Mobile security


Mobile security, or more specifically mobile device security, has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones.
More and more users and businesses use smartphones to communicate, but also to plan and organize their users' work and also private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company.
All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses inherent in smartphones that can come from the communication mode—like Short Message Service, Multimedia Messaging Service, WiFi, Bluetooth and GSM, the de facto global standard for mobile communications. There are also exploits that target software vulnerabilities in the browser or operating system. And some malicious software relies on the weak knowledge of an average user.
Security countermeasures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps.

Challenges of smartphone mobile security

Threats

A smartphone user is exposed to various threats when they use their phone. In just the last two-quarters of 2012, the number of unique mobile threats grew by 261%, according to ABI Research. These threats can disrupt the operation of the smartphone, and transmit or modify user data. So applications must guarantee privacy and integrity of the information they handle. In addition, since some apps could themselves be malware, their functionality and activities should be limited.
There are three prime targets for attackers:
There are a number of threats to mobile devices, including annoyance, stealing money, invading privacy, propagation, and malicious tools.
The source of these attacks are the same actors found in the non-mobile computing space:
When a smartphone is infected by an attacker, the attacker can attempt several things:

Attack based on SMS and MMS

Some attacks derive from flaws in the management of SMS and MMS.
Some mobile phone models have problems in managing binary SMS messages. It is possible, by sending an ill-formed block, to cause the phone to restart, leading to the denial of service attacks. If a user with a Siemens S55 received a text message containing a Chinese character, it would lead to a denial of service.
In another case, while the standard requires that the maximum size of a Nokia Mail address is 32 characters, some Nokia phones did not verify this standard, so if a user enters an email address over 32 characters, that leads to complete dysfunction of the e-mail handler and puts it out of commission. This attack is called "curse of silence".
A study on the safety of the SMS infrastructure revealed that SMS messages sent from the Internet can be used to perform a distributed denial of service attack against the mobile telecommunications infrastructure of a big city. The attack exploits the delays in the delivery of messages to overload the network.
Another potential attack could begin with a phone that sends an MMS to other phones, with an attachment. This attachment is infected with a virus. Upon receipt of the MMS, the user can choose to open the attachment. If it is opened, the phone is infected, and the virus sends an MMS with an infected attachment to all the contacts in the address book. There is a real-world example of this attack: the virus Commwarrior uses the address book and sends MMS messages including an infected file to recipients. A user installs the software, as received via MMS message. Then, the virus began to send messages to recipients taken from the address book.

Attacks based on communication networks

Attacks based on the GSM networks

The attacker may try to break the encryption of the mobile network. The GSM network encryption algorithms belong to the family of algorithms called A5. Due to the policy of security through obscurity it has not been possible to openly test the robustness of these algorithms. There were originally two variants of the algorithm: A5/1 and A5/2, where the former was designed to be relatively strong, and the latter was designed to be weak on purpose to allow easy cryptanalysis and eavesdropping. ETSI forced some countries to use A5/2. Since the encryption algorithm was made public, it was proved it was possible to break the encryption: A5/2 could be broken on the fly, and A5/1 in about 6 hours. In July 2007, the 3GPP approved a change request to prohibit the implementation of A5/2 in any new mobile phones, which means that it has been decommissioned and is no longer implemented in mobile phones. Stronger public algorithms have been added to the GSM standard, the A5/3 and A5/4, otherwise known as KASUMI or UEA1 published by the ETSI. If the network does not support A5/1, or any other A5 algorithm implemented by the phone, then the base station can specify A5/0 which is the null-algorithm, whereby the radio traffic is sent unencrypted. Even in case mobile phones are able to use 3G or 4G which have much stronger encryption than 2G GSM, the base station can downgrade the radio communication to 2G GSM and specify A5/0 . This is the basis for eavesdropping attacks on mobile radio networks using a fake base station commonly called an IMSI catcher.
In addition, tracing of mobile terminals is difficult since each time the mobile terminal is accessing or being accessed by the network, a new temporary identity is allocated to the mobile terminal. The TMSI is used as the identity of the mobile terminal the next time it accesses the network. The TMSI is sent to the mobile terminal in encrypted messages.
Once the encryption algorithm of GSM is broken, the attacker can intercept all unencrypted communications made by the victim's smartphone.

