What is smart phone?
A smart phone is a mobile phone with more advanced computing capability and connectivity than basic feature phones. Early smartphones typically combined the features of a mobile phone with those of another popular consumer device, such as a personal digital assistant (PDA), a media player, a digital camera, or a GPS navigation unit. Modern smartphones include all of those features plus the features of a touchscreen computer, including web browsing, Wi-Fi, and 3rd-party apps. More and more users and businesses use smartphones as communication tools but also as a means of planning and organizing their work and private life.
Why Mobile Security is talked much around the globe?
Mobile security or mobile phone security has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal and business information now stored on smartphones. All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication like Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), Wi-Fi networks, Bluetooth and GSM.
Targets for mobile attacks
A smartphone user is exposed to various threats when they use their phone.
There are three prime targets for attackers:
Data : smartphones are devices for data management, therefore they may contain sensitive data like credit card numbers, authentication information, private information, activity logs (calendar, call logs).
Identity : smartphones are highly customizable, so the device or its contents are associated with a specific person. For example, every mobile device can transmit information related to the owner of the mobile phone contract, and an attacker may want to steal the identity of the owner of a smartphone to commit other offenses.
Availability: by attacking a smartphone one can limit access to it and deprive the owner of the service.
Who are the mobile attackers?
The source of these attacks are the same actors found in the non-mobile computing space:
Professionals, whether commercial or military, who focus on the three targets mentioned above. They steal sensitive data from the general public, as well as undertake industrial espionage. They will also use the identity of those attacked to achieve other attacks.
Thieves who want to gain income through data or identities they have stolen. The thieves will attack many people to increase their potential income.
Black hat hackers who specifically attack availability. Their goal is to develop viruses, and cause damage to the device. In some cases, hackers have an interest in stealing data on devices.
Grey hat hackers who reveal vulnerabilities. Their goal is to expose vulnerabilities of the device. Grey hat hackers do not intend on damaging the device or stealing data.
How attackers threats Mobile Security?
When a smartphone is infected by an attacker, the attacker can attempt several things: Attacker can communicate and send commands which will be used to send unsolicited messages (spam) via sms or email The attacker can easily force the smartphone to make phone calls. A compromised smartphone can record conversations between the user and others and send them to a third party. This can cause user privacy and industrial security problems An attacker can also steal a user’s identity to place orders, view bank accounts, etc
Following are various types of attacks:
Attacks based on vulnerabilities in Software applications
Web browser : Jailbreaking the iPhone was based entirely on vulnerabilities on the web browser.
Operating System: A computer being secure depends on a number of technologies working properly. A modern operating system provides access to a number of resources, which are available to software running on the system, and to external devices like networks via the kernel.
Attacks based on communication
SMS : Some mobile phone models have problems in managing binary SMS messages. It is possible, by sending an ill-formed block, to cause the phone to restart, leading to denial of service attack.
MMS : Another potential attack could begin with a phone that sends an MMS to other phones, with an attachment. This attachment is infected with a virus.
GSM : The attacker may try to break the encryption of the mobile network.
Bluetooth : The attacker sends a file via Bluetooth. If the recipient accepts, a virus is transmitted. Various unregistered services do not require authentication, and vulnerable applications have a virtual serial port used to control the phone. An attacker only needed to connect to the port to take full control of the device.
Wi-Fi : An attacker can try to eavesdrop on Wi-Fi communications to derive information such as username and password