International Journal of Advanced Research in Computer Science and Software Engineering
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Volume 5, Issue 3, March 2015 ISSN: 2277 128X
International Journal of Advanced Research in
Computer Science and Software Engineering
Research Paper
Available online at: www.ijarcsse.com
Special Issue on 2nd International Conference on Electronics & Computing Technologies-2015
Conference Held at K.C. College of Engineering & Management Studies & Research, Maharashtra, India
Smartphone Security: Review of Attacks, Detection and Prevention
Poornima Mahesh, Ashwini Jayawant, Geetanjali Kale
K.C.C.E.M.S.R. Thane, Maharashtra,
India
Abstract— In recent years Smartphone has become the most typical and popular mobile device. It acts as portable
computer and functions similar to the processing unit, communication unit, data storage unit of any ordinary PC. It
also provides many computers’ service, such as web browser, portable media player, video call, GPS, Wi-Fi and many
other applications. Due to inadequate access control policies and lack of information on securing mobile devices it is
necessary to study the challenges of provisioning and managing security in mobile phone environments. However, the
security of mobile communication has topped the list of concerns for mobile phone users. Confidentiality,
Authentication, Integrity and Non-repudiation are required security services for mobile communication. This paper
highlights various aspects of security that require extra focus when enabling mobile. This paper reviews various
security issues of Smart phones.
Keywords—Smartphone, Security, Mobile communication, Authentication
I. INTRODUCTION
Security is required to avoid illegal access to the user‟s private information and data. It is required to ensure that
whether people in the social network provide their real information or not. To address these issues, a lot of methods, such
as strong authentication, account control and protecting application layer attacks, should be added into this kind of
applications. The providers of Smartphone‟s applications should take more responsibility to protect their users from these
attacks. Secondly, when social network application becomes more and more popular, the importance of security and trust
attracts more attention.
Smartphone are increasingly becoming a target of security threats. Because, the number of attacker performing browser
attack is increasing recent year, whose targets are many different kinds of smart phone‟s applications. There is one kind
of Trojan that can infect users' web searching engine and modify web pages or transactions. Some approaches can be
used to protect users from this kind of attack, such as transaction validation, site to client authentication, security code
evolution etc.
Users own mobile device can be used to increase productivity of an organisation Users can access corporate resources
from their own mobile devices. [10] However, introducing mobile devices in the enterprise presents additional security
challenges. Android devices may even serve as remote bases for attacks on other GSM subscribers, though this is
regarded highly improbable. Several new and well-known threat scenarios apply for Android smart phones.
These include easily conductible money fraud, industrial espionage, corporate or military network infiltration and even
denial of service attacks on today‟s already heavily loaded mobile networks.
II. SECURITY ISSUES FACED BY ANDROID
Android mobile phones have various security issues, which are given below:
1. ANDROID has no specific control is applied to applications submitted by developers. There is no security scan in
Android over the applications being uploaded. User can work as admin [11] install application, download data, access
unprotected networks there is no restriction in Android domain. Android is a modern mobile platform which is designed
to be truly open source. Therefore it is available to legitimate developers as well as hackers too. So for developing critical
systems the Android framework cannot be trusted.
2. PC and any Android device can be connected by using USB cable, laying out the contents of its SD card for
read/write/delete. These methods could be utilised themselves for bringing malware in to a corporate network, for
downloading malicious content on to a PC as soon as it is connected. Android Beam (Android 4.0), an NFC (Near Field
Communication) based file and data transmission system with a range of approximately 10 cm. Android Beam is of
limited utility, as it requires user interaction for installation. For example, a web link to a malicious app can be sent to
another Android4 device via Android Beam, but the user still has to click the link and confirm it.
The limited physical distance reduces malware infection risks even further. As USB host mode has only recently become
available, device-to-device propagation has not yet been reported. However, Android 4 comes shipped with
a db server which allows remote access via shell on other connected Android devices. As a result, malware can use the
pre supplied a db program to install apps on other devices. Any difficulties in implementing the db protocol are thus
eliminated. Facilities for device-to-device infections are provided by the Android operating system.
© 2015, IJARCSSE All Rights Reserved Page | 141Mahesh et al., International Journal of Advanced Research in Computer Science and Software Engineering 5 (3),
March- 2015, pp. 141-145
3. There are some apps which can exploit the services of another app without permission request [8]. Any app on the
android platform will access device data just like the GSM and SIM marketer Ids without the permission of the user.
