DOCSLIB.ORG

Revealing the Nuts and Bolts of the Security of Mobile Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Revealing the Nuts and Bolts of the Security of Mobile Devices 2011 IEEE Symposium on Security and Privacy Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices Michael Becher, Felix C. Freiling Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf University of Mannheim, Germany Horst Gortz¨ Institute (HGI) Ruhr-University Bochum, Germany Table I Abstract—We are currently moving from the Internet society GLOBAL SALES FIGURES AND MARKET SHARE OF MOBILE to a mobile society where more and more access to information OPERATING SYSTEMS FOR THIRD QUARTER OF 2009 AND 2010 [11] is done by previously dumb phones. For example, the number of mobile phones using a full blown OS has risen to nearly 200% from Q3/2009 to Q3/2010. As a result, mobile security 3Q’09 3Q’10 is no longer immanent, but imperative. This survey paper OS units/1k share [%] units/1k share [%] provides a concise overview of mobile network security, attack Symbian 18,314 44.6 29,480 " 36.6 # vectors using the back end system and the web browser, but Android 1,424 3.5 20,500 "" 25.5 "" also the hardware layer and the user as attack enabler. We iOS 7,404 17.1 13,484 " 16.7 # show differences and similarities between “normal” security RIM 8,522 20.7 11,908 " 14.8 # and mobile security, and draw conclusions for further research Windows 3,259 7.9 2,247 # 2.8 # opportunities in this area. Linux 1,918 4.7 1,697 # 2.1 # Others 612 1.5 1,214 " 1.5 = Keywords-mobile security; smartphones; survey Total 41,093 100.0 80,532 100.0 I. INTRODUCTION The beginning of the smartphone era can be seen as be- ginning with the new millennium. Since then, numerous new decreased. Besides the operating systems Windows Mobile “smart” devices like BlackBerries, iPhones and, recently, and Symbian OS, the mobile world has seen the advent of Android-based phones have been introduced that revolu- the iPhone’s iOS and the Linux-based Android operating tionized the market. At the same time, many articles about system during the last few years. Despite of their young age, smartphone security and the potential of malicious software both operating systems already gained their market share and on them were published [1]–[8]. Quite often, studies had they are predicted to even increase it in the future. Table I statements similar to the following quote by Gartner which provides an overview of global sales figures and market estimated “that by the end of 2007, enough factors will have share for mobile operating systems and the huge growth of come together that the risk of mobile attacks will be much Android is clearly visible. Second, it might simply be the greater. Those factors include less heterogeneity in operating case that mobile operating systems are sufficiently secure systems, more penetration of smartphones and a greater in- today as voiced by Bontchev [10]. Hence, this might be cidence of people actually accepting downloads and sending another reason why no major security incident has happened executables to one another on mobile devices” [9]. However, until now. Third, there may be additional factors such up to now the expected plethora of attacks has not been as the different network topologies: for the Internet, it is observed. nearly end-to-end, while strongly hierarchical for mobile Many researchers and practitioners are expecting a major networks. Last but not least, there is also the effect of security incident with mobile phones ever since these devices the “self-defeating prophecy” of mobile security: Having began to become more powerful: with increased processing the strong example of desktop insecurity, plus plausible power and memory, increased data transmission capabilities attack scenarios, the claims of mobile insecurity might have of the mobile phone networks, and with open and third-party triggered mobile security. Overall, the reasons for the non- extensible operating systems, phones become an interesting existence of major security incidents for mobile phones are target for attackers. However, no major incident has hap- still unclear up to now. pened as of the time of this writing. However, we recently saw the first real attacks against The reasons for this are unclear. However, certain inherent smartphones: In March 2010, Iozzo and Weinmann demon- aspects seem to have a positive effect on security, one of strated a drive-by download attack against an iPhone 3GS them being the heterogeneity of mobile operating systems. that enabled an attacker to steal the SMS database from Contrary to the prediction quoted above, heterogeneity of the phone [12]. In November 2010, one of the first public mobile operating systems has actually increased instead of exploits to perform an attack against the mobile browser 1081-6011/11 $26.00 © 2011 IEEE 96 DOI 10.1109/SP.2011.29 shipped with Android was released [13]. Recently, Wein- devices can be imagined that do not have a connection mann