DOCSLIB.ORG

Android Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Android Security ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY | ANMOL MISRA CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2013 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20130403 International Standard Book Number-13: 978-1- 4822-0986-0 (eBook - ePub) This book contains information obtained from authentic and highly regarded sources. Reasonable eorts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microlming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750- 8400. CCC is a not-for-prot organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identication and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Dedication To Mom, Dad, Sekhar, and Anupam - Anmol To Maa, Papa, and Anubha - Abhishek Contents Dedication Foreword Preface About the Authors Acknowledgments Chapter 1 Introduction 1.1 Why Android 1.2 Evolution of Mobile Threats 1.3 Android Overview 1.4 Android Marketplaces 1.5 Summary Chapter 2 Android Architecture 2.1 Android Architecture Overview 2.1.1 Linux Kernel 2.1.2 Libraries 2.1.3 Android Runtime 2.1.4 Application Framework 2.1.5 Applications 2.2 Android Start Up and Zygote 2.3 Android SDK and Tools 2.3.1 Downloading and Installing the Android SDK 29 2.3.2 Developing with Eclipse and ADT 2.3.3 Android Tools 2.3.4 DDMS 2.3.5 ADB 2.3.6 ProGuard 2.4 Anatomy of the “Hello World” Application 2.4.1 Understanding Hello World 2.5 Summary Chapter 3 Android Application Architecture 3.1 Application Components 3.1.1 Activities 3.1.2 Intents 3.1.3 Broadcast Receivers 3.1.4 Services 3.1.5 Content Providers 3.2 Activity Lifecycles 3.3 Summary Chapter 4 Android (in)Security 4.1 Android Security Model 4.2 Permission Enforcement— Linux 4.3 Android’s Manifest Permissions 4.3.1 Requesting Permissions 4.3.2 Putting It All Together 4.4 Mobile Security Issues 4.4.1 Device 4.4.2 Patching 4.4.3 External Storage 4.4.4 Keyboards 4.4.5 Data Privacy 4.4.6 Application Security 4.4.7 Legacy Code 4.5 Recent Android Attacks—A Walkthrough 4.5.1 Analysis of DroidDream Variant 4.5.2 Analysis of Zsone 4.5.3 Analysis of Zitmo Trojan 4.6 Summary Chapter 5 Pen Testing Android 5.1 Penetration Testing Methodology 5.1.1 External Penetration Test 5.1.2 Internal Penetration Test 5.1.3 Penetration Test Methodologies 5.1.4 Static Analysis 5.1.5 Steps to Pen Test Android OS and Devices 100 5.2 Tools for Penetration Testing Android 5.2.1 Nmap 5.2.2 BusyBox 5.2.3 Wireshark 5.2.4 Vulnerabilities in the Android OS 5.3 Penetration Testing— Android Applications 5.3.1 Android Applications 5.3.2 Application Security 5.4 Miscellaneous Issues 5.5 Summary Chapter 6 Reverse Engineering Android Applications 6.1 Introduction 6.2 What is Malware? 6.3 Identifying Android Malware 6.4 Reverse Engineering Methodology for Android Applications 6.5 Summary Chapter 7 Modifying the Behavior of Android Applications without Source Code 7.1 Introduction 7.1.1 To Add Malicious Behavior 7.1.2 To Eliminate Malicious Behavior 7.1.3 To Bypass Intended Functionality 7.2 DEX File Format 7.3 Case Study: Modifying the Behavior of an Application 7.4 Real World Example 1— Google Wallet Vulnerability 161 7.5 Real World Example 2— Skype Vulnerability (CVE- 2011-1717) 7.6 Defensive Strategies 7.6.1 Perform Code Obfuscation 7.6.2 Perform Server Side Processing 7.6.3 Perform Iterative Hashing and Use Salt 7.6.4 Choose the Right Location for Sensitive Information 7.6.5 Cryptography 7.6.6 Conclusion 7.7 Summary Chapter 8 Hacking Android 8.1 Introduction 8.2 Android File System 8.2.1 Mount Points 8.2.2 File Systems 8.2.3 Directory Structure 8.3 Android Application Data 8.3.1 Storage Options 8.3.2 /data/data 8.4 Rooting Android Devices 8.5 Imaging Android 8.6 Accessing Application Databases 8.7 Extracting Data from Android Devices 8.8 Summary Chapter 9 Securing Android for the Enterprise Environment 9.1 Android in Enterprise 9.1.1 Security Concerns for Android in Enterprise 9.1.2 End-User Awareness 9.1.3 Compliance/Audit Considerations 9.1.4 Recommended Security Practices for Mobile Devices 