Attacks based on Wi-Fi

An attacker can try to eavesdrop on Wi-Fi communications to derive information. This type of attack is not unique to smartphones, but they are very vulnerable to these attacks because very often the Wi-Fi is the only means of communication they have to access the internet. The security of wireless networks is thus an important subject. Initially, wireless networks were secured by WEP keys. The weakness of WEP is a short encryption key which is the same for all connected clients. In addition, several reductions in the search space of the keys have been found by researchers. Now, most wireless networks are protected by the WPA security protocol.
WPA is based on the "Temporal Key Integrity Protocol " which was designed to allow migration from WEP to WPA on the equipment already deployed. The major improvements in security are the dynamic encryption keys. For small networks, the WPA is a "pre-shared key" which is based on a shared key. Encryption can be vulnerable if the length of the shared key is short. With limited opportunities for input, mobile phone users might define short encryption keys that contain only numbers. This increases the likelihood that an attacker succeeds with a brute-force attack. The successor to WPA, called WPA2, is supposed to be safe enough to withstand a brute force attack.
As with GSM, if the attacker succeeds in breaking the identification key, it will be possible to attack not only the phone but also the entire network it is connected to.
Many smartphones for wireless LANs remember they are already connected, and this mechanism prevents the user from having to re-identify with each connection. However, an attacker could create a WIFI access point twin with the same parameters and characteristics as the real network. Using the fact that some smartphones remember the networks, they could confuse the two networks and connect to the network of the attacker who can intercept data if it does not transmit its data in encrypted form.
Lasco is a worm that initially infects a remote device using the SIS file format. SIS file format is a script file that can be executed by the system without user interaction. The smartphone thus believes the file to come from a trusted source and downloads it, infecting the machine.

Principle of Bluetooth-based attacks

Security issues related to Bluetooth on mobile devices have been studied and have shown numerous problems on different phones. One easy to exploit vulnerability: unregistered services do not require authentication, and vulnerable applications have a virtual serial port used to control the phone. An attacker only needed to connect to the port to take full control of the device. Another example: a phone must be within reach and Bluetooth in discovery mode. The attacker sends a file via Bluetooth. If the recipient accepts, a virus is transmitted. For example: Cabir is a worm that spreads via Bluetooth connection. The worm searches for nearby phones with Bluetooth in discoverable mode and sends itself to the target device. The user must accept the incoming file and install the program. After installing, the worm infects the machine.

Attacks based on vulnerabilities in software applications

Other attacks are based on flaws in the OS or applications on the phone.

Web browser

The mobile web browser is an emerging attack vector for mobile devices. Just as common Web browsers, mobile web browsers are extended from pure web navigation with widgets and plug-ins, or are completely native mobile browsers.
Jailbreaking the iPhone with firmware 1.1.1 was based entirely on vulnerabilities on the web browser. As a result, the exploitation of the vulnerability described here underlines the importance of the Web browser as an attack vector for mobile devices. In this case, there was a vulnerability based on a stack-based buffer overflow in a library used by the web browser.
A vulnerability in the web browser for Android was discovered in October 2008. As the iPhone vulnerability above, it was due to an obsolete and vulnerable library. A significant difference with the iPhone vulnerability was Android's sandboxing architecture which limited the effects of this vulnerability to the Web browser process.
Smartphones are also victims of classic piracy related to the web: phishing, malicious websites, software that run in the background, etc. The big difference is that smartphones do not yet have strong antivirus software available.

Operating system

Sometimes it is possible to overcome the security safeguards by modifying the operating system itself. As real-world examples, this section covers the manipulation of firmware and malicious signature certificates. These attacks are difficult.
In 2004, vulnerabilities in virtual machines running on certain devices were revealed. It was possible to bypass the bytecode verifier and access the native underlying operating system. The results of this research were not published in detail. The firmware security of Nokia's Symbian Platform Security Architecture is based on a central configuration file called SWIPolicy. In 2008 it was possible to manipulate the Nokia firmware before it is installed, and in fact in some downloadable versions of it, this file was human readable, so it was possible to modify and change the image of the firmware. This vulnerability has been solved by an update from Nokia.
In theory smartphones have an advantage over hard drives since the OS files are in ROM, and cannot be changed by malware. However, in some systems it was possible to circumvent this: in the Symbian OS it was possible to overwrite a file with a file of the same name. On the Windows OS, it was possible to change a pointer from a general configuration file to an editable file.
When an application is installed, the signing of this application is verified by a series of certificates. One can create a valid signature without using a valid certificate and add it to the list. In the Symbian OS all certificates are in the directory:. With firmware changes explained above it is very easy to insert a seemingly valid but malicious certificate.