introduced the first over-the-air exploitation of mem- to a mobile network, i.e., do not contain an operator- ory corruptions in GSM software stacks [14] and Oberheide controlled smartcard, but are attackable by mobile malware. and Lanier identified several attack vectors against the Fortunately, all relevant mobile device operating systems iTunes App Store [15]. So it is not far fetched to ask whether provide the interface to the mobile network together with we are now at the beginning of an era of attacks against the local communication interfaces. That is why the intuitive smartphones? definition from the beginning still holds. In this paper, we survey the area of smartphone secu- rity. This topic covers all mechanisms that are intended to B. Definition & Discussion increase the security of sophisticated mobile devices. The A more rigid definition follows now as well as a dis- contributions of this paper are two-fold. First, we survey tinction concerning the possible security mechanisms. We and structure the state of the art in the area of smartphone define an MNO smartcard as follows: an MNO smartcard is security. We systematize the research that has been done a smartcard inside the mobile device that is controlled by a in this area in the last years and provide a categorization. mobile network operator. Whenever this term is used in this Second, we present directions of future research on these paper, it can be used for all smartcards in mobile devices subjects and outline challenges that we expect to emerge. In that are controlled by an MNO regardless of the actually summary, this paper provides a detailed overview of different used technology. A second important term is smartphone, aspects of the topic smartphone security and it serves as a which we define as follows: a smartphone contains an MNO guide for past, present, and future work in this area. smartcard with a connection to a mobile network. Moreover, it has an operating system that can be extended with third- II. FROM MOBILE TO SECURITY party software. In this section, we first introduce some terms we use The term “smartphone” as one word is chosen inten- throughout the paper and then clarify why mobile security tionally. It is supposed to denote that not only “smart is a topic of its own. This extends some preliminary work phones” are under attack, but that the smartphone with its by Oberheide and Jahanian, who recently performed a brief two main properties defines a class of attack targets and survey of this area [8]. protection needs, which takes place in a setting with mobile devices connected to the network over a wireless link and A. Initial Definition a more centralized environment of the network operators. As a first approach, the investigation subject of this paper Additional properties of these smartphones can be found is defined as: any mobile device that contains a smartcard in the literature [16]. We sometimes use the term mobile that is controlled by a mobile network operator (MNO). device as a synonym for smartphone within this paper. Intuitively, this is the definition of a mobile phone. Smartphones offer various services to its users. Popular is This definition is too broad for us because it also covers messaging as Short Message Service (SMS) and Multimedia mobile phones that are not in the focus of this paper. These Messaging Service (MMS). They use certain protocols that are mainly the kind of phones that can only be used for are explained in the literature [17] and we discuss the the phone functionality (plus text messaging and some basic security aspects of them later. other functionality), often aligned with a limited display size. In contrast to mobile devices, traditional computers are Such phones are called feature phones. They sometimes have called hereafter ordinary computers. When their fixed loca- proprietary operating systems and are not extensible with tion is emphasized, they are called desktop computers. additional software. Even though the applications on these phones can be attacked, e.g., Denial of Service (DoS) attacks C. Specifics of Mobile Devices with malformed short messages, they are not the typical A central question for the topic smartphone security is: attack target of mobile malicious software. In what sense is research on the security of mobile devices Other exceptions are some restricted environments that are different from common security research? Is it possible to not in the focus of this paper either: USB sticks that enable transfer known security solutions from ordinary desktop laptops to use the mobile network are also not covered. computers to mobile devices? Could it possibly be the same, Moreover, there are some other devices with operator- only with the additional word “mobile” in the title? controlled smartcards that are a restricted environment of We argue that there are specifics of mobile device security their own (e.g., machine-to-machine types of communica- that justify independent research on this topic.