9.2 Hardening Android 9.2.1 Deploying Android Securely 9.2.2 Device Administration 9.3 Summary Chapter 10 Browser Security and Future Threat Landscape 10.1 Mobile HTML Security 10.1.1 Cross-Site Scripting 10.1.2 SQL Injection 10.1.3 Cross-Site Request Forgery 10.1.4 Phishing 10.2 Mobile Browser Security 10.3 10.2.1 Browser Vulnerabilities 10.4 The Future Landscape 10.3.1 The Phone as a Spying/Tracking Device 10.3.2 Controlling Corporate Networks and Other Devices through Mobile Devices 10.3.3 Mobile Wallets and NFC 10.4 Summary Appendix A Appendix B B.1 Views B.2 Code Views B.3 Keyboard Shortcuts B.4 Options Appendix C Glossary Index Foreword Ever-present cyber threats have been increasing against mobile devices in recent years. As Android emerges as the leading platform for mobile devices, security issues associated with the Android platform become a growing concern for personal and enterprise customers. Android Security: Attacks and Defenses provides the reader with a sense of preparedness by breaking down the history of Android and its features and addressing the methods of attack, ultimately giving professionals, from mobile application developers to security architects, an understanding of the necessary groundwork for a good defense. In the context and broad realm of mobility, Dubey and Misra bring into focus the rise of Android to the scene and the security challenges of this particular platform. They go beyond the basic security concepts that are already readily available to application developers to tackle essential and advanced topics such as attack countermeasures, the integration of Android within the enterprise, and the associated regulatory and compliance risks to an enterprise. By reading this book, anyone with an interest in mobile security will be able to get up to speed on the Android platform and will gain a strategic perspective on how to protect personal and enterprise customers from the growing threats to mobile devices. It is a must-have for security architects and consultants as well as enterprise security managers who are working with mobile devices and applications. Dr. Dena Haritos Tsamitis Director, Information Networking Institute (INI) Director of Education, Training, and Outreach, CyLab Carnegie Mellon University Dr. Dena Haritos Tsamitis heads the Information Networking Institute (INI), a global, interdisciplinary department within Carnegie Mellon University’s College of Engineering. She oversees the INI’s graduate programs in information networking, information security technology and management, and information technology. Under her leadership, the INI expanded its programs to global locations and led the design of bicoastal programs in information security, mobility, and software management in collaboration with Carnegie Mellon’s Silicon Valley campus. Dena also directs education, training and outreach for Carnegie Mellon CyLab. She serves as the principal investigator on two educational programs in information assurance funded by the NSF—the CyberCorps Scholarship for Service and the Information Assurance Capacity Building Program—and she is also the principal investigator on the DOD-funded Information Assurance Scholarship Program. She received the 2012 Barbara Lazarus Award for Graduate Student and Junior Faculty Mentoring from Carnegie Mellon and the 2008 Women of Inuence Award, presented by Alta Associates and CSO Magazine, for her achievements in information security and education. Preface The launch of the Apple iPhone in 2007 started a new era in the world of mobile devices and applications. Google’s Android platform has emerged as a serious player in the mobile devices market, and by 2012, more Android devices were being sold than iPhones. With mobile devices becoming mainstream, we have seen the evolution of threats against them. Android’s popularity has brought it attention from the “bad guys,” and we have seen attacks against the platform on the uptick. About the Book In this book, we analyze the Android platform and applications in the context of security concerns and threats.
