Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Conclusion
References
All Topics
Computer Science
Cybersecurity

Mobile Devices Vulnerabilities

Profile image of minhaz chowdhuryminhaz chowdhury

EPiC Series in Computing

https://doi.org/10.29007/KG5J
visibility

description

10 pages

link

1 file

Abstract

With the increase in popularity of mobile devices for personal and business reasons, they have become even more attractive targets to malicious actors. There are many vulnerabilities with any mobile device, though some environments, features, and operating systems are at higher risk than others for certain attacks. This paper discusses such vulnerabilities, including the elements that allow them, methods of exploiting them, and one might combat attacks on mobile devices.

Related papers

A Survey on Security for Mobile Devices A Survey on Security for Mobile Devices
Jean Pierre Tello

Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has significantly increased due to the different form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research field is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011, by focusing on high-level attacks, such those to user applications. We group existing approaches aimed at protecting mobile devices against these classes of attacks into different categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach.

View PDFchevron_right
Mobile Device Cyber Security
VANDANA ROHOKALE

Springer Series in Wireless Technology, 2019

In 21st century, we all live a fast life as we are surrounded by the technology which made our lives easy and comfortable. A mobile device is a huge invent of technology. In this era, we are totally dependent on mobile devices. Mobile devices have gained lot of popularity because of its portability and high performance. It is a handheld device which occupies everything in it like entertainment, business, shopping and many more. As human beings are continuously using these devices so to make the significant use of these devices is our utmost priority. We store confidential data on it but at the same time security of this device is very important. So in this chapter we will discuss about the major threats and solutions to overcome threats.

View PDFchevron_right
Mobile Data Vulnerabilities
Alin Zamfiroiu

Proceedings of the 18th International Conference on INFORMATICS in ECONOMY Education, Research and Business Technologies, 2019

Mobile devices are very popular today and also the mobile applications market. The mobile operating market is shared among Android and iOS. Mobile applications are built natively for these operating systems or are Web-based. No matter the platform, there are user data managed by the mobile applications and transferred on external servers. These data are exposed to attacks and the developers should be always concerned about the security issues related to their systems. In this paper we analyze the vulnerabilities related to mobile applications and we propose several countermeasures, in order to eliminate or to mitigate the security risks.

View PDFchevron_right
A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks
Milad Taleby Ahvanooey

International Journal of Advanced Computer Science and Applications, 2017

Nowadays, the usage of smartphones and their applications have become rapidly popular in people's daily life. Over the last decade, availability of mobile money services such as mobile-payment systems and app markets have significantly increased due to the different forms of apps and connectivity provided by mobile devices, such as 3G, 4G, GPRS, and Wi-Fi, etc. In the same trend, the number of vulnerabilities targeting these services and communication networks has raised as well. Therefore, smartphones have become ideal target devices for malicious programmers. With increasing the number of vulnerabilities and attacks, there has been a corresponding ascent of the security countermeasures presented by the researchers. Due to these reasons, security of the payment systems is one of the most important issues in mobile payment systems. In this survey, we aim to provide a comprehensive and structured overview of the research on security solutions for smartphone devices. This survey reviews the state of the art on security solutions, threats, and vulnerabilities during the period of 2011-2017, by focusing on software attacks, such those to smartphone applications. We outline some countermeasures aimed at protecting smartphones against these groups of attacks, based on the detection rules, data collections and operating systems, especially focusing on open source applications. With this categorization, we want to provide an easy understanding for users and researchers to improve their knowledge about the security and privacy of smartphones.

View PDFchevron_right
MOBILE SECURITY IN ANDROID MOBILE TECHNOLOGY
IJRIT Journal

Mobile security or mobile phone security has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal information now stored on smart phones. More and more users and businesses use smart phones as communication tools but also as a means of planning and organizing their work and private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smart phones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company. All smart phones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smart phones that can come from means of communication like SMS, MMS, wifi networks, and GSM. There are also attacks that exploit software vulnerabilities from both the web browser and operating system. Finally, there are forms of malicious software that rely on the weak knowledge of average users. Different security counter-measures are being developed and applied to smart phones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps.