4. Infection via Rogue Wireless Networks the monthly amount of data which can be transmitted in current plans is very
limited therefore users are attracted towards open wireless access points .The various options to manipulate data traffic
sent from or to a user‟s handheld device are download and installation requests for apps distributed by single websites
instead of the official vendor app market can be easily redirected to malicious APK files. Even legitimate apps may be
replaced during transmission. Alternatively, users logging into the rogue wireless network may be presented with a fake
website displaying a critical update to an app installed on nearly all devices such as Google Search.
App Developer
Uploads
Legitimate
App
Android
Market
Legitimate
App
Downloads
Malware Author
Repackages
legitimate apps
with malware
Trojaned Passwords
App Bank Account details
Distributed Documents
pirated apps Contact Details
….
Android Websites
3rd Party
Market App store
User downloads
pirated apps; get
infected
User
Trojaned apps
transmits data to
malware author
Fig.1Repackaging process[9]
The majority of all infections are conducted through free illegitimate copies of paid content. Users unwilling to pay for
such content turn to pirated copies, which are often altered to deliver malicious code. This process, known as
“repackaging”,is illustrated in Figure 1.
III. TYPES OF ATTACKS [1]
They are classified as:
1. Malware
2. Grayware
3. Spyware
Malware
Mobile Threats
Model
Spyware Grayware
Fig2 .Mobile threat model[12]
© 2015, IJARCSSE All Rights Reserved Page | 142Mahesh et al., International Journal of Advanced Research in Computer Science and Software Engineering 5 (3),
March- 2015, pp. 141-145
1. Malware: It can be defined as malicious software which accesses mobile phones confidential information and can
result in collapse of device.
Malwares can be classified as:
a. SMS attacks: In this type, attacker can send phishing links and acquire some sensitive information such as
credit/debit card number and password.
b. Bluetooth attacks: In this type of attack, user‟s mobile location can be tracked as well as conversation can be
listened by attacker by using special type of software. Attacker can also access user‟s contact details and
messages.
c. Premium rate attacks: With this type of attack, attacker can send premium rate SMSs and can make calls to
premium rated number without user‟s consent.
d. Phone jail-breaking: In this type of attack, attacker sends some attractive messages to install certain
applications which can be harmful for the mobile phone.
2. Grayware: Though it does not cause any damage to mobile device, but it uses certain applications to access data
from mobile phone for marketing purpose.
3. Spyware: A spyware is a malicious application that pretends to be something it is not or actively hides itself from the
user while collecting bits of information about the user without the user‟s knowledge or consent. It is a spy software
which hides in an application or software. It monitors victim's activities after installed and sends activity report to the
attacker In this type, user‟s personal information like call list, location, contact list can be accessed by attacker and
he can physically access the device without user‟s consent.
4. Rooting: Rooting means to grant the user full administrative access to their smart phone. This includes installation of
apps in conflict with the android security architecture. Some users may wish to install modified operating systems on
their devices, which is also only possible with privileged access. This usage model is not driven by a third party‟s
malicious intent. However, rooting one‟s smart phone may introduce higher risks of successful malware infection.
Some modified operating systems are less well maintained than pre installed ones. They also often provide facilities
for any installed software to easily gain root privileges. Thus, rooting a smart phone may pose a high security risk.
IV. DETECTION
In mobile environment, the detection techniques should be energy efficient because of the very nature of limited device
resource. Smart phone malware detection techniques are categorized in two types
A. Host-based: The technique that runs in mobile phone is termed as host-based technique. Most mobile-specific
versions of antivirus software that is currently available offered by security vendors implement similar techniques used
by their desktop variants.
There are three types of of Static analysis methods
a) System call based analysis
b) Static taint analysis
c) Source code analysis
In these analysis methods code or application is analyzed without executing the program. Static analysis is a fast and
simple approach. These methods are explained in figure 3.[14]
Start
Android application
Decompile
Android source code
Semantic Analysis
Abstract syntax tree
Data Flow
Analysis
Android source code
End
Fig. 3 : Flow of Static Analysis
Another method suggested by various papers is dynamic analysis. This method dynamically monitors the behavior of
mobile application in an isolated environment hence termed as dynamic or behavioral analysis.
