Name
Maryam Al-‐Naemi
Date
11/01/2013
Subject
ITGS higher level
Title
How safe is the informa@on we store on our smartphones?
Area of impact
Home & Leisure
Social & Ethical Issue
Security
Ar:cle
Smartphone security put on test
Weblink
hGp://www.bbc.co.uk/news/technology-‐10912376
August 2010
IT System
Criteria A
A Presenta@on of the Issue
During July 2011 BBC showed us how easy it is to create a
malicious program and that people shouldn’t use there phone
mistakingly thinking it wont ever been seen or used by anyone
else. In 1999 made malicious programs in order to hack
computer. Now that phones are more personal devices and have
more informa@on about its owner hackers have started to make
programs to steel informa@on off phones. "Mobile phones are
really personal devices, you might have one computer for a
family but every family member has a personal device and it is
with them all the @me."
(Ward, "Smartphone Security Put on Test")
They hide these programs behind simple games applica@ons or
such. Another big part of the informa@on taken is to call
preimuim rate numbers and get money. The IT system that lets
you create malicious programs is programs such as Java.This
porZolio will research the issues rela@ng to secuirty of
smartphones and the issue of peoples private personal and
financial informa@on being abused or leaked.
Criteria B
Background to the Issue Analysis
Threats
• Data: smartphones are devices for data management, therefore they may
contain sensi@ve data like credit card numbers,private informa@on.
• Iden:ty: smartphones are highly customizable, so the device or its contents
are associated with its owner. For example, all mobiles can send informa@on related to the owner of the mobile phones contract and an aGacker may steal the iden@ty of thee owner and commit other offenses. ("Mobile Security")
A*ackers
The aGackers are the same ones who aGack non-‐mobile compu@ng spaces:
• Professionals, who focus on the two targets men@oned above. They steal
sensi@ve data from the general public, as well as undertake industrial
espionage. They will also use the iden@ty of those aGacked to achieve other aGacks.
• Thieves gain income using data or iden@@es they have stolen. The thieves will
aGack more people in order to increase there income.
• Black hat hackers These hackers develop viruses to disturb or corrupt the
phone and some@mes steal valuable informa@on.
• Grey hat hackers expose vulnerabili@es of the device. Grey Hat hackers do not
intend on damaging the device or stealing data. ("Types of Hacker")
A*acks
• ADacks based on SMS: A study of the safety of SMS infrastructure shows that messages that are sent from internet can be used to perform a distributed denial of service (DDoS) Also some smartphones have problems in handling binary SMS messages. Some@mes even by sending an ill formed block he phone may restart leading to denial of service aGack.("Protect Yourself From SMiShing (SMS Phishing)Â Attacks")
• ADacks based on GSM networks: Mobil networks have encrypted security, the aGacker may try to break the encryp@on. The GSM network encryp@on algorithms belong to the grouped algorithms called A5. There are two main variants of
algorithms that are used today: A5/1 and A5/2. The laGer being a weaker version of encryp@ons of countries with legal restric@ons. Since the encryp@on algorithms were made public its possible to break the encryp@on in about 6 hours. Stronger algorithms are to be placed instead of this: the A5/3 and the A5/4 also known as KASUMI or UEA1 published by ETSI. Although it takes @me to get the GSM
equipment using the A5/1 or the A5/2 algorithms to manufactures so they can make new encryp@on algorithms, and thus it will take @me to replace them. Once someone breaks the GSM algorithms the aGacker can intercept all unencrypted communicators made by the persons smartphone. ("Workshop: Attacks on GSM Networks âÄ ì ")
• ADacks based on Opera:ng Systems: Some aGacks consist of modifying the opera@on system itself. An example would be manipula@ons of firmware and malicious signature cer@ficates. These type of aGacks are harder to execute. In 2004 vulnerabili@es in virtual machines and how they run on certain devices were revealed. It became possible to bypass the byte code verifier and methods to access the underlying opera@ng system. Nokia's firmware security Symbian PlaZorm Security Architecture (PSA) is based on central configura@on file called SWIPolicy. In 2008 it become possible to manipulate this firmware and in some versions the SWIPolicy file is human readable. This vulnerability was later solved by Nokia through an update. ("Operating System")
Security
Smartphones can be secured in several ways or protected:
• Passcode: People can lock there phone with a certain word or 4 digit number (iPhone) This would protect your phone physically, when some grabs it or it gets stolen they wont be able to open it. The maximum amount of characters you can enter on, lets say, an iPhone, is 37 characters, that would be almost impossible to crack. Although on most smartphones including iPhone, Blackberry and Android you can supplement the passcode security by enabling it to wipe the data aPer 10 failed password aGempts. (Orantia, "Get Smart about Phone Security")
• An:virus and Firewall: An an@virus soPware can protect a device from being infected by a known threat, usually by signature detec@on soPware that detects malicious executable files. A firewall, checks on exis@ng traffic on the network and makes sure that a malicious applica@on doesn't try to seek any communica@on through it. ("Mobile Security")
• Encryp:on of stored or transmiDed informa:on: It is always possible that data exchange can be intercepted or even informa@on storage, can rely on encryp@on to prevent a malicious en@ty from using any data obtained during
communica@ons. However this creates the problem of key exchange for encryp@on algorithms, this requires a secure channel.("Mobile Security")
Criteria C
The impact of the issue
There are impacts due to the problem that his risen with phone security and the fact that some of the games or apps people download are booty trapped and that leads to them having there personal informa@on leaked or stolen. This causes many issues, especially economically and psychologically.
