On the Feasibility of Malware Attacks in Smartphone Platforms

Smartphones are multipurpose devices that host multiple and heterogeneous data. Their user base is constantly increasing and as a result they have become an attractive target for conducting privacy and security attacks. The attacks’ impact increases, when smartphone users tend to use their devices both for personal and business purposes. Moreover, application development in smartphone platforms has been simplified, in the platforms developers’ effort to attract more developers and increase its popularity by offering more attractive applications. In this paper we provide a comparative evaluation of the security level of well-known smartphone platforms, regarding their protection against simple malicious applications. We then study the feasibility and easiness of smartphone malware development by average programmers via an implementation case study. Our study proved that, under certain circumstances, all examined platforms could be used by average developers as privacy attack vector, harvesting data from the device without the users knowledge and consent.

[1]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[2]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[3]  Leonard M. Adleman,et al.  An Abstract Theory of Computer Viruses , 1988, CRYPTO.

[4]  Dimitris Gritzalis,et al.  A Secure Smartphone Applications Roll-out Scheme , 2011, TrustBus.

[5]  Dimitris Gritzalis,et al.  Smartphone security evaluation The malware attack case , 2011, Proceedings of the International Conference on Security and Cryptography.

[6]  Patrick D. McDaniel,et al.  Not So Great Expectations: Why Application Markets Haven't Failed Security , 2010, IEEE Security & Privacy.

[7]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[8]  Dimitris Gritzalis,et al.  Common Body of Knowledge for Information Security , 2007, IEEE Security & Privacy.

[9]  Mark Weiser The computer for the 21st century , 1991 .

[10]  Mikko Hypponen,et al.  Malware goes mobile. , 2006, Scientific American.

[11]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Fred Cohen,et al.  Computational aspects of computer viruses , 1989, Comput. Secur..