Load more

Recommended publications
  • Sidekick LX™ Reference Guide
    Sidekick LX™ Reference Guide 27-4007-01 Rev. A - R4.4 - July 9, 2007 Copyright © 2007 Danger, Inc. All rights reserved. Removable Battery 15 Application Customization 7 Contents SIM Card Slot 16 The Device Interface 8 Memory Card Slot 17 The Jump Screen 8 Welcome! 5 USB / Power Port 18 Menus 9 Device Basics 6 Registration 18 Quick Jump 9 Opening and Closing the Display 6 Setting Up Your Device Indicators 30 Control Buttons 7 Bluetooth® Technology Setup Type and Edit Text 3 Phone Controls 9 Backgrounds 3 Navigate in Text Boxes 3 Sound Controls 11 Font Size 4 Delete Text 3 Mini Music Player 11 Backlighting 4 Cut, Copy, Paste, Undo 3 Volume Controls 1 Key Guard Mode 5 AutoText 33 Wireless On/Off Control 13 Device Privacy Code 6 Type Special Unicode Display Controls 13 Sound Profiles 6 Characters 34 Battery Charger 14 -- The Desktop Interface 35 Answer a Phone Call 40 Bookmark a Web Page 46 Using the Applications 36 Add a Number to Your Speed Dial Copy Text on a Web Page 46 myFaves List 41 Email Add a Contact to myFaves 36 Check Your Voice Mail 41 Send an Email Message 47 Communicate with a myFaves Change Your Phone Ringtone 4 Fetch Email from External Contact 37 Import Contacts from Your SIM Accounts 48 Assign an Icon to a myFaves Card 4 Fetch Email Using Your Device’s Contact 38 Text Messaging Web Browser 51 Replace a myFaves Phone Send a Text Message 43 Attach a Photo, Sound, or vCard to Number 38 Picture Messaging an Email Message 5 Phone Send a Picture Message 44 Address Book Make a Phone Call 39 Web Browser Add a Contact to the Address
    [Show full text]
  • Sidekick II Reference Guide
    Sidekick II Reference Guide 27-2002-01 Rev. G - Release 2.0 - July 13, 2004 Copyright © 2004 Danger, Inc. All rights reserved. Contents Welcome! 6 I. Device Controls 8 Opening and Closing the Display 8 Phone Controls 9 Control Buttons 10 II. Registration 12 III. Device Basics 16 Battery Charger 16 USB Port 17 Wrist Strap Holder 17 The Jump Screen 18 Title Bar and Indicators 19 Menus 20 Device Settings 21 Sound and Display Controls 21 Backlighting 22 Key Guard Mode 22 Device Privacy Code 23 2 Contents Customization 24 Default Locale Setting 25 Typing and Editing Text 25 Navigating in Text Boxes 25 Deleting Text 26 Entering Special Unicode Characters 26 Cut, Copy, Paste 27 AutoText 27 IV. The Desktop Interface 28 V. Using the Applications 30 Phone Make a Phone Call 30 Answer a Phone Call 31 Add a Number to Your Speed Dial List 31 Change Your Phone Ringtone 32 Check Your Voice Mail 32 Import Contacts from Your SIM Card 33 Phone Messages Send a Text Message 33 Contents 3 Web Browser Browse the Web 34 Bookmark a Web Page 34 Email Send an Email Message 35 Fetch Email from External Accounts 35 Fetch Email Using Your Device’s Web Browser 39 Attach a Photo to an Email Message 39 Address Book Add a Contact to the Address Book 40 Import Address Book Contacts 41 Calendar Add an Event to Calendar 42 Notes Create a Note 43 To Do Add a Task 43 Camera Take a Photo 44 Send a Photo by Email 44 4 Contents Download Fun™ Catalog Purchase Items 45 Manage Your Purchases 46 Instant Messaging Sign On 47 Send an Instant Message 47 Switch Between IM Conversations 48 VI.
    [Show full text]
  • The Effect of Smartphone on the Society Beau Patrick, Dylan Austin
    www.idosr.org Beau et al ©IDOSR PUBLICATIONS International Digital Organization for Scientific Research IDOSR JOURNAL OF COMPUTER AND APPLIED SCIENCES 4(1):1-6, 2019. ISSN: 2579-0803 The Effect of Smartphone on the Society Beau Patrick, Dylan Austin and Charles O. Connor Computer Science Murdoch University, Australia. ABSTRACT Smartphones are a class of mobile phones and of multi-purpose mobile computing devices. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, which facilitate wider software, internet (including web browsing over mobile broadband), and multimedia functionality (including music, video, cameras, and gaming), alongside core phone functions such as voice calls and text messaging. Smartphones typically contain a number of metal–oxide–semiconductor (MOS) integrated circuit (IC) chips, include various sensors that can be leveraged by their software (such as a magnetometer, proximity sensors, barometer, gyroscope, or accelerometer), and support wireless communications protocols (such as Bluetooth, Wi-Fi, or satellite navigation. The first smartphone was designed by IBM and sold by BellSouth (formerly part of the AT&T Corporation) in 1993. It included a touchscreen interface for accessing its calendar, address book, calculator, and other functions. The emergence of communication and computing for mobile consumer devices is on the evolutionary course to bring interoperability and leverage the services and functions of every industry. smartphone has a sizeable impact on society and other aspects of life. Smartphone has impacted almost all walk of human life. Keywords: Effect, smartphone, society. INTRODUCTION The development of the smartphone was feature phones by their stronger hardware enabled by several key technological capabilities and extensive mobile advances.