© 2015, IJARCSSE All Rights Reserved Page | 143Mahesh et al., International Journal of Advanced Research in Computer Science and Software Engineering 5 (3),
March- 2015, pp. 141-145
B. Cloud-based: In this technique the intense computation is offloaded to a separate server to improve the efficiency, of
s smart phone. Mobile devices have less resource and having a full-fledged detection system in a mobile device would be
a resource overhead.A cloud based approach can be used efficiently to reduce. In this scheme a light-weight
client application monitors the system calls in the device and sends it to the server in cloud to detect
malicious behaviour. Thus, offloading of powerful computation to the cloud will enable efficient
detection for heterogeneous devices. In this method, there are two components, first components checks the file in local
cache and second component analyses it. Host agent runs in mobile device that sends the files to a server. Access to each
file is captured and the file is checked in a local cache for availability or modification. In case the file is changed or a new
file, then it is sent to the server. The server can have multiple antivirus engines with more sophistication which cannot be
done in a mobile phone. The detection could use either Static analysis or Dynamic analysis or both. The server could
have an emulator to replay the access to check for any malicious activity. The centralized server could maintain black-
listed malware and check for similar pattern in the new files. [13]
Mobile File
Monitor 1
Cloud
Detection
Server
Mobile File
Monitor 2
Emulator
Fig. 4 Cloud Detection System
There are many operating systems available for the smart phones; one of this is The Android operating system. Android
is an open source and free mobile operating system based on the Linux kernel and developed by the free software
community, Google, Open Handset Alliance. It is a modern mobile platform which is designed to be truly open source.
The Android applications can uses advanced level of both hardware and software as well as local and server data,
through this platform developer bring innovation and value to consumers. The open nature of Android and its large user
base have made it an attractive and profitable platform to attack. Common exploits and tool kits on the OS can be utilised
across a wide number of devices, meaning that attackers can perform exploits and re-use attack vectors. To ensure
security of user data,, application and network Android platform must have security mechanism [1].
The developer develops an application and uploads it to Android market which is a paid legitimate application. The
attacker downloads the application then the attacker analyses the code obtained by reverse-engineering, inserts malicious
code, and then recompiles it to create a forged DEX file with which he/she can repackage and self-sign the app with
his/her private key and the distribute the forged app. Most of the smart phone users are attracted towards such free
versions rather than paid legitimate applications. So such infected applications are downloaded and becoming popular.
V. METHODS TO PREVENT ATTACKS ON ANDROID SMART PHONES
Ways to prevent Android Malware attacks:
a. Download apps from authorized or legitimate apps stores. If you want to better understand how your smart phone‟s
content is being accessed, check out the application permissions when you download an app from Google Play. Once
you hit the „Install‟ button but before you „accept & download‟, you‟ll be presented with a list of permissions grouped
by categories such as „Storage‟, „System tools‟, „Network communication‟ and „Your location.‟ If you're not
comfortable sharing the information, don't install the app.
b. Switch off 'Unknown sources'
Depending on which version of Android your device runs, you‟ll have the option to allow or disallow „Unknown
sources‟ of non-market applications. Clicking allow enables you to find app files such as .APKs from elsewhere on the
internet to endow your Android phone with applications unavailable through official
c. Choose the best antivirus app for your phone. There are a decent array of mobile security apps like McAfee Antivirus
& Security, Norton Antivirus & Security, Lookout Security & Antivirus
d. Use authentication such as Passwords to protect your phone.
e. Don‟t view or share sensitive personal information in the public Wi-Fi.
f. Read and understand the permissions before you download any new app.
g. Make sure you download apps that are scanned through Bouncer (internal malware scanner in android market)
There are some strategies that we‟d like tom point out for hardening smart -phone which we discuss as follows:
• Attack surface reduction: Desktop PCs and mobile devices both have similar
hardware and software running inside. Hence, security for computers and smart phones has a lot of
common characteristics but this mechanism may be more effective for smart-phones than PC because the smart-phone
usage model is different from that of PCs.[12] Although smart-phone is always on, most of its features need not be
active. For example, when users make an outgoing phone call or compose a SMS message, the PC part of the smart
phones can be turned off.
