Analysis of Smartphone Security Problem - Android and iPhone

 
Analysis of Smartphone Security Problem - Android and iPhone
                                    Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park

              Analysis of Smartphone Security Problem - Android and iPhone
                              1
                                 Yong-Tae Kim, 2Yoon-Su Jeong, and 3Gil-Cheol Park
      1, First Author,3
                    Dept. of Multimedia Engineering, Hannam University, {ky7762, gcpark}@hnu.kr
       *2,Corresponding Author,
                                Dept. of Information Communication Engineering, Mokwon Univversity,
                                              bukmunro@mokwon.ac.kr

                                                           Abstract
        Recently, the features of the smart phone is widely changed and it can be used anytime anywhere
     such as in business affairs and it is easy to use to get information. But it is still problem leaking
     business information, personal information to out in case of missing or losing the phone(being theft).
     In this paper, firstly we identify the recent trends of smart phone's security threat and based on these
     information we look in to the present progress of the security threat of smart phone. The surveyed
     result by this paper and the data can be necessary to reduce security problems as much as possible, in
     smart phones.

                                   Keywords: Smartphone, Android, iPhone, Security

     1. Introduction
        These days the smart phone is basically a small portable computer which has features such as
     calling, email, internet, e-book, etc. Due to the fast growth of smart phone market, the open
     platform demands are increasing together with that and also the user's using method is changed
     widely[1-5]. By recently launched smart phone, users can directly program an application
     according to their requirements and also able to meet variance user's variance requirements.
     However the smart phone has spread widely as never before and it need to develop the security
     treat for the applications, platform, network, sever etc.
        In this paper, firstly we identify the recent trends of smart phone's security threat and based
     on these information we look in to the present progress of the security threat of smart phone. In
     order to counteract analyzed result for smart phone's security threat, following steps must be
     enhanced. First, it needs to introduce powerful and strategy policy in utilization. Second, the
     management of smart phones and verifications of applications must be strengthened. Third,
     related technologies to security strengthening must be rapidly developed. Forth, the operation
     guidelines and the servers related to smart phone must be provided based on some rules and
     regulations. Fifth, It needs to develop the security power and standards, guidelines according to
     the spread of smart phones. Finally the research, experiments and industry and governance
     system must be strengthened.
        This paper is organized as follows. Section 2 analyze the utilization of smart phones in local
     and international as well as malicious code status. In section 3, smart phone security threats are
     classified, and in section 4, analyze corresponding status according to the smart phone security
     threats. Finally, conclusion is presented in section 5.

     2. Works Related

     2.1. Smart phones usage in local and international

        Locally there are 2600000 thousands of people use smart phone based Feb. 2012. 90% of
     them are using iphone and android phones and among them, the number of android phone users
     that connected to some bad works such as jailbreak, rooting, hacking, etc is greater than number

     * This work was supported by the Security Engineering Research Center, granted by the Korea Ministry of Knowledge Economy
     ** This paper has been supported by 2013 Hannam University Research Fund.

International Journal of Advancements in Computing Technology(IJACT)                                                             459
Volume 5, Number 11, July 2013
doi : 10.4156/ijact.vol5.issue11.57
Analysis of Smartphone Security Problem - Android and iPhone
                         Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park

of iphone users that did same bad things. It shows that the percentage of jailbreaks increase as
using period is long[1].
   The reasons for the jailbreak by using smart phones, paid application downloaded free and
every body has got some strong potential to use a smart phone as their personal preference. The
update of iOS version is greater than android version. The reason is that apple devices is
produced by a one mother company and their software also only provided by the mother
company. In case of android phones, they make hardwares and softer wares are produced
seperately and it takes little longer to update the OS than apple[6-10].

2.2. Malicious code status

   The malicious code is used in case of collecting user information(SMS, GPS, etc),
information leakage, illegal billing etc[3]. In order to hack a smart phone that has a malicious
code, it needs such a advanced hacking technology that use like a foreign smart phone banking
etc. But locally, there are no any malicious code is discovered. However these days some
primary malicious code is discovering to prevent linking to financial fishing sites.

