DOCSLIB.ORG

Security of Smartphones at the Dawn of Their Ubiquitousness

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security of Smartphones at the Dawn of Their Ubiquitousness Security of Smartphones at the Dawn of their Ubiquitousness Inauguraldissertation zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften der Universität Mannheim vorgelegt von Michael Becher aus Kleve, Deutschland Mannheim, 2009 Dekan: Prof. Dr.-Ing. Felix Freiling, Universität Mannheim Referent: Prof. Dr.-Ing. Felix Freiling, Universität Mannheim Korreferent: Prof. Dr.-Ing. Ulrike Meyer, RWTH Aachen Tag der mündlichen Prüfung: 09.10.2009 iii Abstract The importance of researching in the field of smartphone security is substantiated in the increasing number of smartphones, which are expected to outnumber common computers in the future. Despite their increasing importance, it is unclear today if mobile malware will play the same role for mobile devices as for common computers today. Therefore, this thesis contributes to defining and structuring the field mobile device security with special concern on smartphones and on the operational side of security, i.e., with mobile malware as the main attacker model. Additionally, it wants to give an understanding of the shifting boundaries of the attack surface in this emerging research field. The first three chapters introduce and structure the research field with the main goal of showing what has to be defended against today. Besides introducing related work they structure mobile device attack vectors with regard to mobile malicious software and they structure the topic of mobile malicious software itself with regard to its portability. The technical contributions of this thesis are in Chapters5 to8, classified according to the location of the investigation (on the device, in the network, distributed in device and network). Located in the device is MobileSandbox, a software for dy- namic malware analysis. As another device-centric contribution we investigate on the efforts that have to be taken to develop an autonomously spreading smartphone worm. The results of these investigations are used to show that device-centric parts are necessary for smartphone security. Additionally, we propose a novel device- centric security mechanism that aims at reducing the attack surface of mobile devices to mobile malware. The network-centric investigations show the possibilities that a mobile network operator can use in its own mobile network for protecting the mobile devices of its clients. We simulate the effectiveness of different security mechanisms. Finally, the distributed investigations show the feasibility of distributed computation algorithms with security modules. We give prototypic implementations of protocols for secure multiparty computation as a modularized version with failure detector and consensus algorithms, and for fair exchange with guardian angels. iv Zusammenfassung Die Wichtigkeit der Forschung zur Sicherheit von multifunktionalen Mobiltele- fonen (engl. “smartphones”) wird untermauert von ihrer steigenden Anzahl, die vermutlich die Anzahl von herkömmlichen Rechnern in Zukunft übersteigen wird. Trotz ihrer steigenden Bedeutung ist es unklar, ob mobile Schadprogramme (engl. “mobile malware”) dieselbe Rolle für mobile Endgeräte spielen werden, wie es her- kömmliche Schadprogramme für herkömmliche Rechner tun. Aus diesem Grund leistet diese Arbeit einen Beitrag dazu, das Thema Sicherheit mobiler Endgeräte zu definieren und zu strukturieren. Insbesondere behandelt sie multifunktionale Mobiltelefone und die operative Seite der Sicherheit, die mobile Schadprogram- me als das hauptsächliche Angriffsmodell hat. Die Arbeit möchte zusätzlich ein Verständnis von den sich verschiebenden Grenzen der Angriffsvektoren in diesem neuen Forschungsfeld geben. Die ersten drei Kapitel führen in das Themenfeld ein, strukturieren es, und zeigen, wogegen man sich heute schützen muss. Neben der Nennung von verwandten Arbeiten werden Angriffsvektoren für mobile Endgeräte in Bezug auf mobile Schadprogramme, sowie mobile Schadprogramme in Bezug auf ihre Portabilität strukturiert. Die technischen Beiträge dieser Arbeit folgen in den Kapiteln 5 bis 8, aufgeteilt durch den Ort der Untersuchung (auf dem Endgerät, im Netz, verteilt zwischen Endgerät und Netz). Im Endgerät