    [Show full text]
  • 7 Ponsel Paling Berpengaruh Dalam 10 Tahun Terakhir
    7 Ponsel Paling Berpengaruh dalam 10 Tahun Terakhir Tahukah Anda siapa yang pertama kali meluncurkan jaringan 3G di dunia? Yup, operator Jepang, NTT DoCoMo merupakan yang pertama meluncurkan jaringan 3G sejak 10 tahun yang lalu, tepatnya pada 1 Oktober yang baru saja berlalu. Dengan gembar-gembor kecepatan baru dan real-time videoconferencing atau mengirim dan menerima attachment e-mail dengan 10.000 karakter, inovasi ini merupakan moment yang sangat penting bagi sejarah dunia seluler. Dan untuk merayakannya, situs Mashable telah merangkum kembali ponsel dalam kurun waktu 1 dekade yang memiliki pergerakan paling signifikan, di mana terjadi perubahan dalam jumlah besar di dunia industri. Penasaran? Anda bisa langsung menyimak daftarnya berikut. Jangan lupa berikan komentar, mana yang menjadi favorit Anda, atau Anda mungkin memiliki kandidat lainnya. Danger Hiptop/T-Mobile Ponsel ini pertama kali diluncurkan pada tahun 2002. Danger Hiptop merupakan ponsel pertama yang memiliki daya tarik besar untuk pasar anak-anak muda. Faktor yang membuatnya memiliki daya tarik tersebut tidak lain karena fungsinya yang menyenangkan, dengan user- friendly interface dan fitur message yang jadi mudah karena keyboard QWERTY, layar yang besar, serta adanya dukungan selebriti. Jay-Z ikut meramaikan kampanye dalam video handset “Excuse Me Miss” untuk versi T-Mobile . Hiptop berhasil menunjukkan pasar ponsel untuk kaum muda ternyata cukup potensial dan bisa menjadi target marketing. Dan dengan hadirnya Sidekick 4G saat ini di T-Mobile AS, tampaknya brand ini masih dianggap masih cukup berharga selama hampir 10 tahun. Motorola RAZR Motorola RAZR terbilang merupakan handset clamshell dengan penjualan terbaik. Dimensinya yang ramping membuatnya memiliki desain menarik, disertai dengan keypad logam yang cantik.
    [Show full text]
  • Ijofcs 2011.Indd
    IJoFCS (2011) 1, 28-43 The International Journal of FORENSIC COMPUTER SCIENCE www.IJoFCS.org DOI: 10.5769/J201101002 or http://dx.doi.org/10.5769/J201101002 Acquisition and Analysis of Digital Evidence in Android Smartphones André Morum de L. Simão(1), Fábio Caús Sícoli(1), Laerte Peotta de Melo(2), Flávio Elias de Deus(2), Rafael Timóteo de Sousa Júnior(2) (1) Brazilian Federal Police, Ministry of Justice (2) University of Brasilia, UnB (1,2) Brasilia, Brazil (1) {morum.amls, sicoli.fcs}@dpf.gov.br (2) {peotta, flavioelias, desousa}@unb.br Abstract - From an expert's standpoint, an Android phone is a large data repository that can be stored either locally or remotely. Besides, its platform allows analysts to acquire device data and evidence, collecting information about its owner and facts under investigation. This way, by means of exploring and cross referencing that rich data source, one can get information related to unlawful acts and its perpetrator. There are widespread and well documented approaches to forensic examining mobile devices and computers. Nevertheless, they are neither specific nor detailed enough to be conducted on Android cell phones. These approaches are not totally adequate to examine modern smartphones, since these devices have internal memories whose removal or mirroring procedures are considered invasive and complex, due to difficulties in having direct hardware access. The exam and analysis are not supported by forensic tools when having to deal with specific file systems, such as YAFFS2 (Yet Another Flash File System). Furthermore, specific features of each smartphone platform have to be considered prior to acquiring and analyzing its data.
