Abstract
Smartphones are multipurpose devices that host multiple and heterogeneous data. Their user base is constantly increasing and as a result they have become an attractive target for conducting privacy and security attacks. The attacks’ impact increases, when smartphone users tend to use their devices both for personal and business purposes. Moreover, application development in smartphone platforms has been simplified, in the platforms developers’ effort to attract more developers and increase its popularity by offering more attractive applications. In this paper we provide a comparative evaluation of the security level of well-known smartphone platforms, regarding their protection against simple malicious applications. We then study the feasibility and easiness of smartphone malware development by average programmers via an implementation case study. Our study proved that, under certain circumstances, all examined platforms could be used by average developers as privacy attack vector, harvesting data from the device without the users knowledge and consent.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Adleman, L.: An Abstract Theory of Computer Viruses. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 354–374. Springer, Heidelberg (1990)
CISCO: Cisco 2011 Annual Security Report. Technical report (2011)
Cohen, F.: Computational aspects of computer viruses. Computers & Security 8(4), 297–298 (1989)
DroidDream Becomes Android Market Nightmare, http://www.pcworld.com/businesscenter/article/221247/droiddream_becomes_android_market_nightmare.html
Egele, M., Kruegel, C., Kirda, E., Vigna, G.: Pios: Detecting privacy leaks in iOS applications. In: Network and Distributed System Security Symposium (2011)
Enck, W., Gilbert, P., Chun, G., Cox, P., Jung, J., McDaniel, P., Sheth, N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 1–6. USENIX Association (2010)
Exercising our remote application removal feature, http://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html
Gartner: Competitive Landscape: Mobile Devices, Worldwide, 3Q10. Technical report (2010)
Gartner: Forecast: Mobile Application Stores, Worldwide, 2008-2014. Technical report (2010)
Gartner: Market Share: Mobile Communication Devices by Region and Country, 3Q11. Technical report (2011)
Hogben, G., Dekker, M.: Smartphones: Information security risks, opportunities and recommendations for users. Technical report, ENISA (December 2010)
Hypponen, M.: Malware goes mobile. Scientific American 295(5), 70–77 (2006)
iOS Dev Center, http://developer.apple.com/devcenter/ios/
Java code signing keys, http://us.blackberry.com/developers/javaappdev/codekeys.jsp
Kephart, J., White, S.: Directed-graph epidemiological models of computer viruses. In: Symposium on Research in Security and Privacy, pp. 343–359. IEEE Computer Society (1991)
Lineberry, A., Richardson, D., Wyatt, T.: These aren’t the permissions you ‘re looking for. Technical report, DEFCON (2010)
McAfee:2011 threats predictions. Technical report, McAfee (2010)
McDaniel, P., Enck, W.: Not so great expectations: Why application markets haven’t failed security. IEEE Security Privacy 8(5), 76–78 (2010)
Mobile privacy, http://www.gsmworld.com/our-work/public-policy/mobile_privacy.html
Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D.: Smartphone security evaluation: The malware attack case. In: Samarati, P., Lopez, J. (eds.) International Conference of Security and Cryptography (SECRYPT 2011), pp. 25–36. SciTePress (2011)
Mylonas, A., Tsoumas, B., Dritsas, S., Gritzalis, D.: A Secure Smartphone Applications Roll-out Scheme. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2011. LNCS, vol. 6863, pp. 49–61. Springer, Heidelberg (2011)
Nachenberg, C.: A Window Into Mobile Device Security. Technical report, Symantec Security Response (2011)
Security and permissions, http://developer.android.com/guide/topics/security/security.html
Security for Windows Phone, http://msdn.microsoft.com/en-us/library/ff402533%28v=vs.92%29.aspx
Security overview, http://docs.blackberry.com/en/developers/deliverables/21091/Security_overview_1304155_11.jsp
Security policy settings, http://msdn.microsoft.com/en-us/library/bb416355.aspx
Seriot, N.: iphone privacy. Technical report, Black Hat DC (2010)
The security of b2b: Enabling an unbounded enterprise, http://www.forrester.com/rb/Research/security_of_b2b_enabling_unbounded_enterprise/q/id/56670/t/2
Theoharidou, M., Gritzalis, D.: Common body of knowledge for information security. IEEE Security & Privacy 5(2), 64–67 (2007)
Weiser, M.: The computer for the 21st century. Scientific American 265(3), 94–104 (1991)
Windows mobile device security model, http://msdn.microsoft.com/en-us/library/bb416353.aspx
Windows Phone OS Application Compatibility, http://msdn.microsoft.com/en-us/library/hh202996%28v=VS.92%29.aspx
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D. (2012). On the Feasibility of Malware Attacks in Smartphone Platforms. In: Obaidat, M.S., Sevillano, J.L., Filipe, J. (eds) E-Business and Telecommunications. ICETE 2011. Communications in Computer and Information Science, vol 314. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35755-8_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-35755-8_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35754-1
Online ISBN: 978-3-642-35755-8
eBook Packages: Computer ScienceComputer Science (R0)