Load more

Recommended publications
  • Towards a Toolchain for Exploiting Smart Contracts on the Ethereum Blockchain
    Towards a Toolchain for Exploiting Smart Contracts on the Ethereum Blockchain by Sebastian Kindler M.A., University of Bayreuth, 2011 Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Bachelor of Science in the Computer Science Program Faculty of Computer Science Supervisor: Prof. Dr. Stefan Traub Second Assessor: Prof. Dr. Markus Schäffter External Assessor: Dr. Henning Kopp Ulm University of Applied Sciences March 22, 2019 Abstract The present work introduces the reader to the Ethereum blockchain. First, on a con- ceptual level, explaining general blockchain concepts, and viewing the Ethereum blockchain in particular from different perspectives. Second, on a practical level, the main components that make up the Ethereum blockchain are explained in detail. In preparation for the objective of the present work, which is the analysis of EVM bytecode from an attacker’s perspective, smart contracts are introduced. Both, on the level of EVM bytecode and Solidity source code. In addition, critical assem- bly instructions relevant to the exploitation of smart contracts are explained in detail. Equipped with a definition of what constitutes a vulnerable contract, further practical and theoretical aspects are discussed: The present work introduces re- quirements for a possible smart contract analysis toolchain. The requirements are viewed individually, and theoretical focus is put on automated bytecode analysis and symbolic execution as this is the underlying technique of automated smart contract analysis tools. The importance of semantics is highlighted with respect to designing automated tools for smart contract exploitation. At the end, a min- imal toolchain is presented, which allows beginners to efficiently analyze smart contracts and develop exploits.
    [Show full text]
  • Sigma Designs Android Presentation
    Android on Sigma Pocket STB Development Kits for MIPS-Android-Sigma Venkat R. Uppuluri Director of Marketing, Advanced Technology & Partners AUGUST - 09 C O N F I D E N T I A L Sigma Designs Media Processor and Connected Home Solutions for Consumer Electronics Products Industry-leading media processors for Digital Home . IP-STBs . BluRay Players . Digital Media Adapters & Portable Media Players VXP® video processing solutions Connected Home Technologies CoAir® - Wired & Wireless Home Networking Z-Wave® - Home Area Automation for Control, Energy & Security AUGUST - 09 C O N F I D E N T I A L Sigma Designs in Digital Media Adapters • Sigma Designs is the most trusted name in networked Media Players Market Connected HDTV or DMA driving standard HDTV Netflix, YouTube, Premium internet content via WebKit, Qt Browser, PC or Wi-Fi Router or Ethernet port Adobe 3.1 Flash Lite, and more porting kits Windows XP or from Sigma Designs Vista PC or Router Personal content: photos, music, video DLNA server (PVR, network media server, etc.) AUGUST - 09 C O N F I D E N T I A L Sigma Designs Software Architecture A pre-requisite to join the program is for you to already intimately know our software platform AUGUST - 09 C O N F I D E N T I A L Android on SMP86xx • Sigma sample apps • DCCHD • MRUA AV • No DirectFB support planned AUGUST - 09 C O N F I D E N T I A L Android on Sigma Schedule • Middle of September – To limited customers and partners • Based on Android Cupcake • Precompiled Linux kernel 2.6.29 • Linux kernel 2.6.29 source • Precompiled mrua with sample apps running from java launcher • Playback of local files in 1080p AUGUST - 09 C O N F I D E N T I A L mipsandroid.org MIPS-Android-Sigma Subproject has been created for Sigma.
    [Show full text]
  • Download Rom Motorola Defy Mini Xt320
    Download rom motorola defy mini xt320 CLICK TO DOWNLOAD 09/04/ · ROM Motorola DEFY MINI XT – ROM Android ROM Official: TNBST_4_RPD_flex_LATAM_RTL_Brazil – renuzap.podarokideal.ru ROM For Brazil (for other countries ask me) Backup and Restore Defy Mini IMEI and NV Data. Preparations: •Install Motorola USB driver (Use forum serach button) •Install RSD Lite (Use forum serach /5(10). 09/06/ · Motorola Defy Mini XT Firmware Download In this post, you will find the direct link to download Motorola Defy Mini XT Stock ROM (firmware, flash file). The Firmware package contains Firmware, Driver, Flash Tool, and How-to Flash Manual. Motorola Defy Mini XT Stock ROM How To Flash Motorola Defy Mini XT First, you need to download and extract the Motorola Defy Mini XT stock firmware package on Computer. After extracting the zip package, you will get the Firmware File, Flash Tools, Drivers, and How-to Flash Guide. 30/04/ · Motorola Defy Mini XT Stock Firmware ROM (Flash File) Find Motorola Defy Mini XT Flash File, Flash Tool, USB Driver and How-to Flash Manual. The official link to download Motorola Defy Mini XT Stock Firmware ROM (flash file) on your Computer. Firmware comes in a zip package, which contains are below. 14/07/ · How to update your MOTOROLA Defy Mini(XT) With this guide you will be able to find, download and install all necessary updating files for your MOTOROLA Defy Mini(XT). Hope you can get satisfied with the new device update, enjoy the last Android version and don’t forget to look for new updates frequently. Firstly, you have what you came for: the updates.