Economically
The companies that manufacture the apps have to make there app appealing towards the public, once anyone finds out that the app is stealing data or booty trapped the company flunks. People will avoid not only the app but the en@re company causing bankruptcy. All due to them stealing data from the smartphone.
Psychologically
The people who get an app once and have there informa@on stolen in any way or form through it start to have doubts about all apps and worry about their data or informa@on being leaked. People seem to have the tendency to rely on their phones a lot with videos and pictures and informa@on and even credit card number. They only start to be psychologically impacted by this issue when it effects them.
The major stakeholders in this issue is:
• The manufactures of the applica@ons/games • The people who download the applica@on
• Any third party plaZorm that exposes or shares the applica@on or game.
Nega:ve Impacts:
• Data from app downloaders is stolen, people who have downloaded the app have had their valuable informa@on such as contacts, credit card, pictures, private informa@on all leaked or viewed without the owners consent.
• Reliability of phones is doubted, people rely a lot on there phones to keep
important informa@on in them such as credit card informa@on and appointments. If they use an applica@on that is booty trapped and then they have this
informa@on deleted from a third party or an outside source they would loose all this. Then they wouldn't know where to get there appointment list from and/or there credit card informa@on. This would effect how much people rely on there phones.
• Phone Security is breached. Phones are supposed to be seen as safe devices that save there informa@on and they can use to talk to people. Once the security is breached people start to doubt or redefine how they use there phone.
• People stop trus@ng the app that they got the app from, for example if they used the app store they would loose substan@al trust in the store.
Posi:ve Impacts:
• People become aware of a malicious soPware. The applica@on would be outed and everyone would know its booty trapped and wouldn’t download it, the app would be denied by all.
• Business opportuni@es to create an@-‐virus or security soPwares appear. People will aGempt to find a solu@on to this problem and create soPwares like malware and such to protect phones thus crea@ng new business opportuni@es.
• People become more cau@ous of what they download. APer they have been effected people will worry about it happening again and having there informa@on stolen. So they become more cau@ous.
• You get the game for free in oppose to having to pay for it. Instead of having to pay for it they can take the game for free and enjoy it, even if it has a booty trap.
Criteria D
The impact of the issue
Computers used to be hacked and would have informa@on or data stolen from them. People have always found a way to somehow hack the computer in the most subtle way possible, things like soPwares use to be a huge target. Now people have solved or minimised this issue by making an@virus soPwares such as Norton's
An@virus SoPware. These soPwares have been mafe by specialists to detect any irregular behaviour from soPwares and viruses in order to prevent any informa@on being stolen from the computer.
Norton's have made this soPware available for Mobiles and Tablets:
If everyone who uses smartphones downloads this soPwares they made be able to save there informa@on being stolen or leaked in any way. Although nowadays people have become more familiar with these soPwares and may be able to bypass them. Regardless it is a sufficient solu@on for the problem at hand.
Some of the threats that are stopped are:
• Protects against viruses, malware and other mobile threats.
• Gives you the power to eliminate mobile spam by blocking unwanted calls and texts.
• Automa@cally scans downloaded apps and app updates for threats and gets rid of them.
• Gives you the op@on of automa@cally scanning SD (Secure Digital) memory cards for threats when you plug them into your mobile device. ("Antivirus Software, Spyware and Firewall Protection | Norton")
Works Cited
"Antivirus Software, Spyware and Firewall Protection | Norton." Antivirus
Software, Spyware and Firewall Protection | Norton. N.p., n.d. Web. 26
Jan. 2013.
"Mobile Security." Wikipedia. Wikimedia Foundation, 17 Jan. 2013. Web.
19 Jan. 2013.
"Operating System." Wikipedia. Wikimedia Foundation, 19 Jan. 2013.
Web. 19 Jan. 2013.
Orantia, Jenneth. "Get Smart about Phone Security." The Sydney Morning
Herald. N.p., n.d. Web. 17 Jan. 2013.
"Protect Yourself From SMiShing (SMS Phishing)Â Attacks." About.com
Internet / Network Security. N.p., n.d. Web. 19 Jan. 2013.
"Types of Hacker." Types of Hacker. N.p., n.d. Web. 19 Jan. 2013.
Ward, Mark. "Smartphone Security Put on Test." BBC News. BBC, 08
Sept. 2010. Web. 19 Jan. 2013.
"Workshop: Attacks on GSM Networks â
Ä ì ." RSS. N.p., n.d. Web. 19
Jan. 2013.
