Mobile Weblink Security
Size: px
Start display at page:

Download "Mobile Weblink Security"

Transcription

1 Name Maryam Al- Naemi Date 11/01/2013 Subject ITGS higher level Title How safe is the we store on our smartphones? Area of impact Home & Leisure Social & Ethical Issue Security Ar:cle Smartphone security put on test Weblink hgp:// August 2010 IT System Hardware & SoPware

2 Criteria A A Presenta@on of the Issue During July 2011 BBC showed us how easy it is to create a malicious program and that people shouldn t use there phone mistakingly thinking it wont ever been seen or used by anyone else. In 1999 made malicious programs in order to hack computer. Now that phones are more personal devices and have more informa@on about its owner hackers have started to make programs to steel informa@on off phones. "Mobile phones are really personal devices, you might have one computer for a family but every family member has a personal device and it is with them all "Smartphone Security Put on Test") They hide these programs behind simple games applica@ons or such. Another big part of the informa@on taken is to call preimuim rate numbers and get money. The IT system that lets you create malicious programs is programs such as Java.This porzolio will research the issues rela@ng to secuirty of smartphones and the issue of peoples private personal and financial informa@on being abused or leaked. Words: 168

3 Criteria B Background to the Issue Analysis Threats Data: smartphones are devices for data management, therefore they may contain sensi@ve data like credit card numbers,private informa@on. Iden:ty: smartphones are highly customizable, so the device or its contents are associated with its owner. For example, all mobiles can send informa@on related to the owner of the mobile phones contract and an agacker may steal the iden@ty of thee owner and commit other offenses. ("Mobile Security") A*ackers The agackers are the same ones who agack non- mobile compu@ng spaces: Professionals, who focus on the two targets men@oned above. They steal sensi@ve data from the general public, as well as undertake industrial espionage. They will also use the iden@ty of those agacked to achieve other agacks. Thieves gain income using data or iden@@es they have stolen. The thieves will agack more people in order to increase there income. Black hat hackers These hackers develop viruses to disturb or corrupt the phone and some@mes steal valuable informa@on. Grey hat hackers expose vulnerabili@es of the device. Grey Hat hackers do not intend on damaging the device or stealing data. ("Types of Hacker") A*acks ADacks based on SMS: A study of the safety of SMS infrastructure shows that messages that are sent from internet can be used to perform a distributed denial of service (DDoS) Also some smartphones have problems in handling binary SMS messages. Some@mes even by sending an ill formed block he phone may restart leading to denial of service agack.("protect Yourself From SMiShing (SMS Phishing)Â Attacks")

4 ADacks based on GSM networks: Mobil networks have encrypted security, the agacker may try to break the The GSM network algorithms belong to the grouped algorithms called A5. There are two main variants of algorithms that are used today: A5/1 and A5/2. The lager being a weaker version of encryp@ons of countries with legal restric@ons. Since the encryp@on algorithms were made public its possible to break the encryp@on in about 6 hours. Stronger algorithms are to be placed instead of this: the A5/3 and the A5/4 also known as KASUMI or UEA1 published by ETSI. Although it to get the GSM equipment using the A5/1 or the A5/2 algorithms to manufactures so they can make new encryp@on algorithms, and thus it will to replace them. Once someone breaks the GSM algorithms the agacker can intercept all unencrypted communicators made by the persons smartphone. ("Workshop: Attacks on GSM Networks âä ì ") ADacks based on Opera:ng Systems: Some agacks consist of modifying the opera@on system itself. An example would be manipula@ons of firmware and malicious signature cer@ficates. These type of agacks are harder to execute. In 2004 vulnerabili@es in virtual machines and how they run on certain devices were revealed. It became possible to bypass the byte code verifier and methods to access the underlying opera@ng system. Nokia's firmware security Symbian PlaZorm Security Architecture (PSA) is based on central configura@on file called SWIPolicy. In 2008 it become possible to manipulate this firmware and in some versions the SWIPolicy file is human readable. This vulnerability was later solved by Nokia through an update. ("Operating System") Security Smartphones can be secured in several ways or protected: Passcode: People can lock there phone with a certain word or 4 digit number (iphone) This would protect your phone physically, when some grabs it or it gets stolen they wont be able to open it. The maximum amount of characters you can enter on, lets say, an iphone, is 37 characters, that would be almost impossible to crack. Although on most smartphones including iphone, Blackberry and Android you can supplement the passcode security by enabling it to wipe the data aper 10 failed password agempts. (Orantia, "Get Smart about Phone Security")

