Analysis of Smartphone Security Problem - Android and iPhone
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Analysis of Smartphone Security Problem - Android and iPhone
Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park
Analysis of Smartphone Security Problem - Android and iPhone
1
Yong-Tae Kim, 2Yoon-Su Jeong, and 3Gil-Cheol Park
1, First Author,3
Dept. of Multimedia Engineering, Hannam University, {ky7762, gcpark}@hnu.kr
*2,Corresponding Author,
Dept. of Information Communication Engineering, Mokwon Univversity,
bukmunro@mokwon.ac.kr
Abstract
Recently, the features of the smart phone is widely changed and it can be used anytime anywhere
such as in business affairs and it is easy to use to get information. But it is still problem leaking
business information, personal information to out in case of missing or losing the phone(being theft).
In this paper, firstly we identify the recent trends of smart phone's security threat and based on these
information we look in to the present progress of the security threat of smart phone. The surveyed
result by this paper and the data can be necessary to reduce security problems as much as possible, in
smart phones.
Keywords: Smartphone, Android, iPhone, Security
1. Introduction
These days the smart phone is basically a small portable computer which has features such as
calling, email, internet, e-book, etc. Due to the fast growth of smart phone market, the open
platform demands are increasing together with that and also the user's using method is changed
widely[1-5]. By recently launched smart phone, users can directly program an application
according to their requirements and also able to meet variance user's variance requirements.
However the smart phone has spread widely as never before and it need to develop the security
treat for the applications, platform, network, sever etc.
In this paper, firstly we identify the recent trends of smart phone's security threat and based
on these information we look in to the present progress of the security threat of smart phone. In
order to counteract analyzed result for smart phone's security threat, following steps must be
enhanced. First, it needs to introduce powerful and strategy policy in utilization. Second, the
management of smart phones and verifications of applications must be strengthened. Third,
related technologies to security strengthening must be rapidly developed. Forth, the operation
guidelines and the servers related to smart phone must be provided based on some rules and
regulations. Fifth, It needs to develop the security power and standards, guidelines according to
the spread of smart phones. Finally the research, experiments and industry and governance
system must be strengthened.
This paper is organized as follows. Section 2 analyze the utilization of smart phones in local
and international as well as malicious code status. In section 3, smart phone security threats are
classified, and in section 4, analyze corresponding status according to the smart phone security
threats. Finally, conclusion is presented in section 5.
2. Works Related
2.1. Smart phones usage in local and international
Locally there are 2600000 thousands of people use smart phone based Feb. 2012. 90% of
them are using iphone and android phones and among them, the number of android phone users
that connected to some bad works such as jailbreak, rooting, hacking, etc is greater than number
* This work was supported by the Security Engineering Research Center, granted by the Korea Ministry of Knowledge Economy
** This paper has been supported by 2013 Hannam University Research Fund.
International Journal of Advancements in Computing Technology(IJACT) 459
Volume 5, Number 11, July 2013
doi : 10.4156/ijact.vol5.issue11.57Analysis of Smartphone Security Problem - Android and iPhone
Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park
of iphone users that did same bad things. It shows that the percentage of jailbreaks increase as
using period is long[1].
The reasons for the jailbreak by using smart phones, paid application downloaded free and
every body has got some strong potential to use a smart phone as their personal preference. The
update of iOS version is greater than android version. The reason is that apple devices is
produced by a one mother company and their software also only provided by the mother
company. In case of android phones, they make hardwares and softer wares are produced
seperately and it takes little longer to update the OS than apple[6-10].
2.2. Malicious code status
The malicious code is used in case of collecting user information(SMS, GPS, etc),
information leakage, illegal billing etc[3]. In order to hack a smart phone that has a malicious
code, it needs such a advanced hacking technology that use like a foreign smart phone banking
etc. But locally, there are no any malicious code is discovered. However these days some
primary malicious code is discovering to prevent linking to financial fishing sites.
Table 1. Status of malicious code by major smartphone OS
Smartphone OS Malware Name Description
Outflow text messages in real time to any particular
SMS Relicator
user
SMS Send Induction charging occurs via text messages, etc.