angesiedelt ist MobileSandbox, ein Programm für die dynamische Analyse von Schadprogrammen. Ein weiterer Beitrag bezogen auf das Endgerät ist die Untersuchung der Aufwände für die Entwicklung eines sich autonom verbreitenden Wurms auf multifunktionalen Mobiltelefonen. Die Ergebnisse dieser Untersuchungen werden benutzt, um endgerätezentrierte Teile als für die Sicherheit von multifunktionalen Mobiltelefonen notwendig zu zeigen. Außerdem wird ein neuartiger endgerätezentrierter Sicherheitsmechanismus vorge- stellt, der die Angriffsfläche der Endgeräte gegenüber mobilen Schadprogrammen reduziert. Die netzzentrierten Untersuchungen zeigen die Möglichkeiten, die ein Mobilfunk- netzbetreiber in seinem Mobilfunknetz benutzen kann, um die mobilen Endgeräte seiner Kunden zu schützen. Die Effektivität von verschiedenen Sicherheitsmecha- nismen wird simuliert. Schließlich zeigen die verteilten Untersuchungen die Durchführbarkeit von Sicher- heitsmodulen benutzenden Algorithmen zur verteilten Berechnung. Es werden vorgestellt: eine prototypische Implementierung von Protokollen zur sicheren ver- teilten Berechnung in einer modularisierten Version mit Ausfallerkennern und Konsensusalgorithmen. Außerdem eine Implementierung von fairem Austausch mit Sicherheitsmodulen. Acknowledgments A work like this cannot be done without the support of numerous people. Thanks go to all the employees of Deutsche Telekom who supported me with their time for discussions, with hardware, and with insights into the mobile world and into my research field. Dr. Thomas Breitbach for his trust in me and for enabling the funding during my work on this thesis. Special thanks go to Dr. Uwe Wilhelm for being my all-purpose contact at Deutsche Telekom during all the years. My proofreaders have contributed to an understandable text. Cordial thanks for carefully reading and commenting on every line of the draft chapters that I sent them: Alexander Becher, Andreas Sensen, Philipp Vorst. With valuable suggestions from their different perspectives they helped me a lot to refine my arguments and to make the text more understandable for a general computer science audience. Additional thanks go to the scientific world. To all my students from Aachen and Mannheim for their interest in the world of smartphone security and for choosing me as their supervisor. To all the people in Mannheim who gave the work on this thesis also a social component. To my referee Prof. Dr. Ulrike Meyer, who carefully read the thesis and gave valuable feedback to me that has formed this final version of the thesis. And to my supervisor Prof. Dr. Felix Freiling, who also carefully commented on the chapters of this thesis, who gave me support in every phase of my scientific work, and who always shared his insights into science. My family receives the most cordial thanks. They all know that this thesis would neither have started nor finished without them. vi Contents 1 Introduction1 2 Related Work9 2.1 Mobile Devices........................... 10 2.1.1 Definition.......................... 10 2.1.2 Security Modules...................... 11 2.1.3 Specifics of Mobile Devices................ 15 2.2 Mobile Device Security....................... 20 2.2.1 Definition of Security................... 21 2.2.2 Security in Application Frameworks............ 22 2.2.3 Security in Windows Mobile................ 24 2.2.4 Security in Symbian OS.................. 29 2.3 Mobile Malicious Software..................... 34 2.3.1 Definition of Malware................... 34 2.3.2 Surveys of Mobile Malware................ 35 2.3.3 Virus Scanners....................... 37 2.4 Analytic Mechanisms........................ 40 2.4.1 Dynamic Software Analysis................ 41 2.4.2 Simulation......................... 42 2.5 Distributed Computation...................... 43 2.5.1 Secure Multiparty Computation.............. 44 2.5.2 Fair Exchange....................... 47 3 Structuring Mobile Device Attack Vectors 51 3.1 Attack Vector Classes........................ 52 3.2 Hardware-Centric Attacks..................... 53 3.2.1 Intercepting MNO Smartcard Communication....... 55 3.2.2 Attacking the Device.................... 55 3.3 Device-Independent Attacks.................... 56 3.3.1 Wireless Transmission Security.............. 57 3.3.2 Backend Systems...................... 