    [Show full text]
  • Danger's Hiptop Platform Carries Over Three Billion Mobile Instant Messages in 2004
    Danger's Hiptop Platform Carries Over Three Billion Mobile Instant Messages In 2004 The Mobile Instant Messaging Trend Goes Mainstream Palo Alto, CA -- January 12, 2005 -- Danger, Inc. announced today that over 3 billion mobile instant messages (IM) were sent and received on the company's hiptop® wireless platform during 2004. This number is even more impressive when compared to the 22.8 billion total SMS messages sent across all United States wireless carriers during the same period, according to recent data from Jupiter Research. Sold through eight operators in six countries, each operator brands the hiptop device as their own and sells it directly to consumers, such as the T-Mobile Sidekick II, SunCom hiptop2 and Edge Wireless hiptop. "Because of the hiptop's intuitive user-interface and overall ease-of-use," said Hank Nothhaft, Chairman and Chief Executive Officer of Danger Inc., "it has become the premier mobile platform for instant messaging. IM has clearly become a killer app for our users. And if our current growth trends continue, we will support upwards of 10-15 billion mobile instant messages in 2005." Danger's hiptop device is the ultimate communications gadget, combining a mobile phone with push email, AOL® Instant Messenger™ (AIM®), Yahoo!® Instant Messenger, HTML Web browser, text-messaging, calendar, address book, an integrated digital camera and a catalog full of games, ringtones, and additional applications and content. With a 65,000 color flip-up display, advanced sonic and visual notifications and a keyboard, the hiptop device excels as a messaging engine. "Danger's hiptop devices have been popular with AOL members and AIM users alike, who use the hiptop -- with their familiar Buddy List™ feature -- to send more than 10 million mobile IMs everyday," said Himesh Bhise, vice president of Strategic Development, AOL Mobile, for America Online, Inc.
    [Show full text]
  • 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
    Case3:10-cv-03561-WHA Document172 Filed06/14/11 Page1 of 122 1 DONALD F. ZIMMER, JR. (SBN 112279) IAN C. BALLON (SBN 141819) [email protected] [email protected] 2 CHERYL A. SABNIS (SBN 224323) HEATHER MEEKER (SBN 172148) 3 [email protected] [email protected] KING & SPALDING LLP GREENBERG TRAURIG, LLP 4 101 Second Street – Suite 2300 1900 University Avenue San Francisco, CA 94105 East Palo Alto, CA 94303 5 Telephone: (415) 318-1200 Telephone: (650) 328-8500 6 Facsimile: (415) 318-1300 Facsimile: (650) 328-8508 7 SCOTT T. WEINGAERTNER (Pro Hac Vice) ROBERT A. VAN NEST - #84065 [email protected] [email protected] 8 ROBERT F. PERRY CHRISTA M. ANDERSON - #184325 9 [email protected] [email protected] BRUCE W. BABER (Pro Hac Vice) KEKER & VAN NEST LLP 10 [email protected] 710 Sansome Street KING & SPALDING LLP San Francisco, CA 94111-1704 11 1185 Avenue of the Americas Telephone: (415) 391-5400 12 New York, NY 10036-4003 Facsimile: (415) 397-7188 Telephone: (212) 556-2100 13 Facsimile: (212) 556-2222 14 Attorneys for Defendant GOOGLE INC. 15 UNITED STATES DISTRICT COURT 16 NORTHERN DISTRICT OF CALIFORNIA 17 18 SAN FRANCISCO DIVISION 19 Case No. 3:10-cv-03561-WHA ORACLE AMERICA, INC. 20 Honorable Judge William Alsup 21 Plaintiff, DECLARATION OF SCOTT T. 22 v. WEINGAERTNER IN SUPPORT OF GOOGLE, INC.’S DAUBERT MOTION 23 GOOGLE INC. HIGHLY CONFIDENTIAL -- 24 Defendant. ATTORNEYS’ EYES ONLY 25 26 27 28 DECLARATION OF SCOTT T. WEINGAERTNER IN SUPPORT OF GOOGLE INC’S DAUBERT MOTION CIVIL ACTION NO.
