== Mobile Security == [[TOC(Other/Summer/2015*, depth=3)]] === Introduction === Mobile security or mobile phone security has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal and business information now stored on smartphones. More and more users and businesses employ smartphones as communication tools, but also as a means of planning and organizing their work and private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company. A smartphone is always exposed to various threats when it is used by the users. These threats can disrupt the operation of smartphone, modify or access the data. Smartphone threat model divides a phone into three layers: Application layer which includes all of the smartphone's apps, such as social networking software, email, text messaging, and synchronization software. Communication layer includes the carrier networks, Wi-Fi connectivity, Bluetooth network, Micro USB ports, and MicroSD slots. Malware can spread through any of these channels. Resource includes the flash memory, camera, microphone, and sensors within a smartphone. Because smartphones contain sensitive data, malware can target their resources to control them and manipulate data from them [3]. Prime targets for the attackers are: Data:Central data management is a part of a smartphone. Pictures, credit card information, Location, activity logs and private information etc. may be present as data in the smartphone. Identity:Smartphones belong to a specific user and are highly customizable. It can contain information related to the owner of the mobile contract or etc. Availability:An attacker can limit access to the smartphone by attacking it and this can lead to denial of service to the user. '''Threats and Attacks''': • Device Loss: If a person leaves a smartphone in public places, sensitive data such as customer information or corporate intellectual property can be put at risk. • Application security: Mobile applications that requests too many permissions, which allows them to access various information of the device. • Device data leakage: It is unauthorized transmission of personal information or corporate data. Malicious applications can steal personal information like location, bank details or contact details. For example, an attacker could use ZitMO for Symbian, Blackberry, android devices to steal one time passwords sent by banks to authenticate mobile transactions. • Sniffing captures and decodes packets as they pass over airwaves. • Spam can be carried through email or MMS messages. These messages can include URLs that direct users to phishing or pharming websites. • Phishing attack can be disguised as a trusted party to steal personal information. For example, a malicious application could include a “Share on Facebook” button that redirects users to a spoofed target application, which could request the user’s secret credentials and steal the data. • Pharming attackers redirect Web traffic on a smartphone to a malicious or bogus website. By collecting the subscriber’s smartphone information, a pharming attack can lead to other attacks. For example, when a user browses a website on a smartphone, the HTTP header usually includes information about the smartphone’s operating system, browser, and version number. With this information, an attacker can learn the smartphone’s security vulnerabilities and start other directed attacks. • Vishing (short for voice phishing): In this attack malicious users try to gain access to financial records and other private information. • Jamming device is used to disrupt the communication between the smartphone and its base station. === Motivation === == Resources == [https://drive.google.com/folderview?id=0BzSKo-rpQ80Rfk8td25KVmxfZVl0bFFEN21CckQyYmpHRFlLT2VqNWVLQmdYcWtkSnRGNEE&usp=sharing Research Papers]