                     Table 1. Status of malicious code by major smartphone OS
   Smartphone OS           Malware Name                            Description
                                                     Outflow text messages in real time to any particular
                             SMS Relicator
                                                  user
                               SMS Send              Induction charging occurs via text messages, etc.
                                                     Confirm smartphone location installed GPSSpy
                                 Snake            TabSnake and Transfer GPS information of user to a
        Android                                   specific server
                                                     Collect personoal information or specific device
                                 Ewalls           within smartphone and transfer to specific server.
                                                  Caused a number of similar progrmas.
                                                     Found in China, Transfer personal information to a
                                Geinimi
                                                  specific server.
                                                     Outgoing international calls to unauthorized cause
                                TreDial
                                                  unwanted billing
    Windows Mobile
                                                     Windows Mobile's first virus infected executable
                                  Duts
                                                  files, proof-of-concept virus

                              LKE Worm               Malware of iPhone ’ s first, Change wallpaper,
                                                  operating jailbreak devices
                                                     Infected iPhone a wireless LAN connection, if
                               Privacy. A         personal information (text messages, email, etc.)
        iPhone                                    remotely delivered
                                                     IPhone jailbreak program disguised as information
                                                  leakage type malware, Google Talk, MSN Messenger,
                            Agent.535552.F
                                                  Yahoo and other services, such as user ID and password
                                                  to log in to your account information leakage

3. Smart phone security threats
   There are many researches going on in local and international research institutes in order to
develop security threat of smart phones, and also they classify the security procedure that users
and providers must consider based on malicious code and 0-day method , etc. In order to
prevent such things like hacking, illegal billing etc, many researches are done in NIST, ENISA,
ITU-T, FSA, NIPA and it show in table 2[11-15].

                                                                                                            460
Analysis of Smartphone Security Problem - Android and iPhone
                           Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park

                          Table 2. Classification of Smartphone Security Threat
         Division                                     Security (details) threats
                             Unauthorized access, malware, electronic eavesdropping (S / W),
     Smart phone itself
                             information leakage, and platform (app) forgery
                             Platform (firmware), forgery, malicious code entering, information
       Work with PC
                             disclosure
                             Access to a fake AP induction, data surveillance, tampering, denial of
          Network
                             service attacks
          Server             Malicious code distribution, remote control, phishing, pharming, spam
   Interworking between
                             External Interface
        smartphones
            Etc              Lost, stolen

   Among the smart phone security methods, the malicious code method is observing
continuously and specialized method needs for each security threats. malicious code threat can
be classified as two component, fishing-farming and physical threat , etc. The fishing-farming is
typically occurs in internet, while physical threat typical for visa phone. The smart phone can be
used for internet and as a visa phone too. So it is possible to have these two threat in smart
phone.

4. Corresponding status of smart phone security
   Recently, the security system in the smart phone may similar to PC security system or it can
be advanced than that. However the new issues about smartphone security threat is rising. The
new issues mentioned above can be classified in to two parts[16-18].

                     Table 3. Classification of Smartphone Security Threat
       Environmental aspects of service                Corresponding technical aspects
                                                           · Continuous bypass techniques on how to
                                                       jailbreak
    · Important module update (firmware and OS,       ·   0-day attacks, smartphone, technology,
etc.), such as security awareness on the need and modulation due to the increase in financial apps,
complexity of the technical and managerial Rootkit value cut through the touch events, and other
limitations derived                               various malware increases in Kernel Mode
    · Critical modules (firmware, etc.) through the    · Non-compliance with a standardized security
update over the absence of symptoms and the need technology in the development of sporadic technical
for recognition                                     complexity of the program increases
   · Critical modules (firmware, etc) updates      · Due to the limited resource environment,
applied and enhanced security awareness on the smartphone security technology implementation
importance nanjet                              difficulties of high-intensity
    · A variety of smartphone features that require    · Black list, mobile phone theft by fraud schemes
the user's situation, an increase in self-jailbreak and the difficulty of managing important information
                                                          · Financial apps absence of a centralized
                                                       management point

   In order to respond to smartphone security threats, Financial Supervisory Service (FSS) and
KISA are offer technical requirement in smartphone environment such as table 4 to based on a
technical point of view(corresponding technologies and management techniques in part).