View PDFchevron_right
MOBILE APPLICATIONS -(in)SECURITY OVERVIEW
Teodor Mitrea

International conference KNOWLEDGE-BASED ORGANIZATION, 2019

Over the last years, there has been a real revolution of mobile devices, which has effectively translated into the exponential increase in internet access rates on a mobile device as opposed to accessing it on desktop systems. Given the growing importance of smartphones, it is important to assess the privacy and security risks of these devices in order to mitigate them. However, as we know, in modern mobile security architecture, applications represent the most critical elements. In this paper we review common mobile applications flaws involving network communications, data storage, user input handling and also exploring a number of vulnerabilities. While apps provide amazing features and benefits for users, they also represent the main attraction for cyber criminals. In order to have a true picture of the mobile security threat spectrum, this article presents the means of how mobile applications can impact systems security, stability and compromise personal data if they`re not handled properly.

View PDFchevron_right
Mobile Computing Security: Issues and Requirements
Md. Rakibul Hoque

—In recent years the size of computing machines has decreased with more power of computing, which helped to develop the concept of mobile computing like laptops, PDAs, cell phones, data storage device, and other mobile devices. Most people begin acquisition these devices because of the nature and advantages such as easy of carrying and moving it from place to place. Although the wide spread and popularity of these devices, it has introduced new security threats which were not existing in the traditional computing, and it should be identified to protect the physical devices and the sensitive information of users. In this paper, we will highlight on some of the security issues related to mobile computing systems in order to avoid or reduce them, with addressing the security issues into two aspects: first is related to transmission of information over wireless networks, and the second is related to information residing on mobile devices. Finally, some security techniques and requirements are presented. 

View PDFchevron_right
Mobile Security: A Literature Review
Cassandra Ansara

International Journal of Computer Applications, 2014

The following paper is a literature review on the topic of Mobile Security. The topic has been chosen due to the rise in mobile applications and the insufficient rise in the topic of the security within those applications. For the purposes of this paper, mobile devices are considered as tablet and cell phones which run a mobile Operating System (OS). More specifically, these are Android (Google), iOS (Apple), or BlackBerry OS (RIM). While it is important to note these terms, this literature review is focused primarily on the Android OS security vulnerabilities. Polymorphic is defined as malware that transforms to be somewhat different than the one before. The automated modifications in code do not modify the malware's functionality, but they can render conventional anti-virus detection technology ineffective against them. An attack vector is most basically described as the approach utilized to assault a specific technology (i.e. a path taken to compromise a system). A botnet is a collection of "zombies" which are remotely controlled for malicious or financial gains [1]. A single botnet often contains hundreds or thousands of devices. When the term "vulnerability" is being utilized within this paper, it is a weak spot which allows an attacker to decrease a system's security. A vulnerability occurs when three elements intersect, including a system weakness or flaw, attacker access to the flaw, and attacker competence to exploit the flaw [2].

View PDFchevron_right
Mobile Security Threats: A Survey on Protection and Mitigation Strategies
Teodor Mitrea

International conference KNOWLEDGE-BASED ORGANIZATION

The spectacular growth in the use of mobile devices is a natural consequence of the benefits they offer. However, most mobile users grant little importance to the security of information stored, processed and transmitted. Even more, the last two years can be considered years of reference for the mobile security industry - ranging from virulent mobile ransomware attacks to mobile IoT botnets and mobile security breaches through mobile malware, that have redefined security paradigms. It is clear that we are at a point of inflection and transition to another generation of cyber attacks and the tendency is that attacks on mobile devices will expand. The security of mobile devices is a topical issue and the main objective is to educate the user to know the risks to which he/she is exposed to and to offer him/her viable security solutions in order to protect himself/herself against mobile threats. In this article we are going to present some protection and mitigation strategies with recom...

View PDFchevron_right
Security issues in Mobile Computing
Kartik Khurana

2018

Now a day’s mobile communication has become a serious business tool for the users. Mobile devices are mainly used for the applications like banking, e-commerce, internet access, entertainment, etc. for communication. This has become common for the user to exchange and transfer the data. However people are still facing problems to use mobile devices because of its security issue. This paper deals with various security issues in mobile computing. It also covers all the basic points which are useful in mobile security issues such as categorisation of security issues, methods or tactics for success in security issues in mobile computing, security frameworks.

