SMART-PHONES: A NEW APPROACH FOR SECURITY

Internet has been permeating into every corner of the world and every aspect of our lives, empowering us with anywhere, anytime remote access and control over information, personal communications (e.g., through smart phones), and our environment (e.g., through the use of sensors, actuators, and RFIDs). While enabling interoperation with the Internet brings tremendous opportunities in service creation and information access, the secu rity threat of the Internet also dauntingly extends its reach. Smart phones are increasingly being equipped with operating systems that compare in complexity with those on desktop computers. This trend makes smart phone operating systems vulnerable to many of the same threats as desktop operating systems. In this paper, we wish to Alarm the community that the long-realized risk of interoperation with the Internet is becoming a reality: Smart phones, interoperable between the telecom networks and the Interne t, are dangerous conduits for Internet security threats to reach the telecom infrastructure. The damage caused by subverted smart-phones could range from privacy violation and identity theft to emergency call center DDoS attacks and national crises. We als o describe defense solution space. In this paper, we focus on the threat posed by smart phone root kits. Root kits are malware that stealthily modify operating system code and data to achieve malicious goals, and have long been a problem for desktops. We u se three example root kits to show that smart phones are just as vulnerable to root kits as desktop operating systems. However, the ubiquity of smart phones and the unique interfaces that they expose, such as voice, GPS and battery, make the social consequences of root kits particularly devastating.