61 viii CONTENTS 3.4 Software-Centric Attacks...................... 62 3.4.1 General........................... 62 3.4.2 Operating System Modifications.............. 64 3.4.3 Web Browser........................ 66 3.5 “Layer 8”: The User as Attack Vector............... 68 3.5.1 Security Awareness..................... 69 3.5.2 Influence of the User.................... 70 3.5.3 Social Engineering..................... 71 3.5.4 Security & Usability.................... 72 3.6 Conclusion............................. 75 4 Structuring Mobile Malicious Software 77 4.1 Known Mobile Malware...................... 78 4.1.1 Windows Type of Operating Systems........... 78 4.1.2 Symbian OS........................ 81 4.1.3 Java Platform, Micro Edition (J2ME)........... 86 4.2 Phases of Malware......................... 87 4.2.1 Infection.......................... 87 4.2.2 Malicious Functionality.................. 88 4.2.3 Spreading.......................... 90 4.3 Mobile Malware Portability..................... 90 4.3.1 Cross-Platform Malware.................. 91 4.3.2 Portability between Mobile
Load more

Recommended publications
  • Sidekick LX™ Reference Guide
    Sidekick LX™ Reference Guide 27-4007-01 Rev. A - R4.4 - July 9, 2007 Copyright © 2007 Danger, Inc. All rights reserved. Removable Battery 15 Application Customization 7 Contents SIM Card Slot 16 The Device Interface 8 Memory Card Slot 17 The Jump Screen 8 Welcome! 5 USB / Power Port 18 Menus 9 Device Basics 6 Registration 18 Quick Jump 9 Opening and Closing the Display 6 Setting Up Your Device Indicators 30 Control Buttons 7 Bluetooth® Technology Setup Type and Edit Text 3 Phone Controls 9 Backgrounds 3 Navigate in Text Boxes 3 Sound Controls 11 Font Size 4 Delete Text 3 Mini Music Player 11 Backlighting 4 Cut, Copy, Paste, Undo 3 Volume Controls 1 Key Guard Mode 5 AutoText 33 Wireless On/Off Control 13 Device Privacy Code 6 Type Special Unicode Display Controls 13 Sound Profiles 6 Characters 34 Battery Charger 14 -- The Desktop Interface 35 Answer a Phone Call 40 Bookmark a Web Page 46 Using the Applications 36 Add a Number to Your Speed Dial Copy Text on a Web Page 46 myFaves List 41 Email Add a Contact to myFaves 36 Check Your Voice Mail 41 Send an Email Message 47 Communicate with a myFaves Change Your Phone Ringtone 4 Fetch Email from External Contact 37 Import Contacts from Your SIM Accounts 48 Assign an Icon to a myFaves Card 4 Fetch Email Using Your Device’s Contact 38 Text Messaging Web Browser 51 Replace a myFaves Phone Send a Text Message 43 Attach a Photo, Sound, or vCard to Number 38 Picture Messaging an Email Message 5 Phone Send a Picture Message 44 Address Book Make a Phone Call 39 Web Browser Add a Contact to the Address
    [Show full text]
  • Sidekick II Reference Guide
    Sidekick II Reference Guide 27-2002-01 Rev. G - Release 2.0 - July 13, 2004 Copyright © 2004 Danger, Inc. All rights reserved. Contents Welcome! 6 I. Device Controls 8 Opening and Closing the Display 8 Phone Controls 9 Control Buttons 10 II. Registration 12 III. Device Basics 16 Battery Charger 16 USB Port 17 Wrist Strap Holder 17 The Jump Screen 18 Title Bar and Indicators 19 Menus 20 Device Settings 21 Sound and Display Controls 21 Backlighting 22 Key Guard Mode 22 Device Privacy Code 23 2 Contents Customization 24 Default Locale Setting 25 Typing and Editing Text 25 Navigating in Text Boxes 25 Deleting Text 26 Entering Special Unicode Characters 26 Cut, Copy, Paste 27 AutoText 27 IV. The Desktop Interface 28 V. Using the Applications 30 Phone Make a Phone Call 30 Answer a Phone Call 31 Add a Number to Your Speed Dial List 31 Change Your Phone Ringtone 32 Check Your Voice Mail 32 Import Contacts from Your SIM Card 33 Phone Messages Send a Text Message 33 Contents 3 Web Browser Browse the Web 34 Bookmark a Web Page 34 Email Send an Email Message 35 Fetch Email from External Accounts 35 Fetch Email Using Your Device’s Web Browser 39 Attach a Photo to an Email Message 39 Address Book Add a Contact to the Address Book 40 Import Address Book Contacts 41 Calendar Add an Event to Calendar 42 Notes Create a Note 43 To Do Add a Task 43 Camera Take a Photo 44 Send a Photo by Email 44 4 Contents Download Fun™ Catalog Purchase Items 45 Manage Your Purchases 46 Instant Messaging Sign On 47 Send an Instant Message 47 Switch Between IM Conversations 48 VI.