5 An:virus and Firewall: An sopware can protect a device from being infected by a known threat, usually by signature detec@on sopware that detects malicious executable files. A firewall, checks on exis@ng traffic on the network and makes sure that a malicious applica@on doesn't try to seek any communica@on through it. ("Mobile Security") Encryp:on of stored or transmided informa:on: It is always possible that data exchange can be intercepted or even informa@on storage, can rely on encryp@on to prevent a malicious en@ty from using any data obtained during communica@ons. However this creates the problem of key exchange for encryp@on algorithms, this requires a secure channel.("mobile Security")

6 Criteria C The impact of the issue There are impacts due to the problem that his risen with phone security and the fact that some of the games or apps people download are booty trapped and that leads to them having there personal informa@on leaked or stolen. This causes many issues, especially economically and psychologically. Economically The companies that manufacture the apps have to make there app appealing towards the public, once anyone finds out that the app is stealing data or booty trapped the company flunks. People will avoid not only the app but the en@re company causing bankruptcy. All due to them stealing data from the smartphone. Psychologically The people who get an app once and have there informa@on stolen in any way or form through it start to have doubts about all apps and worry about their data or informa@on being leaked. People seem to have the tendency to rely on their phones a lot with videos and pictures and informa@on and even credit card number. They only start to be psychologically impacted by this issue when it effects them. The major stakeholders in this issue is: The manufactures of the applica@ons/games The people who download the applica@on Any third party plazorm that exposes or shares the applica@on or game. Nega:ve Impacts: Data from app downloaders is stolen, people who have downloaded the app have had their valuable informa@on such as contacts, credit card, pictures, private informa@on all leaked or viewed without the owners consent. Reliability of phones is doubted, people rely a lot on there phones to keep important informa@on in them such as credit card informa@on and appointments. If they use an applica@on that is booty trapped and then they have this

7 deleted from a third party or an outside source they would loose all this. Then they wouldn't know where to get there appointment list from and/or there credit card informa@on. This would effect how much people rely on there phones. Phone Security is breached. Phones are supposed to be seen as safe devices that save there informa@on and they can use to talk to people. Once the security is breached people start to doubt or redefine how they use there phone. People stop trus@ng the app that they got the app from, for example if they used the app store they would loose substan@al trust in the store. Posi:ve Impacts: People become aware of a malicious sopware. The applica@on would be outed and everyone would know its booty trapped and wouldn t download it, the app would be denied by all. Business opportuni@es to create an@- virus or security sopwares appear. People will agempt to find a solu@on to this problem and create sopwares like malware and such to protect phones thus crea@ng new business opportuni@es. People become more cau@ous of what they download. APer they have been effected people will worry about it happening again and having there informa@on stolen. So they become more cau@ous. You get the game for free in oppose to having to pay for it. Instead of having to pay for it they can take the game for free and enjoy it, even if it has a booty trap.

8 Criteria D The impact of the issue Computers used to be hacked and would have informa@on or data stolen from them. People have always found a way to somehow hack the computer in the most subtle way possible, things like sopwares use to be a huge target. Now people have solved or minimised this issue by making an@virus sopwares such as Norton's An@virus SoPware. These sopwares have been mafe by specialists to detect any irregular behaviour from sopwares and viruses in order to prevent any informa@on being stolen from the computer. Norton's have made this sopware available for Mobiles and Tablets: If everyone who uses smartphones downloads this sopwares they made be able to save there informa@on being stolen or leaked in any way. Although nowadays people have become more familiar with these sopwares and may be able to bypass them. Regardless it is a sufficient solu@on for the problem at hand. Some of the threats that are stopped are: Protects against viruses, malware and other mobile threats. Gives you the power to eliminate mobile spam by blocking unwanted calls and texts. Automa@cally scans downloaded apps and app updates for threats and gets rid of them. Gives you the op@on of automa@cally scanning SD (Secure Digital) memory cards for threats when you plug them into your mobile device. ("Antivirus Software, Spyware and Firewall Protection Norton")

9 Works Cited "Antivirus Software, Spyware and Firewall Protection Norton." Antivirus Software, Spyware and Firewall Protection Norton. N.p., n.d. Web. 26 Jan "Mobile Security." Wikipedia. Wikimedia Foundation, 17 Jan Web. 19 Jan "Operating System." Wikipedia. Wikimedia Foundation, 19 Jan Web. 19 Jan Orantia, Jenneth. "Get Smart about Phone Security." The Sydney Morning Herald. N.p., n.d. Web. 17 Jan "Protect Yourself From SMiShing (SMS Phishing)Â Attacks." About.com Internet / Network Security. N.p., n.d. Web. 19 Jan "Types of Hacker." Types of Hacker. N.p., n.d. Web. 19 Jan Ward, Mark. "Smartphone Security Put on Test." BBC News. BBC, 08 Sept Web. 19 Jan "Workshop: Attacks on GSM Networks âä ì." RSS. N.p., n.d. Web. 19 Jan

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information