View PDFchevron_right

References (31)

  1. Ahsan, M., Gomes, R., Chowdhury, M. M., & Nygard, K. E. (2021). Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector. Journal of Cybersecurity and Privacy, 1(1), 199-218.
  2. Chebyshev, V. (2019). Mobile Malware Evolution: 2018 -Securelist. Securelist, 1-20. https://securelist.com/mobile-malware-evolution-2018/89689/.
  3. Chowdhury, M. M., & Nygard, K. E. (2017). Deception in cyberspace: An empirical study on a con man attack. IEEE International Conference on Electro Information Technology, 410-415. Chowdhury, M. M., Nygard, K. E., Kambhampaty, K., & Alruwaythi, M. (2018). Deception in Cyberspace: Performance Focused Con Resistant Trust Algorithm. Proceedings -2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017, 25-30. Chowdhury, M., & Nygard, K. E. (2018). Machine learning within a con resistant trust model. Proceedings of the 33rd International Conference on Computers and Their Applications, CATA 2018, 2018-March.
  4. Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2019). TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010, 393-407.
  5. Felt, A., Greenwood, K., & Wagner, D. (2011). The effectiveness of application permissions.
  6. WebApps '11: 2nd USENIX Conference on Web Application Development, 75-86.
  7. Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011). A survey of mobile malware in the wild. Proceedings of the ACM Conference on Computer and Communications Security, 3-14. 'Ghost Push' Malware Threatens Android Users. (n.d.). Retrieved February 15, 2022, from https://www.pandasecurity.com/en/mediacenter/mobile-security/ghost-push-malware-android/ Hassold, C. (2017). The Mobile Phishing Threat You'll See Very Soon : URL Padding. PhishLabs. https://www.phishlabs.com/blog/the-mobile-phishing-threat-youll-see-very-soon-url- padding/ Kaspersky Lab. (2019). The number of mobile malware attacks doubles in 2018, as cybercriminals sharpen their distribution strategies. https://www.kaspersky.com/about/press- releases/2019_the-number-of-mobile-malware-attacks-doubles-in-2018-as-cybercriminals-sharpen- their-distribution-strategies Krishna Kambhampaty, Maryam Alruwaythi, Md Minhaz Chowdhury, K. N. (2019). Trust and its Influence on Technology. The Midwest Instruction and Computing Sym-Posium 2019. Li, R., Shen, C., He, H., Gu, X., Xu, Z., & Xu, C. Z. (2018). A Lightweight Secure Data Sharing Scheme for Mobile Cloud Computing. IEEE Transactions on Cloud Computing, 6(2), 344-357. Md Minhaz Chowdhury, K. E. N. (2017). An Empirical Study on Con Resistant Trust Algorithm for Cyberspace. The 2017 World Congress in Computer Sci-Ence, Computer Engineering, & Applied Computing Mobile botnets taking over smartphones -BullGuard. (n.d.). Retrieved February 15, 2022, from https://www.bullguard.com/bullguard-security-center/mobile-security/mobile-threats/mobile- botnets.aspx Samangouei, P., Patel, V. M., & Chellappa, R. (2015, December 16). Attribute-based continuous user authentication on mobile devices. 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems, BTAS 2015.
  8. Samani, R., & Davis, G. (2019). McAfee Mobile Threat Report Mobile Malware Continues to Increase in Complexity and Scope. McAfee.
  9. Seacord, R. C. (2015). Mobile device security. MobileDeLi 2015 -Proceedings of the 3rd International Workshop on Mobile Development Lifecycle, 1-2.
  10. Technologies, P. (2019). Mobile Application Security Threats and Vulnerabilities 2019: Mobile Device Security -Attacks Research. https://www.ptsecurity.com/ww-en/analytics/mobile-application- security-threats-and-vulnerabilities-2019/.
  11. Teh, P. S., Zhang, N., Tan, S. Y., Shi, Q., Khoh, W. H., & Nawaz, R. (2020). Strengthen user authentication on mobile devices by using user's touch dynamics pattern. Journal of Ambient Intelligence and Humanized Computing, 11(10), 4019-4039.
  12. Watkins, L., Kalathummarath, A. L., & Robinson, W. H. (2018). Network-based detection of mobile malware exhibiting obfuscated or silent network behavior. CCNC 2018 -2018 15th IEEE Annual Consumer Communications and Networking Conference, 2018-Janua, 1-4.
  13. Wu, L., Wang, J., Choo, K. K. R., & He, D. (2018). Secure Key Agreement and Key Protection for Mobile Device User Authentication. IEEE Transactions on Information Forensics and Security, 14(2), 319-330.