    [Show full text]
  • The Effect of Smartphone on the Society Beau Patrick, Dylan Austin
    www.idosr.org Beau et al ©IDOSR PUBLICATIONS International Digital Organization for Scientific Research IDOSR JOURNAL OF COMPUTER AND APPLIED SCIENCES 4(1):1-6, 2019. ISSN: 2579-0803 The Effect of Smartphone on the Society Beau Patrick, Dylan Austin and Charles O. Connor Computer Science Murdoch University, Australia. ABSTRACT Smartphones are a class of mobile phones and of multi-purpose mobile computing devices. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, which facilitate wider software, internet (including web browsing over mobile broadband), and multimedia functionality (including music, video, cameras, and gaming), alongside core phone functions such as voice calls and text messaging. Smartphones typically contain a number of metal–oxide–semiconductor (MOS) integrated circuit (IC) chips, include various sensors that can be leveraged by their software (such as a magnetometer, proximity sensors, barometer, gyroscope, or accelerometer), and support wireless communications protocols (such as Bluetooth, Wi-Fi, or satellite navigation. The first smartphone was designed by IBM and sold by BellSouth (formerly part of the AT&T Corporation) in 1993. It included a touchscreen interface for accessing its calendar, address book, calculator, and other functions. The emergence of communication and computing for mobile consumer devices is on the evolutionary course to bring interoperability and leverage the services and functions of every industry. smartphone has a sizeable impact on society and other aspects of life. Smartphone has impacted almost all walk of human life. Keywords: Effect, smartphone, society. INTRODUCTION The development of the smartphone was feature phones by their stronger hardware enabled by several key technological capabilities and extensive mobile advances.
    [Show full text]
  • 7 Ponsel Paling Berpengaruh Dalam 10 Tahun Terakhir
    7 Ponsel Paling Berpengaruh dalam 10 Tahun Terakhir Tahukah Anda siapa yang pertama kali meluncurkan jaringan 3G di dunia? Yup, operator Jepang, NTT DoCoMo merupakan yang pertama meluncurkan jaringan 3G sejak 10 tahun yang lalu, tepatnya pada 1 Oktober yang baru saja berlalu. Dengan gembar-gembor kecepatan baru dan real-time videoconferencing atau mengirim dan menerima attachment e-mail dengan 10.000 karakter, inovasi ini merupakan moment yang sangat penting bagi sejarah dunia seluler. Dan untuk merayakannya, situs Mashable telah merangkum kembali ponsel dalam kurun waktu 1 dekade yang memiliki pergerakan paling signifikan, di mana terjadi perubahan dalam jumlah besar di dunia industri. Penasaran? Anda bisa langsung menyimak daftarnya berikut. Jangan lupa berikan komentar, mana yang menjadi favorit Anda, atau Anda mungkin memiliki kandidat lainnya. Danger Hiptop/T-Mobile Ponsel ini pertama kali diluncurkan pada tahun 2002. Danger Hiptop merupakan ponsel pertama yang memiliki daya tarik besar untuk pasar anak-anak muda. Faktor yang membuatnya memiliki daya tarik tersebut tidak lain karena fungsinya yang menyenangkan, dengan user- friendly interface dan fitur message yang jadi mudah karena keyboard QWERTY, layar yang besar, serta adanya dukungan selebriti. Jay-Z ikut meramaikan kampanye dalam video handset “Excuse Me Miss” untuk versi T-Mobile . Hiptop berhasil menunjukkan pasar ponsel untuk kaum muda ternyata cukup potensial dan bisa menjadi target marketing. Dan dengan hadirnya Sidekick 4G saat ini di T-Mobile AS, tampaknya brand ini masih dianggap masih cukup berharga selama hampir 10 tahun. Motorola RAZR Motorola RAZR terbilang merupakan handset clamshell dengan penjualan terbaik. Dimensinya yang ramping membuatnya memiliki desain menarik, disertai dengan keypad logam yang cantik.
