Mobile security or mobile phone security has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones.
More and more users and businesses employ smartphones as communication tools, but also as a means of planning and organizing their work and private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company.
All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication like Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), Wi-Fi networks, Bluetooth and GSM, the de facto global standard for mobile communications. There are also attacks that exploit software vulnerabilities from both the web browser and operating system. Finally, there are forms of malicious software that rely on the weak knowledge of average users.
Different security counter-measures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps.
Challenges of mobile security
A smartphone user is exposed to various threats when they use their phone. In just the last two quarters of 2012, the number of unique mobile threats grew by 261%, according to ABI Research. These threats can disrupt the operation of the smartphone, and transmit or modify user data. For these reasons, the applications deployed there must guarantee privacy and integrity of the information they handle. In addition, since some apps could themselves be malware, their functionality and activities should be limited (for example, restricting the apps from accessing location information via GPS, blocking access to the user's address book, preventing the transmission of data on the network, sending SMS messages that are billed to the user, etc.).
There are three prime targets for attackers:
- Data: smartphones are devices for data management, therefore they may contain sensitive data like credit card numbers, authentication information, private information, activity logs (calendar, call logs);
- Identity: smartphones are highly customizable, so the device or its contents are associated with a specific person. For example, every mobile device can transmit information related to the owner of the mobile phone contract, and an attacker may want to steal the identity of the owner of a smartphone to commit other offenses;
- Availability: by attacking a smartphone one can limit access to it and deprive the owner of the service.
The source of these attacks are the same actors found in the non-mobile computing space:
Professionals, whether commercial or military, who focus on the three targets mentioned above. They steal sensitive data from the general public, as well as undertake industrial espionage. They will also use the identity of those attacked to achieve other attacks;
Thieves who want to gain income through data or identities they have stolen. The thieves will attack many people to increase their potential income;
Black hat hackers who specifically attack availability. Their goal is to develop viruses, and cause damage to the device. In some cases, hackers have an interest in stealing data on devices.
Grey hat hackers who reveal vulnerabilities. Their goal is to expose vulnerabilities of the device. Grey hat hackers do not intend on damaging the device or stealing data.
When a smartphone is infected by an attacker, the attacker can attempt several things:
- The attacker can manipulate the smartphone as a zombie machine, that is to say, a machine with which the attacker can communicate and send commands which will be used to send unsolicited messages (spam) via sms or email;
- The attacker can easily force the smartphone to make phone calls. For example, one can use the API (library that contains the basic functions not present in the smartphone) PhoneMakeCall by Microsoft, which collects telephone numbers from any source such as yellow pages, and then call them. But the attacker can also use this method to call paid services, resulting in a charge to the owner of the smartphone. It is also very dangerous because the smartphone could call emergency services and thus disrupt those services;
- A compromised smartphone can record conversations between the user and others and send them to a third party. This can cause user privacy and industrial security problems;
- An attacker can also steal a user's identity, usurp their identity (with a copy of the user's sim card or even the telephone itself), and thus impersonate the owner. This raises security concerns in countries where smartphones can be used to place orders, view bank accounts or are used as an identity card;
- The attacker can reduce the utility of the smartphone, by discharging the battery. For example, they can launch an application that will run continuously on the smartphone processor, requiring a lot of energy and draining the battery. One factor that distinguishes mobile computing from traditional desktop PCs is their limited performance. Frank Stajano and Ross Anderson first described this form of attack, calling it an attack of "battery exhaustion" or "sleep deprivation torture";
- The attacker can prevent the operation and/or starting of the smartphone by making it unusable. This attack can either delete the boot scripts, resulting in a phone without a functioning OS, or modify certain files to make it unusable (e.g. a script that launches at startup that forces the smartphone to restart) or even embed a startup application that would empty the battery;
- The attacker can remove the personal (photos, music, videos, etc.) or professional data (contacts, calendars, notes) of the user.
Tawaran Khas untuk lepasan SPM/STPM/STAM/Diploma/Matrikulasi/Asasi Sempena Ulang Tahun ke 20 ICYM
- Biasiswa Penginapan dan Pengangkutan bagi Program Diploma dan Ijazah
- Pembiayaan/Penajaan Penuh daripada PTPK bagi Program Sijil
Foundation / Diploma Foundation In Information Technology Foundation In Management Diploma In Entrepreneurship Diploma In Marketing Diploma In Accountancy Diploma In Islamic Financial Planning Diploma In Culinary Arts Diploma In Hotel Management Diploma In Tourism Management Diploma In Animation Technology Diploma In Media Technology Diploma In Theatrical Arts And Technology Diploma In Multimedia Technology Diploma In Information Technology Diploma In Computer Networking Diploma In Cyber Security Diploma In Electrical Technology Diploma In Industrial Electronic Technology Diploma In Early Childhood Education Diploma In Guidance & Counseling Diploma In Aircraft Maintenance Technology Kerjasama Universiti Teknologi Malaysia Diploma In Technology Management (UTM) Diploma In Technology Management (Accounting) (UTM) Diploma In Computer Science (Information Technology) (UTM) Sarjana Muda Sains (Pembangunan Sumber Manusia) (UTM) Sarjana Muda Pengurusan (Pemasaran) (UTM) Sarjana Muda Sains Komputer (Perisian Grafik & Multimedia) (UTM) Sarjana Muda Sains Komputer (Rangkaian & Keselamatan) (UTM) Professional License Aircraft Maintenance License Technician (AML-T) DCAM-PT-66 CAT A1 Aircraft Maintenance License Engineer (AML-E) DCAM-PT-66 CAT B1-1 Sijil Kemahiran Malaysia (SKM) / Short Course Lukisan Pelan Senibina / Juruteknik Elektrik / Teknologi Automotif / Pembuatan Pastri Program Tajaan Ground Handling Management (GHM) PTPTN Bahagian Pengurusan Kemasukan Pelajar UPU KWSP YAYASAN PENERAJU UPEN PTPK TAPEM YAYASAN NEGERI ZAKAT MARA UNIVERSITI ISLAM ANTARABANGSA MALAYSIA (IIUM) UNIVERSITI KEBANGSAAN MALAYSIA (UKM) UNIVERSITI KEBANGSAAN MALAYSIA (UKM) UNIVERSITI MALAYA UNIVERSITI MALAYSIA KELANTAN (UMK) UNIVERSITI MALAYSIA PAHANG (UMP) UNIVERSITI MALAYSIA PERLIS (UNIMAP) UNIVERSITI MALAYSIA SABAH (UMS) UNIVERSITI MALAYSIA SARAWAK (UNIMAS) (KOTA SAMARAHAN) UNIVERSITI MALAYSIA TERENGGANU (UMT) UNIVERSITI PENDIDIKAN SULTAN IDRIS (UPSI) UNIVERSITI PERTAHANAN NASIONAL MALAYSIA UNIVERSITI PUTRA MALAYSIA (UPM) UNIVERSITI SAINS ISLAM MALAYSIA (USIM) UNIVERSITI SAINS MALAYSIA (USM) UNIVERSITI SULTAN ZAINAL ABIDIN (UNISZA) UNIVERSITI TEKNIKAL MALAYSIA MELAKA (UTEM) UNIVERSITI TEKNOLOGI MALAYSIA (UTM) UNIVERSITI TEKNOLOGI MARA UNIVERSITI TUN HUSSEIN ONN MALAYSIA (UTHM) UNIVERSITI UTARA MALAYSIA (UUM)