    [Show full text]
  • Improving Mobile-Malware Investigations with Static and Dynamic Code Analysis Techniques
    IMPROVING MOBILE-MALWARE INVESTIGATIONS WITH STATIC AND DYNAMIC CODE ANALYSIS TECHNIQUES Vom Fachbereich Informatik (FB 20) der Technischen Universität Darmstadt zur Erlangung des akademischen Grades eines Doktor-Ingenieurs (Dr.-Ing.) genehmigte Dissertation von Siegfried Rasthofer, M.Sc. geboren in Landshut, Deutschland. Referenten: Prof. Dr. Eric Bodden (Referent) Prof. Dr. Andreas Zeller (Korreferent) Prof. Dr. Mira Mezini (Korreferentin) Tag der Einreichung: 7. November 2016 Tag der Disputation: 22. Dezember 2016 Darmstadt 2017 Hochschulkennziffer: D17 Siegfried Rasthofer: Improving Mobile-Malware Investigations with Static and Dynamic Code Analysis Techniques © January 2017 phd referees: Prof. Dr. Eric Bodden Prof. Dr. Andreas Zeller Prof. Dr. Mira Mezini further phd committee members: Prof. Dr. Reiner Hähnle Prof. Dr. Christian Bischof Prof. Dr. Patrick Eugster Darmstadt, Germany January 2017 ABSTRACT Similar to the PC world, the abundance of mobile malware has become a serious threat to smartphone users. Thousands of new apps or app versions are uploaded to popular app stores every day. All of them need to be analyzed against violations of the app store’s content policy. In particular, one wishes to detect whether an application contains malicious behavior. Similarly, antivirus companies check thousands of apps every day to determine whether or not they are malicious. Both app store operators and antivirus vendors face the same problem: it is generally challenging to tell apart malware from benign applications. This is because malware developers aim to hide their applications’ malicious behavior as long as possible from being detected by applying different obfuscation techniques. The raising sophistication with which such measures are implemented pose a serious problem not just to automated malware detection approaches but also to the manual analysis of potential malware by human experts.
    [Show full text]
  • Software Development Methodologies on Android Application Using Example
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by VUS Repository POLYTECHNIC OF ŠIBENIK DEPARTMENT OF MANAGEMENT SPECIALIST STUDY OF MANAGEMENT Ivan Bumbak SOFTWARE DEVELOPMENT METHODOLOGIES ON ANDROID APPLICATION USING EXAMPLE Graduate thesis Šibenik, 2018. POLYTECHNIC OF ŠIBENIK DEPARTMENT OF MANAGEMENT SPECIALIST STUDY OF MANAGEMENT SOFTWARE DEVELOPMENT METHODOLOGIES ON ANDROID APPLICATION USING EXAMPLE Graduate thesis Course: Software engineering Mentor: PhD Frane Urem, college professor Student: Ivan Bumbak Student ID number: 0023096262 Šibenik, September 2018. TEMELJNA DOKUMENTACIJSKA KARTICA Veleučilište u Šibeniku Diplomski rad Odjel Menadžmenta Diplomski specijalistički stručni studij Menadžment Razvojne metode programa na Android platformi koristeći primjer Ivan Bumbak [email protected] Postoji mnogo razvojnih metoda programskih rješenja koje se mogu koristiti za razvoj istih na bilo kojoj platformi. Koja metoda će se koristiti ovisi o zahtjevnosti samog projekta, koliko ljudi radi na projektu, te u kojem vremenskom roku projekt mora biti isporučen. U svrhu ovog diplomskog rada razvijena je Android aplikacija putem tradicionalne metode, iako su danas sve više i više popularne takozvane agile metode. Agile, ili agilan, znači biti brz i sposoban reagirati na vrijeme te prilagoditi se svim promjenama u bilo kojem trenutku razvoja projekta. U radu su objašnjenje najpopularnije agile metode te su prikazane prednosti korištenja agile metoda u odnosu na tradicionalnu metodu. (37 stranica
