for storage of up to four notebook computers and a variety of iPod accessories. And, because the cart is mobile, it can be easily shared among multiple classrooms. Choose one of the pre-configured solutions below, or build your own custom iPod lab by visiting http://edu1.apple.com/custom_ipod_lab/. Recommended add-ons: The MacBook is an ideal companion for the Apple iPod Learning Lab. Create compelling education content with iLife and organize and share that content via iTunes. Apple Professional Development prepares teachers to effectively integrate iPod devices and podcasting into their curriculum.
  • Open APPLE THESIS FINAL__1 .Pdf

    Open APPLE THESIS FINAL__1 .Pdf

    THE PENNSYLVANIA STATE UNIVERSITY SCHREYER HONORS COLLEGE DEPARTMENT OF SUPPLY CHAIN AND INFORMATION SYSTEMS SUPPLY CHAIN AS A SWORD AND A SHIELD: LESSONS FROM APPLE LAUREN E. STERN SPRING 2013 A thesis submitted in partial fulfillment of the requirements for a baccalaureate degree in Supply Chain and Information Systems with honors in Supply Chain and Information Systems Reviewed and approved* by the following: Felisa Preciado Clinical Associate Professor of Supply Chain and Information Systems Thesis Supervisor John C. Spychalski Professor Emeritus of Supply Chain Management Honors Adviser * Signatures are on file in the Schreyer Honors College. i ABSTRACT In the past few decades, Apple has gone from being an incredible startup success story, to a company on the very brink of failure, to its current status as one of the most valuable and emulated companies in the world. It originally got its start through technological innovations, laser-like focus and a sometimes uncanny understanding for what consumers would want, and those things have certainly been constant themes during its periods of success. But one of the biggest reasons for its outstanding success in the past decade has been the way Apple has leveraged its supply chain both to control costs and to give it a competitive advantage unmatched by any of its competitors. This paper analyzes the Apple supply chain to try to identify the way in which Apple has taken advantage of its supply chain, adapted it to changes in the market, and used it as both a defensive and offensive competitive weapon to become one of the most successful and influential companies in the world.
  • A Middleware Framework for Application-Aware and User-Specific Energy Optimization in Smart Mobile Devices

    A Middleware Framework for Application-Aware and User-Specific Energy Optimization in Smart Mobile Devices

    Pervasive and Mobile Computing 20 (2015) 47–63 Contents lists available at ScienceDirect Pervasive and Mobile Computing journal homepage: www.elsevier.com/locate/pmc A middleware framework for application-aware and user-specific energy optimization in smart mobile devices Sudeep Pasricha a,∗, Brad K. Donohoo b, Chris Ohlsen c a Colorado State University, Fort Collins, CO 80523, USA b U.S. Department of the Air Force, Roy, UT 84067, UT 84067, USA c Woodward, Inc., Fort Collins, CO 80525, USA article info a b s t r a c t Article history: Mobile battery-operated devices are becoming an essential instrument for business, com- Received 5 August 2014 munication, and social interaction. In addition to the demand for an acceptable level of per- Received in revised form 22 December 2014 formance and a comprehensive set of features, users often desire extended battery lifetime. Accepted 7 January 2015 In fact, limited battery lifetime is one of the biggest obstacles facing the current utility and Available online 14 January 2015 future growth of increasingly sophisticated ``smart'' mobile devices. This paper proposes a novel application-aware and user-interaction aware energy optimization middleware Keywords: framework (AURA) for pervasive mobile devices. AURA optimizes CPU and screen back- Energy optimization Smart mobile systems light energy consumption while maintaining a minimum acceptable level of performance. Pervasive computing The proposed framework employs a novel Bayesian application classifier and management Machine learning strategies based on Markov Decision Processes and Q-Learning to achieve energy savings. Middleware Real-world user evaluation studies on Google Android based HTC Dream and Google Nexus One smartphones running the AURA framework demonstrate promising results, with up to 29% energy savings compared to the baseline device manager, and up to 5×savings over prior work on CPU and backlight energy co-optimization.
  • The Rise and Imminent Fall of the N-Day Exploit Market in the Cybercriminal Underground

    The Rise and Imminent Fall of the N-Day Exploit Market in the Cybercriminal Underground

    The Rise and Imminent Fall of the N-Day Exploit Market in the Cybercriminal Underground Mayra Rosario Fuentes and Shiau-Jing Ding Contents TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and 4 should not be construed to constitute legal advice. The information contained herein may not be applicable to all Introduction situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing 7 herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document Overview of Exploit Developers at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise 12 related to the accuracy of a translation, please refer to the original language official version of the document. Any Overview of Exploit Demand and discrepancies or differences created in the translation are Availability not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro 16 makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree Outdated Exploits that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied.
  • Beginners Guide to Developing for a Jailbroken Ios Plaxorm

    Beginners Guide to Developing for a Jailbroken Ios Plaxorm

    Beginners Guide to Developing for a Jailbroken iOS Plaorm Priya Rajagopal Twier: @rajagp Blog: hp://www.priyaontech.com CocoaHeads, Jan 2012 Jailbreaking is Legal (..at least in the US) Priya Rajagopal, CocoaHeads,2012 Why develop for a jailbroken plaorm? • Develop run-Ume patches (.dylibs) that can be automacally loaded and shared across apps – Link with third part dylibs (eg- BTStack) • Hook into “system” apps and control plaorm behavior – Eg. Mobile Safari, Springboard • UUlize features not exposed through SDK’s public APIs to build something really cool Priya Rajagopal, CocoaHeads,2012 3 Why develop for a jailbroken plaorm? • More control over the plaorm – Terminal window, ssh, scp, rm etc. It’s a unix system. • Don’t need an Apple developer’s license – Self signed apps, pseudo signed apps • You don’t even need a Mac – You can even develop on the phone (Cool!) • Opons : – Distribute through Cydia – Internal Enterprise apps – Personal use. If you can’t find it, you can build it! Priya Rajagopal, CocoaHeads,2012 4 Tethered vs. Untethered Jailbreak • Tethered – You need to tether your device to your PC to reboot it. Quite inconvenient • Untethered – You don’t need to tether your device to your PC to reboot it. • ParUal Untethered – Tethered but you can reboot untethered to enable minimal funcUonality Priya Rajagopal, CocoaHeads,2012 5 Jailbreak Sogware (If its not free, it’s a scam) • RedSn0w (Mac /Windows) • Jailbreakme.com (Web) • PwnageTool (Mac) • GreenPois0n (Mac/Windows) Priya Rajagopal, CocoaHeads,2012 6 Status of iOS Jailbreak