19-12-2012, 05:44 PM
Emerging Security Threats for Mobile Platforms
1Emerging Security.pdf (Size: 775.93 KB / Downloads: 66)
Abstract
The proliferation of smart-phone devices, with
ever advancing technological features, has brought the issue
of mobile device security back into focus. Mobile devices are
rapidly becoming attractive targets for malicious attacks
due to significant advances in both hardware and operating
systems. The modern mobile platforms, like Android, iOS
and Symbian, increasingly resemble traditional operating
systems for PCs. Therefore, the challenges in enforcing
smart-phone security are becoming similar to those present
in PC platforms. By installing malicious content, smartphones
can be infected with worms, trojan horses or other
virus families, which can compromise user’s security and
privacy or even gain complete control over the device. Such
malicious content can easily spread due to advances in
mobile network technologies which provide smart-phones
with capability of constant Internet connection over 3G or
Wi-Fi networks. Additionally, the improvements in smartphone
features introduce new types of security concerns. By
compromising mobile OS, malicious applications can access
voice-recording devices, cameras, intercept SMS messages
or gain location information.
INTRODUCTION
In recent years the expanding mobile hand-held device
market is becoming an increasingly attractive target for
malicious attacks. According to recent security reports
[1][2], the number of possible malicious exploits and
executed attacks is going to surge in 2011. This trend can
be attributed to two key factors: the ever increasing user
base and the emergence of smart-phone technology. The
size of mobile device market is clearly visible from the
latest reports issued by the ITU [3] which indicate that by
the end of the 2010 there will be an estimated 5.3 billion
mobile phone users in the world. Although malicious
exploits for mobile phones have been steadily developing
over the last decade [4][5], the constraints in both
hardware and operating systems have limited the attacks
both in their scale and impact. Therefore, the endorsement
of smart-phone technology, which provides more
computing power and functionality, is proving to be a
turning point in development of malicious exploits for
mobile hand-held devices.
THREAT MODEL FOR MOBILE PLATFORMS
In order to present a broad overview of challenges
facing mobile devices’ security, we present an attackercentric
threat model for mobile platforms. We analyze
attacker’s goals and motives as well as delivery methods
and attack strategies. Therefore, the threat model is
divided into three sections: attack goals, attack vectors and
mobile malware.
Attack Goals
In this subsection we present three basic motives for
breaching mobile device’s security. The first two goals
described are covert, while the latter is harmful. Covert
approach to executing an attack is to perform malicious
operations while avoiding user’s detection. The goal of
such attacks is to disrupt the operation of the device as
little as possible while performing activities useful to the
attacker. On the other hand, harmful attacks are aimed at
disrupting the normal operation of a mobile device.
Collect Private Data
Since the mobile devices are in effect becoming
storage units for personal data, they are an attractive target
for breaching user’s privacy. The attackers target both the
confidentiality and integrity of stored information. A
successfully executed attack can empower the attacker
with ability to read SMS and MMS messages, e-mail
messages, call logs and contact details. Furthermore, the
attacker can intercept or send fake SMS, forward e-mails
to alternative inboxes, and access the information from
personal organizers and calendars. Additional information
can be gathered by reading Instant Messaging client logs,
data stored by applications used to access social networks
or data stored by browsers. Any other data located in
device’s memory or on SD card, like documents, photos
or videos, could also be compromised [8].
ANDROID SECURITY MODEL
Android is an application execution platform for
mobile devices comprised out of an operating system, core
libraries, development framework and basic applications
[15]. Android operating system is built on top of a Linux
kernel. The Linux kernel is responsible for executing core
system services such as: memory access, process
management, access to physical devices through drivers,
network management and security. Atop the Linux kernel
is the Dalvik virtual machine along with basic system
libraries. The Dalvik VM is a register based execution
engine used to run Android applications. In order to
access lower level system services, the Android provides
an API through afore mentioned C/C++ system libraries.
In addition to the basic system libraries, the development
framework provides access the top level services, like
content providers, location manager or telephony
manager.
EXAMPLE OF A MALICIOUS APPLICATION
In order to demonstrate how malicious content could
be spread and used to extract sensitive information, we
present a simple malicious application for the Android
platform. We focus on the permission based security
model implemented by the Android since one of the key
security factors is the user himself. Since the Android is
an open platform, which enforces security by sandboxing
applications, it provides the users with the opportunity to
install applications from various untrusted sources.
Therefore, fooling a user into installing malicious content
is an important attack strategy to consider
CONCLUSION
Recent advancements in mobile technology have
brought the mobile devices into focus of malicious
attacks. The trends show a severe increase in mobile
malware as many threats, designed for PC operating
systems, migrate to mobile platforms.
In this paper we presented an attacker-centric threat
model for mobile platforms. We analyzed attacker’s goals,
attack vectors and attack strategies. Furthermore, we
presented the security models implemented by two widely
spread mobile platforms: the Google Android and Apple
iOS. The two platforms have distinctly different
approaches in dealing with security issues.