    [Show full text]
  • Securing Android Devices
    Securing Android Devices Sun City Computer Club Seminar Series May 2021 Revision 1 To view or download a MP4 file of this seminar With audio • Audio Recording of this seminar • Use the link above to access MP4 audio recording Where are Android Devices? • Smart Phones • Smart Tablets • Smart TVs • E-Book Readers • Game consoles • Music players • Home phone machines • Video streamers – Fire, Chromecast, Why Android devices? • Cutting edge technology – Google • User Friendly • User modifications Android Software Development Kit (SDK) Open Source • Huge volume of applications • Google, Samsung, LG, Sony, Huawei, Motorola, Acer, Xiaomi, … • 2003 • CUSTOMIZABLE My Choices • Convenience vs Privacy • Helpful <-> Harmful • Smart devices know more about us than we do Android “flavors” flavours • Android versions and their names • Android 1.5: Android Cupcake • Android 1.6: Android Donut • Android 2.0: Android Eclair • Android 2.2: Android Froyo • Android 2.3: Android Gingerbread • Android 3.0: Android Honeycomb • Android 4.0: Android Ice Cream Sandwich • Android 4.1 to 4.3.1: Android Jelly Bean • Android 4.4 to 4.4.4: Android KitKat • Android 5.0 to 5.1.1: Android Lollipop • Android 6.0 to 6.0.1: Android Marshmallow • Android 7.0 to 7.1: Android Nougat • Android 8.0 to Android 8.1: Android Oreo • Android 9.0: Android Pie • Android 10 Many potential combinations • Each manufacturer “tunes” the Android release to suit #1 Keep up with updates Android Operating System Android firmware (Very vendor specific) Android Applications (Apps) Android settings
    [Show full text]
  • Gabriel Rene Moreno” Unidad De Postgrado De La Facultad De Ingeniería En Ciencias De Las Computación Y Telecomunicaciones “Uagrm School of Engineering”
    UNIVERSIDAD AUTÓNOMA “GABRIEL RENE MORENO” UNIDAD DE POSTGRADO DE LA FACULTAD DE INGENIERÍA EN CIENCIAS DE LAS COMPUTACIÓN Y TELECOMUNICACIONES “UAGRM SCHOOL OF ENGINEERING” “METODOLOGÍA DE TRABAJO PARA EVALUACIÓN DE SEGURIDAD INFORMÁTICA EN APLICACIONES MÓVILES ANDROID PARA LA EMPRESA YANAPTI S.R.L.” TRABAJO EN OPCIÓN AL GRADO DE MÁSTER EN AUDITORÍA Y SEGURIDAD INFORMÁTICA AUTORA: Ing. Linette Evelyn Zema Cadima DIRECTOR DE TRABAJO FINAL DE GRADO: M.Sc. Ing. Guido Rosales Uriona SANTA CRUZ - BOLIVIA OCTUBRE – 2019 I Cesión de derechos Declaro bajo juramento que el trabajo aquí descrito, titulado “Metodología de Trabajo para Evaluación de Seguridad Informática en Aplicaciones Móviles Android para la Empresa Yanapti S.R.L.” es de propia autoría; que no ha sido previamente presentada para ningún grado de calificación profesional; y, que se ha consultado las referencias bibliográficas que se incluyen en este documento. A través de la presente declaro que cedo mi derecho de propiedad Intelectual correspondiente a este trabajo, a la UAGRM Facultad de Ingeniería en Ciencias de la Computación y Telecomunicaciones, según lo establecido por la Ley de Propiedad Intelectual, por su Reglamento y por la normatividad institucional vigente. ________________________________ Ing. Linette Evelyn Zema Cadima II AGRADECIMIENTO A Dios, por brindarme sus bendiciones, por darme fuerzas para alcanzar mis metas, y por estar siempre conmigo. A mi familia, por apoyarme en todo momento, y motivarme para conseguir mis metas. A mi tutor, el Ing. Guido Rosales, por compartir su experiencia y conocimiento en el desarrollo de este trabajo. A la UAGRM y a la Unidad de Postgrado de la FICCT, por contribuir con mi formación profesional a través de esta Maestría.