    [Show full text]
  • Ijofcs 2011.Indd
    IJoFCS (2011) 1, 28-43 The International Journal of FORENSIC COMPUTER SCIENCE www.IJoFCS.org DOI: 10.5769/J201101002 or http://dx.doi.org/10.5769/J201101002 Acquisition and Analysis of Digital Evidence in Android Smartphones André Morum de L. Simão(1), Fábio Caús Sícoli(1), Laerte Peotta de Melo(2), Flávio Elias de Deus(2), Rafael Timóteo de Sousa Júnior(2) (1) Brazilian Federal Police, Ministry of Justice (2) University of Brasilia, UnB (1,2) Brasilia, Brazil (1) {morum.amls, sicoli.fcs}@dpf.gov.br (2) {peotta, flavioelias, desousa}@unb.br Abstract - From an expert's standpoint, an Android phone is a large data repository that can be stored either locally or remotely. Besides, its platform allows analysts to acquire device data and evidence, collecting information about its owner and facts under investigation. This way, by means of exploring and cross referencing that rich data source, one can get information related to unlawful acts and its perpetrator. There are widespread and well documented approaches to forensic examining mobile devices and computers. Nevertheless, they are neither specific nor detailed enough to be conducted on Android cell phones. These approaches are not totally adequate to examine modern smartphones, since these devices have internal memories whose removal or mirroring procedures are considered invasive and complex, due to difficulties in having direct hardware access. The exam and analysis are not supported by forensic tools when having to deal with specific file systems, such as YAFFS2 (Yet Another Flash File System). Furthermore, specific features of each smartphone platform have to be considered prior to acquiring and analyzing its data.
    [Show full text]
  • Danger's Hiptop Platform Carries Over Three Billion Mobile Instant Messages in 2004
    Danger's Hiptop Platform Carries Over Three Billion Mobile Instant Messages In 2004 The Mobile Instant Messaging Trend Goes Mainstream Palo Alto, CA -- January 12, 2005 -- Danger, Inc. announced today that over 3 billion mobile instant messages (IM) were sent and received on the company's hiptop® wireless platform during 2004. This number is even more impressive when compared to the 22.8 billion total SMS messages sent across all United States wireless carriers during the same period, according to recent data from Jupiter Research. Sold through eight operators in six countries, each operator brands the hiptop device as their own and sells it directly to consumers, such as the T-Mobile Sidekick II, SunCom hiptop2 and Edge Wireless hiptop. "Because of the hiptop's intuitive user-interface and overall ease-of-use," said Hank Nothhaft, Chairman and Chief Executive Officer of Danger Inc., "it has become the premier mobile platform for instant messaging. IM has clearly become a killer app for our users. And if our current growth trends continue, we will support upwards of 10-15 billion mobile instant messages in 2005." Danger's hiptop device is the ultimate communications gadget, combining a mobile phone with push email, AOL® Instant Messenger™ (AIM®), Yahoo!® Instant Messenger, HTML Web browser, text-messaging, calendar, address book, an integrated digital camera and a catalog full of games, ringtones, and additional applications and content. With a 65,000 color flip-up display, advanced sonic and visual notifications and a keyboard, the hiptop device excels as a messaging engine. "Danger's hiptop devices have been popular with AOL members and AIM users alike, who use the hiptop -- with their familiar Buddy List™ feature -- to send more than 10 million mobile IMs everyday," said Himesh Bhise, vice president of Strategic Development, AOL Mobile, for America Online, Inc.