© 2015, IJARCSSE All Rights Reserved Page | 144Mahesh et al., International Journal of Advanced Research in Computer Science and Software Engineering 5 (3),
March- 2015, pp. 141-145
Hardware hardening: The SIM card of smart phone has evolved to incorporate the use of the SIM Toolkit (STK) — an
API for securely loading applications to the SIM. STK allows the mobile operator to create or provision services by
loading them into the SIM card without changing anything in the GSM handset. One interesting approach therefore is to
combine STK card and TCG‟s Trusted Platform Module (TPM) for smart-phone hardware hardening. This way no
additional security chips will be needed.[7]
VI. CONCLUSION
Nowadays, mobile phones are not only restricted to voice services but also used for browsing internet, playing games,
sending multimedia messages, mobile banking. Many industry professional are using their sophisticated mobile devices
which helps to improve their productivity but confidential data of their enterprise moves outside of the secure perimeter
of the enterprise. Therefore new security threats are emerging.
As pointed out by recent research and publications, attacks on Android powered devices are becoming more
sophisticated. They are now capable of spreading mechanisms which do not require explicit user confirmation. Malware
may be delivered unnoticed through desktop computers, other Android devices or trojanized apps. Malicious apps cannot
be avoided completely. Especially pirated apps or multimedia content in popular demand targeting user groups with
typically low awareness levels are predestined to spread to many devices before being identified by Google as malware.
REFERENCES
[1] “REVIEW ON MOBILE THREATS AND DETECTION TECHNIQUES”, Lovi Dua and Divya Bansal Computer
Science Department, PEC University of Technology, Sector 12, Chandigarh 160012, India. IJDPS Vol.5, No.4,
July 2014.
[2] “Comprehensive Security System for Mobile Network Using Elliptic Curve Cryptography over GF (p)”
Lokesh Giripunje Sonali Nimbhorkarv Nagpur, International Journal of Advanced Research in
Computer Science and Software Engineering, Volume 3, Issue 5, May 2013.
[3] Extending Enterprise Access and Governance with Oracle Mobile Security , March 2014.
[4] “Users Perceptions of Mobile Phone Security: A Survey Study in the Kingdom of Saudi Arabia”
Thamer Alhussain, Rayed AlGhamdi, Salem Alkhalaf, and Osama International Journal of Computer Theory
and Engineering, Vol. 5, No. 5, October 2013
[5] “A Research on Software Security Vulnerabilities of New Generation Smart Mobile Phones”
N. Yıldırım, R. Daş and A. Varol. ISDFS‟14), 12-13 May 2014, Houston, TX
[6] “A stochastic model of TCP Reno congestion avoidance and control,” J. Padhye, V. Firoiu, and D. Towsley,
Univ. of Massachusetts, Amherst, MA, CMPSCI Tech. Rep. 99-02, 1999.
[7] “Smart-Phone Attacks and Defenses”, Chuanxiong Guo xguo Microsoft Research Helen J. Wang helenw
MicrosoftResearchWenwuZhu
[8] “Review of Malware Defense in Mobile Network using Dynamic Analysis of Android Application”, Miss.
Ashwini A. Dongre, Dept. Of Computer Science and engineering P.R.Patil College of engineeringAmravati,
Prof.C.J.ShelkeDept.ofComputerScience and engineering, P.R.PatilCollegeofengineeringAmravati,India
[9] Android OS Security: Risks and Limitations Rafael Fedler, Christian Banse,ChristophKrauß,andVolkerFusenig
[10] Good Technology Mobility Index Report Highlights Enterprise Mobility Shift from Devices to
Applications, Aug 12, 2014 | Sunnyvale, CA
[11] “A Brief Guide to Android Security” /Ryan Farmer
www.acumin.co.uk/download_files/.../android_white_paper_2.pdf
[12] “Mobile Malware Evolution, Detection and Defense” Srikanth Ramu,The Institute for Computing, Information
and Cognitive Systems (ICICS),University of BritishColumbiaVancouver,BCV6T1Z4 Canada
[13] “Virtualized in-cloud security services for mobile devices”, Jon Oberheide , Kaushik Veeraraghavan , Evan
Cooke ,
Jason Flinn , Farnam Jahanian, , Proceedings of the First Workshop on Virtualization in Mobile Computing,
June 17-17, 2008, Breckenridge, Colorado
[14] “Runime-based Behavior Dynamic Analysis System for Android Malware Detection” ,Luoxu Min,Qinghua
Cao,Proceedings of the 2012 2nd International Conference on Computer and Information Application (ICCIA
2012)
© 2015, IJARCSSE All Rights Reserved Page | 145You can also read