  14. Zhu, H., Xiong, H., Ge, Y., & Chen, E. (2014). Mobile app recommendations with security and privacy awareness. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 951-960.
  15. Ahsan, M., Gomes, R., Chowdhury, M. M., & Nygard, K. E. (2021). Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector. Journal of Cybersecurity and Privacy, 1(1), 199-218.
  16. Chebyshev, V. (2019). Mobile Malware Evolution: 2018 -Securelist. Securelist, 1-20. https://securelist.com/mobile-malware-evolution-2018/89689/.
  17. Chowdhury, M. M., & Nygard, K. E. (2017). Deception in cyberspace: An empirical study on a con man attack. IEEE International Conference on Electro Information Technology, 410-415. Chowdhury, M. M., Nygard, K. E., Kambhampaty, K., & Alruwaythi, M. (2018). Deception in Cyberspace: Performance Focused Con Resistant Trust Algorithm. Proceedings -2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017, 25-30. Chowdhury, M., & Nygard, K. E. (2018). Machine learning within a con resistant trust model. Proceedings of the 33rd International Conference on Computers and Their Applications, CATA 2018, 2018-March.
  18. Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2019). TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010, 393-407.
  19. Felt, A., Greenwood, K., & Wagner, D. (2011). The effectiveness of application permissions.
  20. WebApps '11: 2nd USENIX Conference on Web Application Development, 75-86.
  21. Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011). A survey of mobile malware in the wild. Proceedings of the ACM Conference on Computer and Communications Security, 3-14. 'Ghost Push' Malware Threatens Android Users. (n.d.). Retrieved February 15, 2022, from https://www.pandasecurity.com/en/mediacenter/mobile-security/ghost-push-malware-android/.
  22. Hassold, C. (2017). The Mobile Phishing Threat You'll See Very Soon : URL Padding. PhishLabs. https://www.phishlabs.com/blog/the-mobile-phishing-threat-youll-see-very-soon-url- padding/.
  23. Kaspersky Lab. (2019). The number of mobile malware attacks doubles in 2018, as cybercriminals sharpen their distribution strategies. https://www.kaspersky.com/about/press- releases/2019_the-number-of-mobile-malware-attacks-doubles-in-2018-as-cybercriminals-sharpen- their-distribution-strategies.
  24. Krishna Kambhampaty, Maryam Alruwaythi, Md Minhaz Chowdhury, K. N. (2019). Trust and its Influence on Technology. The Midwest Instruction and Computing Sym-Posium 2019. Li, R., Shen, C., He, H., Gu, X., Xu, Z., & Xu, C. Z. (2018). A Lightweight Secure Data Sharing Scheme for Mobile Cloud Computing. IEEE Transactions on Cloud Computing, 6(2), 344-357. Mobile botnets taking over smartphones -BullGuard. (n.d.). Retrieved February 15, 2022, from https://www.bullguard.com/bullguard-security-center/mobile-security/mobile-threats/mobile- botnets.aspx. Samangouei, P., Patel, V. M., & Chellappa, R. (2015, December 16). Attribute-based continuous user authentication on mobile devices. 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems, BTAS 2015.
  25. Samani, R., & Davis, G. (2019). McAfee Mobile Threat Report Mobile Malware Continues to Increase in Complexity and Scope. McAfee.
  26. Seacord, R. C. (2015). Mobile device security. MobileDeLi 2015 -Proceedings of the 3rd International Workshop on Mobile Development Lifecycle, 1-2.
  27. Technologies, P. (2019). Mobile Application Security Threats and Vulnerabilities 2019: Mobile Device Security -Attacks Research. https://www.ptsecurity.com/ww-en/analytics/mobile-application- security-threats-and-vulnerabilities-2019/
  28. Teh, P. S., Zhang, N., Tan, S. Y., Shi, Q., Khoh, W. H., & Nawaz, R. (2020). Strengthen user authentication on mobile devices by using user's touch dynamics pattern. Journal of Ambient Intelligence and Humanized Computing, 11(10), 4019-4039.
  29. Watkins, L., Kalathummarath, A. L., & Robinson, W. H. (2018). Network-based detection of mobile malware exhibiting obfuscated or silent network behavior. CCNC 2018 -2018 15th IEEE Annual Consumer Communications and Networking Conference, 2018-Janua, 1-4.
  30. Wu, L., Wang, J., Choo, K. K. R., & He, D. (2018). Secure Key Agreement and Key Protection for Mobile Device User Authentication. IEEE Transactions on Information Forensics and Security, 14(2), 319-330.
  31. Zhu, H., Xiong, H., Ge, Y., & Chen, E. (2014). Mobile app recommendations with security and privacy awareness. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 951-960.