    [Show full text]
  • 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
    Case3:10-cv-03561-WHA Document172 Filed06/14/11 Page1 of 122 1 DONALD F. ZIMMER, JR. (SBN 112279) IAN C. BALLON (SBN 141819) [email protected] [email protected] 2 CHERYL A. SABNIS (SBN 224323) HEATHER MEEKER (SBN 172148) 3 [email protected] [email protected] KING & SPALDING LLP GREENBERG TRAURIG, LLP 4 101 Second Street – Suite 2300 1900 University Avenue San Francisco, CA 94105 East Palo Alto, CA 94303 5 Telephone: (415) 318-1200 Telephone: (650) 328-8500 6 Facsimile: (415) 318-1300 Facsimile: (650) 328-8508 7 SCOTT T. WEINGAERTNER (Pro Hac Vice) ROBERT A. VAN NEST - #84065 [email protected] [email protected] 8 ROBERT F. PERRY CHRISTA M. ANDERSON - #184325 9 [email protected] [email protected] BRUCE W. BABER (Pro Hac Vice) KEKER & VAN NEST LLP 10 [email protected] 710 Sansome Street KING & SPALDING LLP San Francisco, CA 94111-1704 11 1185 Avenue of the Americas Telephone: (415) 391-5400 12 New York, NY 10036-4003 Facsimile: (415) 397-7188 Telephone: (212) 556-2100 13 Facsimile: (212) 556-2222 14 Attorneys for Defendant GOOGLE INC. 15 UNITED STATES DISTRICT COURT 16 NORTHERN DISTRICT OF CALIFORNIA 17 18 SAN FRANCISCO DIVISION 19 Case No. 3:10-cv-03561-WHA ORACLE AMERICA, INC. 20 Honorable Judge William Alsup 21 Plaintiff, DECLARATION OF SCOTT T. 22 v. WEINGAERTNER IN SUPPORT OF GOOGLE, INC.’S DAUBERT MOTION 23 GOOGLE INC. HIGHLY CONFIDENTIAL -- 24 Defendant. ATTORNEYS’ EYES ONLY 25 26 27 28 DECLARATION OF SCOTT T. WEINGAERTNER IN SUPPORT OF GOOGLE INC’S DAUBERT MOTION CIVIL ACTION NO.
    [Show full text]
  • Andrew Rubin Atau Yang Paling Dikenal Dengan Sebutan Andy Rubin, Lahir Di New Bedford, Amerika Pada Tanggal 22 Juni 1946
    Andrew Rubin atau yang paling dikenal dengan sebutan Andy Rubin, lahir di New Bedford, Amerika pada tanggal 22 Juni 1946. Andy lahir dari keluarga Yahudi. Ayahnya bekerja sebagai psikolog yang kemudian beralih profesi menjadi seorang direct marketing. Perusahaan ayahnya ini menjual gambar-gambar gadget terbaru. Andy meraih gelar Bachelor of Science di bidang Ilmu Komputer dari tahun 1986 dari Utica College di Utica, New York. Sebagian besar dari kita yang pernah mengikuti sejarah Android cenderung menganggap bahwaandroid adalah sebuah OS yang berpikiran untuk membuka dunia smartphone. Tidak begitu, mantan kepala Android Andy Rubin mengatakan pada pertemuan puncak di Tokyo bahwa Android pertama kali ada pada bulan April 2004 sebagai dasar untuk kamera yang terhubung yang akan menyimpan foto online. Ketika menjadi jelas bahwa pasar fotografi digital relatif kecil, tim pemula mengalihkan perhatian untuk membuat ponsel dalam jangka waktu lima bulan. Dan bisa dibilang smartphone lebih kaya untuk itu. Sejak kecil, Rubin sudah terbiasa melihat banyak gadget baru. Ia memiliki minat besar pada segala hal yang berbau robot. Di Carl Zeiss A.G., tempat pertama kali ia bekerja setelah lulus kuliah, Rubin ditempatkan di sebuah divisi robotika, tepatnya pada komunikasi digital antara jaringan dengan perangkat pengukuran dan manufaktur. Setelah dari Carl Zeiss, ia sempat bekerja di bidang robot di sebuah perusahaan di Swiss. Karier Rubin di bidang robotika nampaknya semakin cerah, namun hidupnya berubah gara-gara liburan di Cayman Island pada tahun 1989. Saat sedang mengunjungi kepulauan tropis di Jamaika itu, Rubin tak sengaja bertemu dengan seorang bernama Bill Caswell. Pria ini sedang tidur di tepi pantai, terusir dari sebuah cottage setelah bertengkar dengan pacarnya.
