Introduction • Our Topic: Mobile Security

 • Why is mobile security important?

Research Questions 1. Why aren't current mobile security systems effective at preventing mobile attacks?2. What is the most effective form of attack vector for todays attackers?3. What can be gained from attacking a mobile phone? Do hackers attack phones for the same reason they attack computers?4. Why is mobile security important for the future?5. What kinds of security standards or methods will best prevent future attacks?

Current Risk Communication

• I Phoneo Action Based

An app uses location user will then be asked to allow or disallow

• G Phoneo Permission Based

Lists set of permissions that application is granted

Problems with Risk Communications

• Current methods do not take context into accounto Context is related to a file

The context will contain the history of a file and what other applications have access as well.

Very important because helps prevent cover channel attacks

o Leaves system vulnerable especially cover channel attacks

Why Our Framework?

• Our framework combines the two most common frameworks (I Phone & G Phone).

• Our framework takes context into account.• We feel the context will allow us to be able

to protect users from cover channel attacks.

History of Considerations

• We observed different mobile security systems and found…

• Pre-download – there is very little straightforward interventiono In Andriod – a list of permissions is present but

the user may not understand thato Interventions – Systems try and predict attacks to

directly as opposed to providing users with information (similar to computer antivirus)

o Theoretical solutions suggest any file modified by a permission should be stopped.

What is Considered Dangerous?

• Risky permissions for possibly fraudulent application

• Most Dangerous – permission to send througho Phone calls, Internet(WiFi), MMS,

bluetooth, and email• Medial Danger – access to view

personal infoo Contacts list, incoming calls, texts,

ect• Dangerous Enough – access to

location or fileso Camera, voice, global search, and

GPS access

Why Intervene at Download• Permission to use a sending

vector• the internet, MMS, bluetooth,

or email• Inform the user of the possibility

of personal information compromise without consent or action

• In other security systemso It is not explicitly specified what

can go wrong by accepting these permissions

o The permissions are generalized into allow accept format

Why Intervene Otherwise• Sending Files• Files accessed by a sending

vector without user direction are potentially compromisingo Many actions can modify files,

but that doesn’t directly hurt user

• User Sends Compromised Files• Files modified using

permissions can contain personal information

• We don’t want users to develop bad habits.o Similar to very long terms of

service fileso Inform the user to make better

decisions

Attack Scenario

• You are hanging out on the Android Marketplace

• You find this cool application called PingDroid

• This screen comes up before you install it

Intervention

• This is the first place where we want to intervene.

• Instead of listing permissions we might want to say…

• “Hey, are you sure you want to download an application that can take your location and photographs and send them over the internet?”

• You say, well ok maybe I still want this.• The application is running for a while and

you forget about it.

• Later, you pick up your phone to notice it has a message for you.

• Intervention – Your phone stopped PingDroid

• “PingDroid may be sending a picture along with your location to anyone on the internet”

What Happens Next?

• You, the user, have just found your application acting in a way that may be malicious

• If you decide that is what the application is supposed to do, allow the app to continue

• If not, you may stop the app from compromising your information

• The only way our security system intervenes again is if another kind of information is compromised or the sending location changes (IP address)

Attacking Scenario 2

• This scenario could be used by several applications.

• Ezimbra is a photo editing application that has the ability to post photos on the internet.

Attack Scenario 3

• People use more and more passwords and "secure" accounts with growth of technology

• Bank accounts, e-mail accounts, eBay/Amazon, etc.• Palm attempts to help keep these accounts organized,

but at what cost?

Attack Scenario 3

• How does SplashID work?• Where are the security issues?• How can these issues be averted?

Attack Method 4

• Our system would inform the user of the level of risk involved with the actions being preformed by the application

•This could be done prior to the user installing the update or after the update tries to run malicious code

Future Work

• Developing a system that uses past cases to exploit

malicious actions

• Final Goal = Software designed to alert user of

adverse actions

Research Question Answers

1.Obviously, new attacks and applications are produced daily. Security that tries to stop attacks in

the background have not been successful

There is no way to predict how an application will attack you, but you can predict the attack vector

If the security system doesn’t accurately assess a malicious situation, no action is taken

2. Most simply, Web applications account for 41% of all financial and 52% of all tech pathway attacks

There are more common vectors of attack, but they are direct (such as bluetooth hacking). These attacks can be easily prevented and are not hidden. They are not the most controversial. Source: http://www.mobileenterprisemag.com/ME2/Sites/dirmod.asp?sid=&nm=&type=MultiPublishing&mod=PublishingTitles&mid=B4771C6F22F34E4CA3FFFDA61E0EA2C5&tier=4&id=8C626442A70740CFB6A62EC3C7A339E8&SiteID=87D3DA363DA24D189035C60D0D8A4775

3. Your Personal information.Contact informationFinancial informationLocationPhotographsPersonal dataCompromising information

4. In the future, nearly everyone will have a cell phone. In 2009, there were 4.6 billion cell phone subscriptions. That number will increase in 2010.

With the growing popularity of smart phones, the cellular network will have a huge market to take advantage of.

5. We have seen so many different kinds of attack with new attacks happening each day.If there are new attacks that work, then the current security systems aren’t working.

The users informed decision and intuition should be much better for prevention than a system that may take no action