Attacks based on hardware vulnerabilities

Electromagnetic Waveforms

In 2015, researchers at the French government agency Agence nationale de la sécurité des systèmes d'information demonstrated the capability to trigger the voice interface of certain smartphones remotely by using "specific electromagnetic waveforms". The exploit took advantage of antenna-properties of headphone wires while plugged into the audio-output jacks of the vulnerable smartphones and effectively spoofed audio input to inject commands via the audio interface.

Juice Jacking

Juice Jacking is a physical or hardware vulnerability specific to mobile platforms. Utilizing the dual purpose of the USB charge port, many devices have been susceptible to having data exfiltrated from, or malware installed onto a mobile device by utilizing malicious charging kiosks set up in public places or hidden in normal charge adapters.

Jail-breaking and rooting

is also a physical access vulnerability, in which mobile device users initiate to hack into the devices to unlock it, and exploit weaknesses in the operating system. Mobile device users take control of their own device by jail-breaking it, and customize the interface by installing applications, change system settings that are not allowed on the devices. Thus, allowing to tweak the mobile devices operating systems processes, run programs in the background, thus devices are being expose to variety of malicious attack that can lead to compromise important private data.

Password cracking

In 2010, researcher from the University of Pennsylvania investigated the possibility of cracking a device's password through a smudge attack. The researchers were able to discern the device password up to 68% of the time under certain conditions. Outsiders may perform over-the-shoulder on victims, such as watching specific keystrokes or pattern gestures, to unlock device password or passcode.

Malicious software (malware)

As smartphones are a permanent point of access to the internet, they can be compromised as easily as computers with malware. A malware is a computer program that aims to harm the system in which it resides. mobile malware variants have increased by 54% in the year 2017. Trojans, worms and viruses are all considered malware. A Trojan is a program that is on the smartphone and allows external users to connect discreetly. A worm is a program that reproduces on multiple computers across a network. A virus is malicious software designed to spread to other computers by inserting itself into legitimate programs and running programs in parallel. However, it must be said that the malware are far less numerous and important to smartphones as they are to computers.
Nonetheless, recent studies show that the evolution of malware in smartphones have rocketed in the last few years posing a threat to analysis and detection.

The three phases of malware attacks

Typically an attack on a smartphone made by malware takes place in 3 phases: the infection of a host, the accomplishment of its goal, and the spread of the malware to other systems. Malware often uses the resources offered by the infected smartphones. It will use the output devices such as Bluetooth or infrared, but it may also use the address book or email address of the person to infect the user's acquaintances. The malware exploits the trust that is given to data sent by an acquaintance.

Infection

Infection is the means used by the malware to get into the smartphone, it can either use one of the faults previously presented or may use the gullibility of the user. Infections are classified into four classes according to their degree of user interaction:
; Explicit permission:The most benign interaction is to ask the user if it is allowed to infect the machine, clearly indicating its potential malicious behavior. This is typical behavior of a proof of concept malware.
; Implied permission:This infection is based on the fact that the user has a habit of installing software. Most trojans try to seduce the user into installing attractive applications that actually contain malware.
; Common interaction:This infection is related to a common behavior, such as opening an MMS or email.
; No interaction:The last class of infection is the most dangerous. Indeed, a worm that could infect a smartphone and could infect other smartphones without any interaction would be catastrophic.

Accomplishment of its goal

Once the malware has infected a phone it will also seek to accomplish its goal, which is usually one of the following: monetary damage, damage data and/or device, and concealed damage:
; Monetary damages:The attacker can steal user data and either sell them to the same user or sell to a third party.
; Damage:Malware can partially damage the device, or delete or modify data on the device.
; Concealed damage:The two aforementioned types of damage are detectable, but the malware can also leave a backdoor for future attacks or even conduct wiretaps.