    [Show full text]
  • Open Model for the Distribution of Mobile Applications on Multiple Platforms
    DIPLOMARBEIT Titel der Diplomarbeit „Concept of a distribution and infrastructure model for mobile applications development across multiple mobile platforms― Verfasserin / Verfasser Peter Bacher Angestrebter akademischer Grad Magister der Sozial- und Wirtschaftswissenschaften (Mag. rer. soc. oec.) Wien, 2011 Studienkennzahl lt. Studienblatt: A 157 Studienrichtung lt. Studienblatt: Diplomstudium Internationale Betriebswirtschaft Betreuer/: Univ.-Prof. Dr. Dimitris Karagiannis Erklärung Hiermit versichere ich, die vorliegende Diplomarbeit ohne Hilfe Dritter und nur mir den angegebenen Quellen und Hilfsmitteln angefertigt zu haben. Alle Stellen, die den Quellen entnommen wurden, sind als solche kenntlich gemacht worden. Diese Arbeit hat in gleicher oder ähnlicher Form noch keiner Prüfungsbehörde vorgelegen. Wien, 05.12.2011 ————————– Peter Bacher Page 2 Table of Contents Table of Contents ..................................................................................................... 3 1 Introduction ..................................................................................................... 10 1.1 Motivation ................................................................................................. 10 1.2 General problem statement ...................................................................... 11 1.3 Goal of the Thesis ..................................................................................... 12 1.4 Approach .................................................................................................
    [Show full text]
  • Revealing the Nuts and Bolts of the Security of Mobile Devices
    Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices Michael Becher, Felix C. Freiling Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf University of Mannheim, Germany Horst Gortz¨ Institute (HGI) Ruhr-University Bochum, Germany Table I Abstract—We are currently moving from the Internet society GLOBAL SALES FIGURES AND MARKET SHARE OF MOBILE to a mobile society where more and more access to information OPERATING SYSTEMS FOR THIRD QUARTER OF 2009 AND 2010 [11] is done by previously dumb phones. For example, the number of mobile phones using a full blown OS has risen to nearly 200% from Q3/2009 to Q3/2010. As a result, mobile security 3Q’09 3Q’10 is no longer immanent, but imperative. This survey paper OS units/1k share [%] units/1k share [%] provides a concise overview of mobile network security, attack Symbian 18,314 44.6 29,480 " 36.6 # vectors using the back end system and the web browser, but Android 1,424 3.5 20,500 "" 25.5 "" also the hardware layer and the user as attack enabler. We iOS 7,404 17.1 13,484 " 16.7 # show differences and similarities between “normal” security RIM 8,522 20.7 11,908 " 14.8 # and mobile security, and draw conclusions for further research Windows 3,259 7.9 2,247 # 2.8 # opportunities in this area. Linux 1,918 4.7 1,697 # 2.1 # Others 612 1.5 1,214 " 1.5 = Keywords-mobile security; smartphones; survey Total 41,093 100.0 80,532 100.0 I.