    [Show full text]
  • Andrew Rubin Atau Yang Paling Dikenal Dengan Sebutan Andy Rubin, Lahir Di New Bedford, Amerika Pada Tanggal 22 Juni 1946
    Andrew Rubin atau yang paling dikenal dengan sebutan Andy Rubin, lahir di New Bedford, Amerika pada tanggal 22 Juni 1946. Andy lahir dari keluarga Yahudi. Ayahnya bekerja sebagai psikolog yang kemudian beralih profesi menjadi seorang direct marketing. Perusahaan ayahnya ini menjual gambar-gambar gadget terbaru. Andy meraih gelar Bachelor of Science di bidang Ilmu Komputer dari tahun 1986 dari Utica College di Utica, New York. Sebagian besar dari kita yang pernah mengikuti sejarah Android cenderung menganggap bahwaandroid adalah sebuah OS yang berpikiran untuk membuka dunia smartphone. Tidak begitu, mantan kepala Android Andy Rubin mengatakan pada pertemuan puncak di Tokyo bahwa Android pertama kali ada pada bulan April 2004 sebagai dasar untuk kamera yang terhubung yang akan menyimpan foto online. Ketika menjadi jelas bahwa pasar fotografi digital relatif kecil, tim pemula mengalihkan perhatian untuk membuat ponsel dalam jangka waktu lima bulan. Dan bisa dibilang smartphone lebih kaya untuk itu. Sejak kecil, Rubin sudah terbiasa melihat banyak gadget baru. Ia memiliki minat besar pada segala hal yang berbau robot. Di Carl Zeiss A.G., tempat pertama kali ia bekerja setelah lulus kuliah, Rubin ditempatkan di sebuah divisi robotika, tepatnya pada komunikasi digital antara jaringan dengan perangkat pengukuran dan manufaktur. Setelah dari Carl Zeiss, ia sempat bekerja di bidang robot di sebuah perusahaan di Swiss. Karier Rubin di bidang robotika nampaknya semakin cerah, namun hidupnya berubah gara-gara liburan di Cayman Island pada tahun 1989. Saat sedang mengunjungi kepulauan tropis di Jamaika itu, Rubin tak sengaja bertemu dengan seorang bernama Bill Caswell. Pria ini sedang tidur di tepi pantai, terusir dari sebuah cottage setelah bertengkar dengan pacarnya.
    [Show full text]
  • Open Model for the Distribution of Mobile Applications on Multiple Platforms
    DIPLOMARBEIT Titel der Diplomarbeit „Concept of a distribution and infrastructure model for mobile applications development across multiple mobile platforms― Verfasserin / Verfasser Peter Bacher Angestrebter akademischer Grad Magister der Sozial- und Wirtschaftswissenschaften (Mag. rer. soc. oec.) Wien, 2011 Studienkennzahl lt. Studienblatt: A 157 Studienrichtung lt. Studienblatt: Diplomstudium Internationale Betriebswirtschaft Betreuer/: Univ.-Prof. Dr. Dimitris Karagiannis Erklärung Hiermit versichere ich, die vorliegende Diplomarbeit ohne Hilfe Dritter und nur mir den angegebenen Quellen und Hilfsmitteln angefertigt zu haben. Alle Stellen, die den Quellen entnommen wurden, sind als solche kenntlich gemacht worden. Diese Arbeit hat in gleicher oder ähnlicher Form noch keiner Prüfungsbehörde vorgelegen. Wien, 05.12.2011 ————————– Peter Bacher Page 2 Table of Contents Table of Contents ..................................................................................................... 3 1 Introduction ..................................................................................................... 10 1.1 Motivation ................................................................................................. 10 1.2 General problem statement ...................................................................... 11 1.3 Goal of the Thesis ..................................................................................... 12 1.4 Approach .................................................................................................
    [Show full text]
  • Revealing the Nuts and Bolts of the Security of Mobile Devices
    Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices Michael Becher, Felix C. Freiling Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf University of Mannheim, Germany Horst Gortz¨ Institute (HGI) Ruhr-University Bochum, Germany Table I Abstract—We are currently moving from the Internet society GLOBAL SALES FIGURES AND MARKET SHARE OF MOBILE to a mobile society where more and more access to information OPERATING SYSTEMS FOR THIRD QUARTER OF 2009 AND 2010 [11] is done by previously dumb phones. For example, the number of mobile phones using a full blown OS has risen to nearly 200% from Q3/2009 to Q3/2010. As a result, mobile security 3Q’09 3Q’10 is no longer immanent, but imperative. This survey paper OS units/1k share [%] units/1k share [%] provides a concise overview of mobile network security, attack Symbian 18,314 44.6 29,480 " 36.6 # vectors using the back end system and the web browser, but Android 1,424 3.5 20,500 "" 25.5 "" also the hardware layer and the user as attack enabler. We iOS 7,404 17.1 13,484 " 16.7 # show differences and similarities between “normal” security RIM 8,522 20.7 11,908 " 14.8 # and mobile security, and draw conclusions for further research Windows 3,259 7.9 2,247 # 2.8 # opportunities in this area. Linux 1,918 4.7 1,697 # 2.1 # Others 612 1.5 1,214 " 1.5 = Keywords-mobile security; smartphones; survey Total 41,093 100.0 80,532 100.0 I.
