Security Vulnerabilities of Mobile Devices Tutorial for Advanced

  • What makes mobile devices less vulnerable to malware  and Android’s “Verify Apps” security scanner
  • Protection provided by sandboxing the apps
  • Security provided by over-the-air encryption for cellular communications with a Python implementation of A5/1 cipher
  • Side-channel attacks on specialized mobile devices
  • Examples of side-channel attacks: fault injection attacks and timing attacks
  • Python scripts for demonstrating fault injection and timing attacks
  • USB devices as a source of deadly malware
  • Mobile IP

Learning the Security Vulnerabilities of Mobile Devices

Mobile technology, such as cellphones, smartphones, smartcards, tablets, navigational devices, memory sticks, etc., has now impacted almost every aspect of daily life. Smartphones used to be mostly used for talking. Still, now they are used for almost everything, including cameras, music players, news readers, email clients, web browsers, navigational aids, banking apps, social media platforms, and, of course, as boarding passes when flying.

It's clear that people often store private and sensitive information on their mobile devices, which in the past would have been kept safe at home, played a role in the justices' decision. Given this modern fact, it's not surprising that people who make and spread malware are focusing more attention on mobile devices.

Malware makers are drawn to mobile devices because they can contain sensitive information that an attacker could use to make money, gain political power, break into a corporate network, etc.

As you might anticipate, many of the attack techniques used on mobile devices are also used on more traditional computing devices like desktops, laptops, etc., with one very significant exception: A non-mobile host is typically directly connected to the internet, unless it is part of a private network, where it is constantly vulnerable to hacking attempts made using software that scans large sections of IP address blocks for vulnerable hosts. That is to say, in addition to targeted attacks involving social engineering and other techniques, a non-mobile host connected to the internet also has to deal with untargeted attacks from cybercriminals looking to find hosts (regardless of location) on which to install their malware.

On the other hand, in most cases, when mobile devices are connected to cellular networks, outsiders can only access them through gateways that the cellphone companies strictly regulate. As a result, it is unlikely that a mobile device you own will be affected by the software used in a fly-by-night attack. It's not surprising that malware infection rates in the mobile OS are lower than in the desktop OS because cellular company gateways, encrypted connections with servers that want your private information, online app stores that check apps for security flaws before making them available to you, and the likelihood that a mobile OS will run apps in a sandbox protect them.

However, just like more conventional computing devices like desktops and laptops, mobile devices are equally susceptible to social engineering attacks. A mobile device could be hacked using common network attacks without social engineering if it has unpatched software with known vulnerabilities. In addition, some more specialized mobile devices, in particular smartcards, may be susceptible to attacks that fall under the umbrella of "side-channel attacks. The effectiveness of these attacks depends on the adversary's ability to physically control a mobile device and subject it to examination that either treats it as a block box and applies various types of inputs, or, if possible, directly examines it at the hardware/circuit level. In 2008, Karsten Nohl demonstrated how he could directly crack the encryption in Mifare smartcards during a Black Hat talk.

Before going on with the rest of this lecture, I'll review some of the most important findings from Google's 2016 Android security report.

After that, I'll talk about sandboxing apps, which is a great way to protect a mobile device from malicious apps.

After that, I'll go over the A5/1 algorithm, which has been widely used in GSM (2G) cellphone networks worldwide for encrypting over-the-air voice and SMS data. One of the best examples of what can happen when people choose to implement security through obscurity is this algorithm. For many years, cellphone providers kept this algorithm a secret. The algorithm eventually leaked, as is almost always true with such things. The algorithm was revealed to have almost no security as soon as it entered the public domain.

Following that, I'll explain what side-channel attacks entail. As previously mentioned in this section, specialized mobile devices, such as smartcards, are especially susceptible to these attacks. I'll provide my Python implementations for some of the more typical types of such attacks to further help clarify how one can construct such attacks.

Finally, I'll talk about a topic that's been getting a lot of attention in the news lately: how easy it is for malware infections to spread through USB devices like memory sticks, and why most anti-virus tools can't find them.

Description : Download course Security Vulnerabilities of Mobile Devices, Computer and Network Security, free PDF ebook.
Level : Advanced
Created : November 27, 2017
Size : 407.9 KB
File type : pdf
Pages : 92
Author : Avinash Kak, Purdue University
Downloads : 10020

Related Security Vulnerabilities of Mobile Devices PDF eBooks

Tips and tricks for Android devices

The Tips and tricks for Android devices is a beginner level PDF e-book tutorial or course with 4 pages. It was added on April 24, 2015 and has been downloaded 9192 times. The file size is 167.34 KB. It was created by the university of waikato.


Interconnecting Cisco Networking Devices (ccna) Part1

The Interconnecting Cisco Networking Devices (ccna) Part1 is a beginner level PDF e-book tutorial or course with 99 pages. It was added on October 13, 2017 and has been downloaded 9403 times. The file size is 868.75 KB. It was created by Firebrand.


Interconnecting Cisco Networking Devices (ccna) Part2

The Interconnecting Cisco Networking Devices (ccna) Part2 is an intermediate level PDF e-book tutorial or course with 99 pages. It was added on October 13, 2017 and has been downloaded 6536 times. The file size is 1.09 MB. It was created by Firebrand.


Mobile Phone Repair and Maintenance

The Mobile Phone Repair and Maintenance is an intermediate level PDF e-book tutorial or course with 49 pages. It was added on November 23, 2017 and has been downloaded 65431 times. The file size is 679.81 KB. It was created by Commonwealth of Learning.


Global System for Mobile Communication (GSM)

The Global System for Mobile Communication (GSM) is an intermediate level PDF e-book tutorial or course with 19 pages. It was added on December 8, 2016 and has been downloaded 2426 times. The file size is 193.16 KB. It was created by The International Engineering Consortium.


Building a mobile application using the Ionic framework

The Building a mobile application using the Ionic framework is an intermediate level PDF e-book tutorial or course with 49 pages. It was added on October 30, 2018 and has been downloaded 2609 times. The file size is 1.14 MB. It was created by Keivan Karimi.


A Framework for Model-Driven of Mobile Applications

The A Framework for Model-Driven of Mobile Applications is an advanced level PDF e-book tutorial or course with 352 pages. It was added on May 6, 2019 and has been downloaded 1397 times. The file size is 11.8 MB. It was created by Steffen Vaupel.


Home computer security

The Home computer security is an advanced level PDF e-book tutorial or course with 38 pages. It was added on December 16, 2012 and has been downloaded 8292 times. The file size is 242.44 KB. It was created by Carnegie Mellon University.