Confirm smartphone location installed GPSSpy
Snake TabSnake and Transfer GPS information of user to a
Android specific server
Collect personoal information or specific device
Ewalls within smartphone and transfer to specific server.
Caused a number of similar progrmas.
Found in China, Transfer personal information to a
Geinimi
specific server.
Outgoing international calls to unauthorized cause
TreDial
unwanted billing
Windows Mobile
Windows Mobile's first virus infected executable
Duts
files, proof-of-concept virus
LKE Worm Malware of iPhone ’ s first, Change wallpaper,
operating jailbreak devices
Infected iPhone a wireless LAN connection, if
Privacy. A personal information (text messages, email, etc.)
iPhone remotely delivered
IPhone jailbreak program disguised as information
leakage type malware, Google Talk, MSN Messenger,
Agent.535552.F
Yahoo and other services, such as user ID and password
to log in to your account information leakage
3. Smart phone security threats
There are many researches going on in local and international research institutes in order to
develop security threat of smart phones, and also they classify the security procedure that users
and providers must consider based on malicious code and 0-day method , etc. In order to
prevent such things like hacking, illegal billing etc, many researches are done in NIST, ENISA,
ITU-T, FSA, NIPA and it show in table 2[11-15].
460Analysis of Smartphone Security Problem - Android and iPhone
Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park
Table 2. Classification of Smartphone Security Threat
Division Security (details) threats
Unauthorized access, malware, electronic eavesdropping (S / W),
Smart phone itself
information leakage, and platform (app) forgery
Platform (firmware), forgery, malicious code entering, information
Work with PC
disclosure
Access to a fake AP induction, data surveillance, tampering, denial of
Network
service attacks
Server Malicious code distribution, remote control, phishing, pharming, spam
Interworking between
External Interface
smartphones
Etc Lost, stolen
Among the smart phone security methods, the malicious code method is observing
continuously and specialized method needs for each security threats. malicious code threat can
be classified as two component, fishing-farming and physical threat , etc. The fishing-farming is
typically occurs in internet, while physical threat typical for visa phone. The smart phone can be
used for internet and as a visa phone too. So it is possible to have these two threat in smart
phone.
4. Corresponding status of smart phone security
Recently, the security system in the smart phone may similar to PC security system or it can
be advanced than that. However the new issues about smartphone security threat is rising. The
new issues mentioned above can be classified in to two parts[16-18].
Table 3. Classification of Smartphone Security Threat
Environmental aspects of service Corresponding technical aspects
· Continuous bypass techniques on how to
jailbreak
· Important module update (firmware and OS, · 0-day attacks, smartphone, technology,
etc.), such as security awareness on the need and modulation due to the increase in financial apps,
complexity of the technical and managerial Rootkit value cut through the touch events, and other
limitations derived various malware increases in Kernel Mode
· Critical modules (firmware, etc.) through the · Non-compliance with a standardized security
update over the absence of symptoms and the need technology in the development of sporadic technical
for recognition complexity of the program increases
· Critical modules (firmware, etc) updates · Due to the limited resource environment,
applied and enhanced security awareness on the smartphone security technology implementation
importance nanjet difficulties of high-intensity
· A variety of smartphone features that require · Black list, mobile phone theft by fraud schemes
the user's situation, an increase in self-jailbreak and the difficulty of managing important information
· Financial apps absence of a centralized
management point
In order to respond to smartphone security threats, Financial Supervisory Service (FSS) and
KISA are offer technical requirement in smartphone environment such as table 4 to based on a
technical point of view(corresponding technologies and management techniques in part).
461Analysis of Smartphone Security Problem - Android and iPhone
Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park
Table 4. Classification of Smartphone Security Threat
Apply security Technical Practices related
Ongoing security issues
technology Considerations technologies
One user to encrypt data onprotection technology of
the device, the input media Data processing and
H / W support, such as
Apply encryption and data processing page (or handling area code
virtualization technical
program) the integrity of the (handling the location /
infringement area)
Using the keypad, the
fragility of the security data, Trusted I / O functions
input protection of H / W
Apply security keypad hacking techniques, such as (physical I / O
level, medium-level
exposure and discoverability separation)
forgery
Sophisticated logical attack
Certificate and two- Deal signed technical
(MITM, MITMB etc.)Technology to ensure the
channel authentication performed in secure
hacking techniques used to integrity of transactions
function media / space
discover potential
HW-level platform
integrity verification, and
Routing, to prevent escape,
management capabilities
Operating forgery, App App integrity protection
to support the App in theSupports Trusted
integrity verification technology found hack to
financial process and Platform technology
capabilities bypass the possibility of
guarantee the protection
continuous
of the main module
technology
Verify the effectiveness
of the core functionality
Services for the management financial services
Lost, Stolen terminal needed, financial
of their own security, rather management Technology
management transaction services for
than a terminal function of smart terminals
the management of
requirements definition
The table 4 shows that, in order to improve the security in smart phones, there are some
hardware technologies that must be set. The hardware level security should not be set up blindly.
To adopt threat technologies in hardware level, the following verifications are required.
Requirements, technical utilization, technical effect, infrastructure and well mutual
understanding between sectors.
5. Conclusion
The accident damages due to weak security of Smart Phone increases as the services utilizing the
It is a problem that leaking business information, personal information to out in case of missing or
losing the phone(being theft). In this paper, we identified the recent trends of smart phone's security
threat and based on these information we looked in to the present progress of the security thereat of
smart phone. The surveyed result by this paper and the data can be necessary to reduce security
problems as much as possible, in smart phones. Our next plan is to research on technologies of smart
phone security threat.
References
[1] KOREA COPYRIGHT COMMISION, “Research on status of copyright violations from mobile
equipment and setting up countermeasures”, KOREA COPYRIGHT COMMISION, Dec. 2011.
[2] ASEC Report, Ahn Lab., Mar. 2012.
[3] Network Tiems, “Implementation of mobile office – security measures established ‘top’”, Network
Times, Mar. 2011.
[4] NIST, Guidelines on Cell Phone and PDA Security, NIST, Oct. 2008.
[5] ‘Smartphones information security risks, opportunities and recommendations for users’, ENISA,
Dec. 2010.
462Analysis of Smartphone Security Problem - Android and iPhone
Yong-Tae Kim, Yoon-Su Jeong, Gil-Cheol Park
[6] ITU-T, “Security aspects of mobile phones”, ITU-T, Apri. 2011.
[7] Financial Security Agency, “Smartphone security guide of financial sector”, Financial Security
Agency, Dec. 2010.
[8] NIPA, “Information security technology trends smartphone”, NIPA, Sep. 2011.
[9] ETNews, “Real-time interception of key values ‘Android smartphone key logger’ appearance”,
Electronic Times News, Nov. 2011.
[10] Security News, “Bank transfer Possibility through real smartphone bank hacking!!”, Security
News. Dec. 2010.
[11] Security News, “Outsmarted vaccine ‘super smart phone malware’ potential has been proven”,
Security News, May. 2012.
[12] C. S. Park, “Security measures for the implementation of secure mobile services, Seoul Womens
University”, Jun. 2010.
[13] CIO Report, “Security issues and response strategies of smart phones and mobile office”, NIA,
Vol. 26, Oct. 2010.
[14] Magic Quadrant for Mobile Data Protection, Gartner, Sep. 2011.
[15] D. H. Bae, “Study on SecureSMS own authentication Scheme in mobile environment”, Korea
Internet & Security Agency, Nov. 2010.
[16] H. S. Kim and Y. E. Choi, “Security issues and outlook of the mobile ecosystem”, TTA Journal,
no. 243, pp. 49-53, 2010.
[17] D. H. Kang, J. H. Han, Y. K. Lee, Y. S. Cho, S. W. Han, J. N. Kim, H. S. Cho, “Smartphone
Threats and Security Technologyh”, ETRI, Vol. 25, No. 3, pp. 72-80, Jun. 2010.
[18] KISA, “Study on development of smartphone based malicious code collection and analysis
platform”, KISA, Dec. 2010.
463You can also read