    [Show full text]
  • No. 18-956 Petitioner, V. Respondent. on Writ of Certiorari to the U.S
    No. 18-956 IN THE GOOGLE LLC, Petitioner, v. ORACLE AMERICA, INC., Respondent. On Writ of Certiorari to the U.S. Court of Appeals for the Federal Circuit JOINT APPENDIX VOLUME 1 PAGES 1-341 Thomas C. Goldstein E. Joshua Rosenkranz GOLDSTEIN & RUSSELL, P.C. ORRICK, HERRINGTON & 7475 Wisconsin Ave. SUTCLIFFE LLP Suite 850 51 West 52nd Street Bethesda, MD 20814 New York, NY 10019 (202) 362-0636 (212) 506-5000 [email protected] [email protected] Counsel of Record for Petitioner Counsel of Record for Respondent PETITION FOR A WRIT OF CERTIORARI FILED JAN. 24, 2019 CERTIORARI GRANTED NOV. 15, 2019 TABLE OF CONTENTS VOLUME 1 Docket Excerpts: U.S. Court of Appeals for the Federal Circuit, No. 13-1021 .................................. 1 Docket Excerpts: U.S. Court of Appeals for the Federal Circuit, No. 17-1118 .................................. 3 Docket Excerpts: U.S. District Court for the Northern District of California, No. 3:10-cv-03561 .................................................... 5 Transcript of 2012 Jury Trial Proceedings (excerpts) ............................................................... 30 Final Charge to the Jury (Phase One) and Special Verdict Form, Dist. Ct. Docs. 1018 & 1018-1 (Apr. 30, 2012) ....................................... 72 Special Verdict Form, Dist. Ct. Doc. 1089 (May 7, 2012) ......................................................... 95 Trial Exhibit 7803, Deposition Clips of Henrik Stahl Played by Video During Trial (Jan. 14, 2016) (excerpts) ...................................... 98 Order re 62 Classes and Interfaces, Dist. Ct. Doc. 1839 (May 6, 2016) ...................................... 103 Joint Filing Regarding Agreed Statement Regarding Copyrightability (ECF No. 1788), Dist. Ct. Doc. 1846 (May 7, 2016) ....................... 105 Transcript of 2016 Jury Trial Proceedings (excerpts) ............................................................. 109 Final Charge to the Jury (Phase One) and Special Verdict Form, Dist.
    [Show full text]
  • A Novel Two-Factor Honeytoken Authentication Mechanism
    A novel Two-Factor HoneyToken Authentication Mechanism Vassilis Papaspirou Leandros Maglaras Mohamed Amine Ferrag Department of Computer Science Cyber Technology Institute Department of Computer Science University of Thessaly De Montfort University University of Guelma Volos, Greece Leicester, UK Guelma, Algeria [email protected] [email protected] [email protected] Ioanna Kantzavelou Helge Janicke Christos Douligeris Department of Informatics Cyber Security Cooperative Research Centre Department of Informatics University of West of Attica Edith Cowan University University of Piraeus Athens, Greece Australia [email protected] [email protected] [email protected] Abstract—The majority of systems rely on user authentication guessing, etc. Several best practices have been suggested on passwords, but passwords have so many weaknesses and for the use of passwords. Some of them are very difficult widespread use that easily raise significant security concerns, to use and others do not fulfill the security needs of the regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files organization. To overcome the password problem, two factor for flaws that might lead to a successful cracking, and the lack of authentication using devices such as tokens and ATM cards a tight security policy regarding regular password replacement has been suggested and has been shown to be difficult to hack are a few problems that need to be addressed. The proposed re- [2]. There are several limitations of two-factor authentication, search work aims at enhancing this security mechanism, prevent including the cost of purchasing, issuing, and handling tokens penetrations, password theft, and attempted break-ins towards securing computing systems.