    [Show full text]
  • Security Behaviors of Smartphone Users Why Smartphones? - Features; - Interesting Points, Facts
    2017.04.23. Outline Introduction to Smartphones (History) Security behaviors of smartphone users Why Smartphones? - Features; - Interesting points, Facts. Security - Defining; -Challenges; -Importance; -Malwares and User behavior; Esmeralda KADËNA, Ph.D Student -Practical examples; -Discussion. [email protected] Doctoral School on Safety and Security Sciences Protecting yourself Óbuda University 1973: The first cell phone • The first mobile phone developed by Motorola in 1973. • It was Martin Cooper who placed the first call at AT&T Bells Labs from the streets of New York. 1984: Nokia Mobira Talkman 1989: Motorola MicroTac • The Phone weighed under 5 kgs • Motorola Microtac was the and is world’s one of the first smallest and lightest available transportable phones. phone at that time. • A car and a charger was needed • It was released as the “MicroTac to charge it. Pocket Cellular Telephone”. • Once this model was launched, • its sales created a stir in the It was designed keeping in mind market and the cynics were to fit it in a shirt pocket. silenced. 1 2017.04.23. 1992: Motorola International 3200 1994: Motorola 2900 BagPhone • First digital-sized mobile phone from Motorola introduced in 1992. • This was the first handset that gave the world an idea of “Flip Phones”. 1996 – Nokia 8110 • Motorola introduced a very powerful line of mobile phones in 1992. •Nokia’s first high-end phone was released in 1996 • These phones put out 3 watts of power (as opposed to 0.6 watts that •What made it different today’s cell phones output) which made them popular for truckers, was the ‘slider’ form factor.
    [Show full text]
  • Ijofcs 2011.Indd
    Volume 6, Number 1, 2011 ISSN 1809-9807 The International Journal of FORENSIC COMPUTER SCIENCE IJoFCS www.IJoFCS.org Volume 6, Number 1, 2011 Brasília, DF - Brazil Copyright © by The International Journal of Forensic Computer Science (IJoFCS) ISSN 1809-9807 Cover: Cláudio Miranda de Andrade SUBSCRIPTION OFFICE The International Journal of Forensic Computer Science (IJoFCS) BRAZILIAN ASSOCIATION OF HIGH TECHNOLOGY EXPERTS (ABEAT) Associação Brasileira de Especialistas em Alta Tecnologia (ABEAT) www.abeat.org.br Address: SCLN 309, Bloco D, Sala 103 - CEP: 70755-540, Brasília/DF, BRAZIL Phone: +55 61 3202-3006 Web site: www.IJoFCS.org E-mail: [email protected] The International Journal of Forensic Computer Science - V. 6, N. 1 (2011) - Brazil Brazilian Association of High Technology Experts (ABEAT) - Brasilia, Brazil ISSN 1809-9807 1. Forensic Computer Science CDD 005.8 The Journal was founded in 2006. The International Journal of FORENSIC COMPUTER SCIENCE Editor-in-Chief Paulo Quintiliano da Silva Brazilian Federal Police and University of Brasília, Brazil Associate Editor Associate Editor Associate Editor Francisco Assis de O. Nascimento Alexandre Ricardo S. Romariz Pedro de Azevedo Berguer University of Brasilia, Brazil University of Brasilia, Brazil University of Brasilia, Brazil Editorial Board Adriano Mauro Cansian Geovany Araujo Borges São Paulo State University University of Brasilia Olga Regina Pereira Bellon São José do Rio Preto, Brazil Brasília, Brazil Federal University of Parana Curitiba, Brazil Alexandre Ricardo Soares Romariz Gerhard Ritter University of Brasilia University of Florida Ovidio Salvetti Brasilia, Brazil Gainesville, FL, USA Italian National Research Council Pisa, Italy Anderson Clayton Alves Nascimento Hélvio Pereira Peixoto University of Brasilia Brazilian Federal Police Paulo Licio de Geus Brasilia, Brazil Brasilia, Brazil University of Campinas Campinas, Brazil Antonio Montes Filho Igor B.
    [Show full text]