Related papers

Mobile Vulnerabilities and Countermeasures
Monica Gahlawat

Zenodo (CERN European Organization for Nuclear Research), 2023

Communication technologies are advancing at a very rapid pace. With the increased internet penetration and advancement in mobile hardware technologies, mobile phones have become an important part of our daily life. Our dependence on these devices is growing day by day. Awareness of mobile security threats and best practices has become a matter of great importance due to the increased use of mobile devices and the associated security risks. To cope with this predominant issue, this paper aims to help the readers understand and analyze existing threats and identify best practices to ensure device and data safety against each risk factor.

View PDFchevron_right
Research Paper on Enhancing Mobile Security from Vulnerable Attacks
IJRASET Publication

International Journal for Research in Applied Science & Engineering Technology (IJRASET), 2022

The use of Smart phones has come veritably popular around the globe in this digital period and in recent days its stoner's number has increased at indefinite position, as everyone rush to explore the digital world. The people are switching towards Smart phones in order to pierce numerous operations similar as fiscal, business, educational and social etc. Thus these bias are the main target of hackers, still on the other hand the Smart phone manufacturers are trying to design stylish security model to overcome all vulnerabilities. Then we bandy the Android Security armature and possible attacks to android OS and also punctuate the pitfalls which are associated with this particular bias. This paper describes the vulnerabilities plant in Android grounded Smart phones and also describes the attacks like honour escalation, sequestration attack and other pitfalls which are associated with these particular bias. In last section we bandy the possible countermeasure against the attacks and pitfalls due to that, the Android Smart phones come vulnerable.

View PDFchevron_right
Threats, Attacks, and Mitigations of Smartphone Security
Hewa Majeed Zangana

Academic Journal of Nawroz University, 2020

Mobile devices such as Smart Phones and Personal Assistant Devices (PDA) that are Internet based are becoming much more capable of handling complex tasks such as online shopping, online banking as well as social media networking; However, the security mechanisms and defense measures that are built into those devices are not commensurate with those powerful communication and computational capabilities. This in turn, creates critical vulnerabilities thus promoting the chance for imminent security threats. The intent of this paper is to take a look into some of the vulnerabilities and risks associated with the use of smart phones that are Internet based, explore the current security mechanisms and strategies that are in place, and finally propose some proactive defense strategies to ensure appropriate protection of critical information contained in Smart phone devices.

View PDFchevron_right
Mobile Device Security: A Survey on Mobile Device Threats, Vulnerabilities and their Defensive Mechanism
Padmavathi Ganapathi

International Journal of Computer Applications, 2012

Mobile communication has become a serious business tool nowadays. Mobile devices are the major platform for the users to transfer and exchange diverse data for communication. These devices are variably used for applications like banking, personal digital assistance, remote working, m-commerce, internet access, entertainment and medical usage. However people are still hesitant to use mobile devices because of its security issue. It is necessary to provide a reliable and easy to use method for securing these mobile devices against unauthorized access and diverse attacks. It is preferred to apply biometrics for the security of mobile devices and improve reliability over wireless services. This paper deals with various threats and vulnerabilities that affect the mobile devices and also it discusses how biometrics can be a solution to the mobile devices ensuring security.

View PDFchevron_right
Mobile Attacks and Defense
Charlie Miller

IEEE Security & Privacy, 2011

In this paper smartphones are discussed. Today's smartphone are more common than computers. In fact, smart phones are simply computers with extra hardware-namely, a GSM (Global System for Mobile Communications) radio and a baseband processor to control it. These extra features are great, but with the power they provide, there's also a threat. Today, smartphones are becoming targets of attackers in the same way PCs have been for many years. This paper focus on the security models of two smart phone operating systems: Apple's iOS and Google's Android. These two have a special place in my heart because I was the first to publicly exploit both of them.

View PDFchevron_right

Related topics

  • Computer Science
  • Computer Security
  • Internet privacy
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved