TY - GEN
T1 - Smartphone security evaluation - The malware attack case
AU - Mylonas, Alexios
AU - Dritsas, Stelios
AU - Tsoumas, Bill
AU - Gritzalis, Dimitris
PY - 2011
Y1 - 2011
N2 - The adoption of smartphones, devices transforming from simple communication devices to 'smart' and multipurpose devices, is constantly increasing. Amongst the main reasons are their small size, their enhanced functionality and their ability to host many useful and attractive applications. However, this vast use of mobile platforms makes them an attractive target for conducting privacy and security attacks. This scenario increases the risk introduced by these attacks for personal mobile devices, given that the use of smartphones as business tools may extend the perimeter of an organization's IT infrastructure. Furthermore, smartphone platforms provide application developers with rich capabilities, which can be used to compromise the security and privacy of the device holder and her environment (private and/or organizational). This paper examines the feasibility of malware development in smartphone platforms by average programmers that have access to the official tools and programming libraries provided by smartphone platforms. Towards this direction in this paper we initially propose specific evaluation criteria assessing the security level of the well-known smartphone platforms (i.e. Android, BlackBerry, Apple iOS, Symbian, Windows Mobile), in terms of the development of malware. In the sequel, we provide a comparative analysis, based on a proof of concept study, in which the implementation and distribution of a location tracking malware is attempted. Our study has proven that, under circumstances, all smartphone platforms could be used by average developers as privacy attack vectors, harvesting data from the device without the users knowledge and consent.
AB - The adoption of smartphones, devices transforming from simple communication devices to 'smart' and multipurpose devices, is constantly increasing. Amongst the main reasons are their small size, their enhanced functionality and their ability to host many useful and attractive applications. However, this vast use of mobile platforms makes them an attractive target for conducting privacy and security attacks. This scenario increases the risk introduced by these attacks for personal mobile devices, given that the use of smartphones as business tools may extend the perimeter of an organization's IT infrastructure. Furthermore, smartphone platforms provide application developers with rich capabilities, which can be used to compromise the security and privacy of the device holder and her environment (private and/or organizational). This paper examines the feasibility of malware development in smartphone platforms by average programmers that have access to the official tools and programming libraries provided by smartphone platforms. Towards this direction in this paper we initially propose specific evaluation criteria assessing the security level of the well-known smartphone platforms (i.e. Android, BlackBerry, Apple iOS, Symbian, Windows Mobile), in terms of the development of malware. In the sequel, we provide a comparative analysis, based on a proof of concept study, in which the implementation and distribution of a location tracking malware is attempted. Our study has proven that, under circumstances, all smartphone platforms could be used by average developers as privacy attack vectors, harvesting data from the device without the users knowledge and consent.
KW - Attack
KW - Evaluation criteria
KW - Malware
KW - Security
KW - Smartphone
UR - http://www.scopus.com/inward/record.url?scp=80052493767&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:80052493767
SN - 9789898425713
T3 - SECRYPT 2011 - Proceedings of the International Conference on Security and Cryptography
SP - 25
EP - 36
BT - SECRYPT 2011 - Proceedings of the International Conference on Security and Cryptography
T2 - International Conference on Security and Cryptography, SECRYPT 2011
Y2 - 18 July 2011 through 21 July 2011
ER -