Spread to other systems

Once the malware has infected a smartphone, it always aims to spread one way or another:
Here are various malware that exist in the world of smartphones with a short description of each.

Viruses and trojans

Mobile ransomware is a type of malware that locks users out of their mobile devices in a pay-to-unlock-your-device ploy, it has grown by leaps and bounds as a threat category since 2014. Specific to mobile computing platforms, users are often less security-conscious, particularly as it pertains to scrutinizing applications and web links trusting the native protection capability of the mobile device operating system. Mobile ransomware poses a significant threat to businesses reliant on instant access and availability of their proprietary information and contacts. The likelihood of a traveling businessman paying a ransom to unlock their device is significantly higher since they are at a disadvantage given inconveniences such as timeliness and less likely direct access to IT staff. Recent ransomware attack has caused a stir in the world as the attack caused many of the internet connected devices to not work and companies spent a large amount to recover from these attacks.

Spyware

Below is a diagram which loads the different behaviors of smartphone malware in terms of their effects on smartphones:
We can see from the graph that at least 50 malware varieties exhibit no negative behavior, except their ability to spread.

Portability of malware across platforms

There is a multitude of malware. This is partly due to the variety of operating systems on smartphones. However attackers can also choose to make their malware target multiple platforms, and malware can be found which attacks an OS but is able to spread to different systems.
To begin with, malware can use runtime environments like Java virtual machine or the.NET Framework. They can also use other libraries present in many operating systems. Other malware carry several executable files in order to run in multiple environments and they utilize these during the propagation process. In practice, this type of malware requires a connection between the two operating systems to use as an attack vector. Memory cards can be used for this purpose, or synchronization software can be used to propagate the virus.

Countermeasures

The security mechanisms in place to counter the threats described above are presented in this section. They are divided into different categories, as all do not act at the same level, and they range from the management of security by the operating system to the behavioral education of the user. The threats prevented by the various measures are not the same depending on the case. Considering the two cases mentioned above, in the first case one would protect the system from corruption by an application, and in the second case the installation of a suspicious software would be prevented.

Security in operating systems

The first layer of security in a smartphone is the operating system. Beyond needing to handle the usual roles of an operating system on the device, it must also establish the protocols for introducing external applications and data without introducing risk.
A central paradigm in mobile operating systems is the idea of a sandbox. Since smartphones are currently designed to accommodate many applications, they must have mechanisms to ensure these applications are safe for the phone itself, for other applications and data on the system, and for the user. If a malicious program reaches a mobile device, the vulnerable area presented by the system must be as small as possible. Sandboxing extends this idea to compartmentalize different processes, preventing them from interacting and damaging each other. Based on the history of operating systems, sandboxing has different implementations. For example, where iOS will focus on limiting access to its public API for applications from the App Store by default, Managed Open In allows you to restrict which apps can access which types of data. Android bases its sandboxing on its legacy of Linux and TrustedBSD.
The following points highlight mechanisms implemented in operating systems, especially Android.
; Rootkit Detectors
; Process isolation
; File permissions
; Memory Protection
; Development through runtime environments

Security software

Above the operating system security, there is a layer of security software. This layer is composed of individual components to strengthen various vulnerabilities: prevent malware, intrusions, the identification of a user as a human, and user authentication. It contains software components that have learned from their experience with computer security; however, on smartphones, this software must deal with greater constraints.
; Antivirus and firewall
A mobile antivirus product would scan files and compare them against a database of known mobile malware code signatures.
; Visual Notifications
; Turing test
; Biometric identification

Resource monitoring in the smartphone

When an application passes the various security barriers, it can take the actions for which it was designed. When such actions are triggered, the activity of a malicious application can be sometimes detected if one monitors the various resources used on the phone. Depending on the goals of the malware, the consequences of infection are not always the same; all malicious applications are not intended to harm the devices on which they are deployed. The following sections describe different ways to detect suspicious activity.
; Battery
; Memory usage
; Network traffic
; Services
The various points mentioned above are only indications and do not provide certainty about the legitimacy of the activity of an application. However, these criteria can help target suspicious applications, especially if several criteria are combined.

