On the Feasibility of Malware Attacks in Smartphone Platforms

  • Alexios Mylonas
  • Stelios Dritsas
  • Bill Tsoumas
  • Dimitris Gritzalis
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 314)

Abstract

Smartphones are multipurpose devices that host multiple and heterogeneous data. Their user base is constantly increasing and as a result they have become an attractive target for conducting privacy and security attacks. The attacks’ impact increases, when smartphone users tend to use their devices both for personal and business purposes. Moreover, application development in smartphone platforms has been simplified, in the platforms developers’ effort to attract more developers and increase its popularity by offering more attractive applications. In this paper we provide a comparative evaluation of the security level of well-known smartphone platforms, regarding their protection against simple malicious applications. We then study the feasibility and easiness of smartphone malware development by average programmers via an implementation case study. Our study proved that, under certain circumstances, all examined platforms could be used by average developers as privacy attack vector, harvesting data from the device without the users knowledge and consent.

Keywords

Smartphone Security Models Malware Evaluation Criteria 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adleman, L.: An Abstract Theory of Computer Viruses. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 354–374. Springer, Heidelberg (1990)Google Scholar
  2. 2.
    CISCO: Cisco 2011 Annual Security Report. Technical report (2011)Google Scholar
  3. 3.
    Cohen, F.: Computational aspects of computer viruses. Computers & Security 8(4), 297–298 (1989)CrossRefGoogle Scholar
  4. 4.
  5. 5.
    Egele, M., Kruegel, C., Kirda, E., Vigna, G.: Pios: Detecting privacy leaks in iOS applications. In: Network and Distributed System Security Symposium (2011)Google Scholar
  6. 6.
    Enck, W., Gilbert, P., Chun, G., Cox, P., Jung, J., McDaniel, P., Sheth, N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 1–6. USENIX Association (2010)Google Scholar
  7. 7.
  8. 8.
    Gartner: Competitive Landscape: Mobile Devices, Worldwide, 3Q10. Technical report (2010)Google Scholar
  9. 9.
    Gartner: Forecast: Mobile Application Stores, Worldwide, 2008-2014. Technical report (2010)Google Scholar
  10. 10.
    Gartner: Market Share: Mobile Communication Devices by Region and Country, 3Q11. Technical report (2011)Google Scholar
  11. 11.
    Hogben, G., Dekker, M.: Smartphones: Information security risks, opportunities and recommendations for users. Technical report, ENISA (December 2010)Google Scholar
  12. 12.
    Hypponen, M.: Malware goes mobile. Scientific American 295(5), 70–77 (2006)CrossRefGoogle Scholar
  13. 13.
  14. 14.
  15. 15.
    Kephart, J., White, S.: Directed-graph epidemiological models of computer viruses. In: Symposium on Research in Security and Privacy, pp. 343–359. IEEE Computer Society (1991)Google Scholar
  16. 16.
    Lineberry, A., Richardson, D., Wyatt, T.: These aren’t the permissions you ‘re looking for. Technical report, DEFCON (2010)Google Scholar
  17. 17.
    McAfee:2011 threats predictions. Technical report, McAfee (2010)Google Scholar
  18. 18.
    McDaniel, P., Enck, W.: Not so great expectations: Why application markets haven’t failed security. IEEE Security Privacy 8(5), 76–78 (2010)CrossRefGoogle Scholar
  19. 19.
  20. 20.
    Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D.: Smartphone security evaluation: The malware attack case. In: Samarati, P., Lopez, J. (eds.) International Conference of Security and Cryptography (SECRYPT 2011), pp. 25–36. SciTePress (2011)Google Scholar
  21. 21.
    Mylonas, A., Tsoumas, B., Dritsas, S., Gritzalis, D.: A Secure Smartphone Applications Roll-out Scheme. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2011. LNCS, vol. 6863, pp. 49–61. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  22. 22.
    Nachenberg, C.: A Window Into Mobile Device Security. Technical report, Symantec Security Response (2011)Google Scholar
  23. 23.
  24. 24.
  25. 25.
  26. 26.
  27. 27.
    Seriot, N.: iphone privacy. Technical report, Black Hat DC (2010)Google Scholar
  28. 28.
  29. 29.
    Theoharidou, M., Gritzalis, D.: Common body of knowledge for information security. IEEE Security & Privacy 5(2), 64–67 (2007)CrossRefGoogle Scholar
  30. 30.
    Weiser, M.: The computer for the 21st century. Scientific American 265(3), 94–104 (1991)CrossRefGoogle Scholar
  31. 31.
    Windows mobile device security model, http://msdn.microsoft.com/en-us/library/bb416353.aspx
  32. 32.
    Windows Phone OS Application Compatibility, http://msdn.microsoft.com/en-us/library/hh202996%28v=VS.92%29.aspx

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Alexios Mylonas
    • 1
  • Stelios Dritsas
    • 1
  • Bill Tsoumas
    • 1
  • Dimitris Gritzalis
    • 1
  1. 1.Information Security and Critical Infrastructure Protection Research Laboratory, Dept. of InformaticsAthens University of Economics & Business (AUEB)AthensGreece

Personalised recommendations