                                                                                                           461
Analysis of Smartphone Security Problem - Android and iPhone
                             Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park

                           Table 4. Classification of Smartphone Security Threat
   Apply security                                            Technical           Practices related
                           Ongoing security issues
    technology                                             Considerations          technologies
                         One user to encrypt data onprotection technology of
                          the device, the input media Data         processing     and
                                                                                      H / W support, such as
Apply encryption          and data processing page (or handling         area     code
                                                                                       virtualization technical
                          program) the integrity of the (handling the location /
                          infringement                    area)
                         Using the keypad, the
                          fragility of the security data,                             Trusted I / O functions
                                                         input protection of H / W
Apply security keypad hacking techniques, such as                                      (physical      I    /     O
                                                          level, medium-level
                          exposure and discoverability                                 separation)
                          forgery
                         Sophisticated logical attack
Certificate and two-                                                                  Deal signed technical
                          (MITM,        MITMB       etc.)Technology to ensure the
channel authentication                                                                 performed      in     secure
                          hacking techniques used to integrity of transactions
function                                                                               media / space
                          discover potential
                                                         HW-level            platform
                                                          integrity verification, and
                         Routing, to prevent escape,
                                                          management capabilities
Operating forgery, App App integrity protection
                                                          to support the App in theSupports               Trusted
integrity    verification technology found hack to
                                                          financial process and Platform technology
capabilities              bypass the possibility of
                                                          guarantee the protection
                          continuous
                                                          of the main module
                                                          technology
                                                         Verify the effectiveness
                                                          of the core functionality
                         Services for the management                                  financial           services
Lost, Stolen terminal                                     needed,            financial
                          of their own security, rather                                management Technology
management                                                transaction services for
                          than a terminal function                                     of smart terminals
                                                          the     management        of
                                                          requirements definition

   The table 4 shows that, in order to improve the security in smart phones, there are some
hardware technologies that must be set. The hardware level security should not be set up blindly.
To adopt threat technologies in hardware level, the following verifications are required.
Requirements, technical utilization, technical effect, infrastructure and well mutual
understanding between sectors.

5. Conclusion

   The accident damages due to weak security of Smart Phone increases as the services utilizing the
   It is a problem that leaking business information, personal information to out in case of missing or
losing the phone(being theft). In this paper, we identified the recent trends of smart phone's security
threat and based on these information we looked in to the present progress of the security thereat of
smart phone. The surveyed result by this paper and the data can be necessary to reduce security
problems as much as possible, in smart phones. Our next plan is to research on technologies of smart
phone security threat.

References

[1] KOREA COPYRIGHT COMMISION, “Research on status of copyright violations from mobile
    equipment and setting up countermeasures”, KOREA COPYRIGHT COMMISION, Dec. 2011.
[2] ASEC Report, Ahn Lab., Mar. 2012.
[3] Network Tiems, “Implementation of mobile office – security measures established ‘top’”, Network
    Times, Mar. 2011.
[4] NIST, Guidelines on Cell Phone and PDA Security, NIST, Oct. 2008.
[5] ‘Smartphones information security risks, opportunities and recommendations for users’, ENISA,
    Dec. 2010.

                                                                                                                      462
Analysis of Smartphone Security Problem - Android and iPhone
                         Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park

[6] ITU-T, “Security aspects of mobile phones”, ITU-T, Apri. 2011.
[7] Financial Security Agency, “Smartphone security guide of financial sector”, Financial Security
     Agency, Dec. 2010.
[8] NIPA, “Information security technology trends smartphone”, NIPA, Sep. 2011.
[9] ETNews, “Real-time interception of key values ‘Android smartphone key logger’ appearance”,
     Electronic Times News, Nov. 2011.
[10] Security News, “Bank transfer Possibility through real smartphone bank hacking!!”, Security
     News. Dec. 2010.
[11] Security News, “Outsmarted vaccine ‘super smart phone malware’ potential has been proven”,
     Security News, May. 2012.
[12] C. S. Park, “Security measures for the implementation of secure mobile services, Seoul Womens
     University”, Jun. 2010.
[13] CIO Report, “Security issues and response strategies of smart phones and mobile office”, NIA,
     Vol. 26, Oct. 2010.
[14] Magic Quadrant for Mobile Data Protection, Gartner, Sep. 2011.
[15] D. H. Bae, “Study on SecureSMS own authentication Scheme in mobile environment”, Korea
     Internet & Security Agency, Nov. 2010.
[16] H. S. Kim and Y. E. Choi, “Security issues and outlook of the mobile ecosystem”, TTA Journal,
     no. 243, pp. 49-53, 2010.
[17] D. H. Kang, J. H. Han, Y. K. Lee, Y. S. Cho, S. W. Han, J. N. Kim, H. S. Cho, “Smartphone
     Threats and Security Technologyh”, ETRI, Vol. 25, No. 3, pp. 72-80, Jun. 2010.
[18] KISA, “Study on development of smartphone based malicious code collection and analysis
     platform”, KISA, Dec. 2010.

                                                                                                     463
You can also read
Next slide ... Cancel