Network surveillance

Network traffic exchanged by phones can be monitored. One can place safeguards in network routing points in order to detect abnormal behavior. As the mobile's use of network protocols is much more constrained than that of a computer, expected network data streams can be predicted, which permits detection of anomalies in mobile networks.
; Spam filters
; Encryption of stored or transmitted information
; Telecom network monitoring

Manufacturer surveillance

In the production and distribution chain for mobile devices, it is the responsibility of manufacturers to ensure that devices are delivered in a basic configuration without vulnerabilities. Most users are not experts and many of them are not aware of the existence of security vulnerabilities, so the device configuration as provided by manufacturers will be retained by many users. Below are listed several points which manufacturers should consider.
; Remove debug mode
; Default settings
; Security audit of apps
; Detect suspicious applications demanding rights
; Revocation procedures
; Avoid heavily customized systems
; Improve software patch processes

User awareness

Much malicious behavior is allowed by the carelessness of the user. Smartphone users were found to ignore security messages during application installation, especially during application selection, checking application reputation, reviews and security and agreement messages. From simply not leaving the device without a password, to precise control of permissions granted to applications added to the smartphone, the user has a large responsibility in the cycle of security: to not be the vector of intrusion. This precaution is especially important if the user is an employee of a company that stores business data on the device. Detailed below are some precautions that a user can take to manage security on a smartphone.
A recent survey by internet security experts BullGuard showed a lack of insight into the rising number of malicious threats affecting mobile phones, with 53% of users claiming that they are unaware of security software for Smartphones. A further 21% argued that such protection was unnecessary, and 42% admitted it hadn't crossed their mind. These statistics show consumers are not concerned about security risks because they believe it is not a serious problem. The key here is to always remember smartphones are effectively handheld computers and are just as vulnerable.
; Being skeptical
; Permissions given to applications
; Be careful
;Disconnect peripheral devices, that are not in use

Enable Android Device Encryption

Latest Android Smartphones come with an inbuilt encryption setting for securing all the information saved on your device. It makes it difficult for a hacker to extract and decipher the information in case your device is compromised. Here is how to do it,
Settings – Security – Encrypt Phone + Encrypt SD Card
; Ensure data
These precautions are measures that leave no easy solution to the intrusion of people or malicious applications in a smartphone. If users are careful, many attacks can be defeated, especially phishing and applications seeking only to obtain rights on a device.

Centralized storage of text messages

One form of mobile protection allows companies to control the delivery and storage of text messages, by hosting the messages on a company server, rather than on the sender or receiver's phone. When certain conditions are met, such as an expiration date, the messages are deleted.

Limitations of certain security measures

The security mechanisms mentioned in this article are to a large extent inherited from knowledge and experience with computer security. The elements composing the two device types are similar, and there are common measures that can be used, such as antivirus software and firewalls. However, the implementation of these solutions is not necessarily possible or at least highly constrained within a mobile device. The reason for this difference is the technical resources offered by computers and mobile devices: even though the computing power of smartphones is becoming faster, they have other [|limitations] than their computing power.
Furthermore, it is common to find that updates exist, or can be developed or deployed, but this is not always done. One can, for example, find a user who does not know that there is a newer version of the operating system compatible with the smartphone, or a user may discover known vulnerabilities that are not corrected until the end of a long development cycle, which allows time to exploit the loopholes.

Next Generation of mobile security

There is expected to be four mobile environments that will make up the security framework:
; Rich operating system: In this category will fall traditional Mobile OS like Android, iOS, Symbian OS or Windows Phone. They will provide the traditional functionality and security of an OS to the applications.
;Secure Operating System : A secure kernel which will run in parallel with a fully featured Rich OS, on the same processor core. It will include drivers for the Rich OS to communicate with the secure kernel. The trusted infrastructure could include interfaces like the display or keypad to regions of PCI-E address space and memories.
;Trusted Execution Environment : Made up of hardware and software. It helps in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS. It effectively acts as a firewall between the "normal world" and "secure world".
; Secure Element : The SE consists of tamper resistant hardware and associated software or separate isolated hardware. It can provide high levels of security and work in tandem with the TEE. The SE will be mandatory for hosting proximity payment applications or official electronic signatures. SE may connect, disconnect, block peripheral devices and operate separate set of hardware.
; Security Applications : Numerous security applications are available on App Stores providing services of protection from viruses and performing vulnerability assessment.

Books

*