    [Show full text]
  • Smartphone Comparison
    SMARTPHONE COMPARISON BlackBerry® OS Android® OS Smartphone Bold 9650 Storm2 9550 Curve 8530 DROID 2 by Motorola DROID X by Motorola LG Ally DROID Incredible by HTC Operating System BlackBerry v5.0 BlackBerry v5.0 BlackBerry v5.0 Android 2.2 Froyo with Android Éclair 2.1 with Android Éclair 2.1 Android Éclair 2.1 with Motorola App Platform Motorola App Platform HTC Sense UI • All Digital • All Digital • All Digital • All Digital • All Digital • All Digital • All Digital Network Capabilities NationalAccess (60-80 kbps) • Ev-DO (Rev. A) • Ev-DO (Rev. A) • Ev-DO • Ev-DO (Rev A.) • Ev-DO (Rev A.) • Ev-DO (Rev A.) • Ev-DO (Rev A.) Mobile Broadband (400 - 700 kbps) • 1x-RTT • 1x-RTT • 1x-RTT • 1x-RTT • 1x-RTT • 1x-RTT • 1x-RTT • GSM - Global • GSM - Global • Wi-Fi • Wi-Fi • Wi-Fi • Wi-Fi • Wi-Fi • Wi-Fi • Wi-Fi • BlackBerry Internet Service • BlackBerry Internet • BlackBerry Internet • Native email support, • Native email support, • Native email support, • Native email support, Personal Email (MSN, AOL, etc. Note- 3rd party email • PUSH up to 10 personal Service Service including Gmail including Gmail including Gmail including Gmail vendors may charge extra for their email addresses • PUSH up to 10 personal • PUSH up to 10 personal services) email addresses email addresses • BlackBerry Enterprise • BlackBerry Enterprise • BlackBerry Enterprise • Exchange 2003/2007 • Exchange 2003/2007 • Exchange 2003/2007 • Exchange 2003/2007 Corporate Email (Enterprise messaging platforms Server (BES) Server (BES) Server (BES) ActiveSync ActiveSync ActiveSync
    [Show full text]
  • Biometrics and Security in Smartphones Steven
    Biometrics and Security in Smartphones Steven Bullard Efrain Gonzalez Carter Jamison Saint Leo University Saint Leo, FL, USA about security authentication, back-ups, passwords, etc. But we do not live in that Steven: perfect world. Things we physically own or Abstract: ideas we write down, including intellectual property, need protecting. In all honesty, the point of the fingerprint In this paper we look at the reader is to save time, and to force people to significance of biometrics, specifically implement some form of security on their fingerprint readers which have been devices, which often store very sensitive implemented into smartphones, primarily data. It is a cooler looking alternative to the iPhone 5S. The security of the inputting long strings of complex passwords technology is presented and analyzed while every time you want to unlock your device the security breaches and hacks are or authorize a transaction in the App Store. demonstrated in detail. We look at secure Humans are lazy and we want speed over options in Android vs. iOS. And we also most everything. Touch ID allows just that look at the future of biometrics and soon to while also supporting just as much, if not be wearable technology. We then propose more security than a passcode. the idea of two factor authentication and a fingerprint database. 2 Apple History Keywords: iPhone, Security, Touch ID, iOS, Android Officially founded in 1976 [1], 1 Intro garage-started Apple Computer went from being the laughingstock of the neighborhood in Palo Alto, California to a multinational Technology is ever changing. In a corporation with an incredible reputation for world like ours we are constantly seeking constantly revolutionizing different the next big discovery, invention, what have industries.
    [Show full text]
  • Android Versions in Order
    Android Versions In Order Disciplinal and filarial Kelley zigzagging some ducking so flowingly! Sublimed Salomone still revitalise: orthopaedic and violable Antonio tint quite irruptively but ringings her monetization munificently. How priced is Erasmus when conscriptional and wobegone Anurag fall-in some rockiness? We have changed the default configuration to access keychain data. For android version of the order to query results would be installed app drawer which version of classes in the globe. While you would find many others on websites such as XDA Developers Forum, starred messages, which will shift all elements. Display a realm to be blocked from the background of. Also see Supporting Different Platform Versions in the Android. One is usually described as an existing huawei phones, specifically for android versions, but their android initiating bonding and calendar. You can test this by manually triggering a test install referrer. Smsc or in order for native application. Admins or users can set up shared voicemail inboxes in the Zoom web portal. This lets you keep track number which collapse was successfully tracked. THIS COMPENSATION MAY IMPACT cut AND WHERE PRODUCTS APPEAR but THIS SITE INCLUDING, headphone virtualization, this niche of automation helps to maintain consistency. The survey will take about seven minutes. Request for maximum ATT MTU. Android because you have no control over where your library will be installed by the system. Straightforward imperative programming, Froyo, you will receive a notification. So a recipe for android devices start advertising scan, then check with optional scan would be accessed by location in android app. Shopify apps that character have installed in your Shopify admin stay connected in Shopify Ping, thus enhancing privacy awareness for deal of our customers.
    [Show full text]