    [Show full text]
  • Security Behaviors of Smartphone Users Why Smartphones? - Features; - Interesting Points, Facts
    2017.04.23. Outline Introduction to Smartphones (History) Security behaviors of smartphone users Why Smartphones? - Features; - Interesting points, Facts. Security - Defining; -Challenges; -Importance; -Malwares and User behavior; Esmeralda KADËNA, Ph.D Student -Practical examples; -Discussion. [email protected] Doctoral School on Safety and Security Sciences Protecting yourself Óbuda University 1973: The first cell phone • The first mobile phone developed by Motorola in 1973. • It was Martin Cooper who placed the first call at AT&T Bells Labs from the streets of New York. 1984: Nokia Mobira Talkman 1989: Motorola MicroTac • The Phone weighed under 5 kgs • Motorola Microtac was the and is world’s one of the first smallest and lightest available transportable phones. phone at that time. • A car and a charger was needed • It was released as the “MicroTac to charge it. Pocket Cellular Telephone”. • Once this model was launched, • its sales created a stir in the It was designed keeping in mind market and the cynics were to fit it in a shirt pocket. silenced. 1 2017.04.23. 1992: Motorola International 3200 1994: Motorola 2900 BagPhone • First digital-sized mobile phone from Motorola introduced in 1992. • This was the first handset that gave the world an idea of “Flip Phones”. 1996 – Nokia 8110 • Motorola introduced a very powerful line of mobile phones in 1992. •Nokia’s first high-end phone was released in 1996 • These phones put out 3 watts of power (as opposed to 0.6 watts that •What made it different today’s cell phones output) which made them popular for truckers, was the ‘slider’ form factor.
    [Show full text]
  • Ijofcs 2011.Indd
    Volume 6, Number 1, 2011 ISSN 1809-9807 The International Journal of FORENSIC COMPUTER SCIENCE IJoFCS www.IJoFCS.org Volume 6, Number 1, 2011 Brasília, DF - Brazil Copyright © by The International Journal of Forensic Computer Science (IJoFCS) ISSN 1809-9807 Cover: Cláudio Miranda de Andrade SUBSCRIPTION OFFICE The International Journal of Forensic Computer Science (IJoFCS) BRAZILIAN ASSOCIATION OF HIGH TECHNOLOGY EXPERTS (ABEAT) Associação Brasileira de Especialistas em Alta Tecnologia (ABEAT) www.abeat.org.br Address: SCLN 309, Bloco D, Sala 103 - CEP: 70755-540, Brasília/DF, BRAZIL Phone: +55 61 3202-3006 Web site: www.IJoFCS.org E-mail: [email protected] The International Journal of Forensic Computer Science - V. 6, N. 1 (2011) - Brazil Brazilian Association of High Technology Experts (ABEAT) - Brasilia, Brazil ISSN 1809-9807 1. Forensic Computer Science CDD 005.8 The Journal was founded in 2006. The International Journal of FORENSIC COMPUTER SCIENCE Editor-in-Chief Paulo Quintiliano da Silva Brazilian Federal Police and University of Brasília, Brazil Associate Editor Associate Editor Associate Editor Francisco Assis de O. Nascimento Alexandre Ricardo S. Romariz Pedro de Azevedo Berguer University of Brasilia, Brazil University of Brasilia, Brazil University of Brasilia, Brazil Editorial Board Adriano Mauro Cansian Geovany Araujo Borges São Paulo State University University of Brasilia Olga Regina Pereira Bellon São José do Rio Preto, Brazil Brasília, Brazil Federal University of Parana Curitiba, Brazil Alexandre Ricardo Soares Romariz Gerhard Ritter University of Brasilia University of Florida Ovidio Salvetti Brasilia, Brazil Gainesville, FL, USA Italian National Research Council Pisa, Italy Anderson Clayton Alves Nascimento Hélvio Pereira Peixoto University of Brasilia Brazilian Federal Police Paulo Licio de Geus Brasilia, Brazil Brasilia, Brazil University of Campinas Campinas, Brazil Antonio Montes Filho Igor B.
    [Show full text]