Smart Phone Access, Control & Security: A Survey

International Journal of Emerging Technology and Advanced Engineering

236

Smart Phone Access, Control & Security: A Survey

_{Prof. P.L.Ramteke,}

_{Dr. D.N.Choudhary}

1_{Associate Professor, HVPM’s College of Engineering & Technology, Amravati, Maharashtra State [INDIA]} 2_{Professor & Head, Department of Information Technology,}

Jawaharlal Darda Institute of Engineering & echnology, Yavatmal, Maharashtra State [INDIA]

Abstract—Mobile technologies are changing rapidly today with an advance platform like Google Android. A smart phone provides internet facility and access to various data services. Smart phone technology has moved to highly visual devices that attract many users and facilitate many

opportunities for communications. Unlike Personal

Computers, they are in one location but smart phone by their very nature move from location to location.

It is difficult and hard to access data or useful information of “smart phone users” remotely. There is tremendous development in mobile technology including operating system platforms. The Cellular technology is one which allows the efficient utilization of frequencies enabling the connection of a large number of users. There are some actions that are necessary in order to obtain such connection for accessing reliable and secure data over mobile network. However there are many challenges. This proposed research work is focused to identify issues regarding smart phone access, control and security as well as to discover a programming model to overcome these issues using java and XML platform for remotely track and control the resources of smart phone and its access.

Keywords- Cyber crime, Intrusion, Mobile security, RIM, Smart phone

I.

The Mobile platforms and technologies are changing rapidly as on today. With the addition of new and advanced user platforms such as the world's most popular smart phone platforms namely Apple's iPhone, Blackberry, Windows Mobile phones as well as Symbian platform are now under the verge of being subdued by the emerging platform namely Google Android [1].

Fig.1 Smart Phone with Google android

Google Android is one of the most popular mobile Operating Systems for Smart phones on the market. Fifty percent population of United Kingdom owns a smart phone used by RIM‘s BlackBerry and Apple‘s iPhone.

Millions peoples of United Kingdom have internet connectivity on their smart phones and access to data services on the move [2]. These latest mobile platforms such as iPhone, Blackberry and Windows mobiles become one of the top selling smartphones/tablets. But due to high risk threats to the Google android frameworks, security assessment is required [3].

II.

International Journal of Emerging Technology and Advanced Engineering

237 This is normal behavior for all data routed via a BlackBerry device, but in case of India the practice was considered to be a security risk.RIM soon became the subject of threats, with governments such as Turkey threatening to block the licenses of mobile phone networks supporting BlackBerry phones if the issue was not resolved, and certainly in India's case a resolution was found thanks to mediation via the US government and an agreement by RIM to provide automated access to India for all SMS messages sent via such smart phones. Similar arrangements were made with other governments; this was hardly a surprise as these are all growing markets for mobile phone companies, particularly India. BlackBerry was singled out during this dispute due to the security company places on their devices, and they focus on security rather than games and music. Something it might be more closely identified with iPhone or Android phones. The security offered by RIM's devices has seen them remain a firm favorite with businesses and national security agencies. It remains to be seen just how these monitoring powers might aid or hinder the platform.

A. About RIM

The BXX, operating system recently announced has the same name as a Basis of Software International. After announcing new operating system for mobile BBX, their smart phones and tablets, Research in Motion (RIM) is facing threats of being subject to a legal action that may be driven by Software Company in Albuquerque, New Mexico. That states BXX is a registered trademark of products sold by the company. The Basis International has taken legal action to preserve and protect their property for a long time brand of operating system independent language BBX, as well as database and set of tools. The Basis also said, RIM announced a new BlackBerry Smartphone operating system called BBX and is causing confusion among users of BBX software, which could damage the reputation of brand by allowing the development of multi-application platform. Mobile or smart phone/Tablet technology has moved from curiosity to highly visual device that attracts many users and many opportunities for unsecure communication. Unlike PC's that are in one location, smart phone/Tablet by their very nature move from location to location. So they are always vulnerable.

B. Review of Literature

Blackberry Security- Much of the security around Blackberry devices does not depend on the owner of device.

The Blackberry Enterprise Server can enforce a number of security features such as password strength and device time-outs. Other user-controlled security features must be enabled to protect sensitive information. The Blackberry provides options to encrypt data, turn off Bluetooth discovery, Bluetooth encryption and remote wipe options. Each of these security features minimizes the risk of data being accessed either remotely or in the event device is lost.

iPhone Security- When the Apple announced iPhone in 2007 it very quickly became a popular Smartphone. The iPhone initially found its niche in the commercial market but very quickly made its way into the enterprise due to its ease of use while allowing access to business services like e-mail. Like the Blackberry, iPhone also makes use of basic security features like screen locks and passwords. IT Administrators can force iPhone users to use a pass code every time they unlock the phone. A search of iTunes App Store for security returns over 1,300 applications related to protecting an iPhone. Applications to encrypt data, protect passwords, track lost iPhone or wipe data remotely are available for free or for a small charge to the user's iTunes account.

Android Security- The new kid on block, Android is a Smartphone operating system from Google. Unlike Blackberry and Apple, which have control over both the hardware and operating systems of their devices, Android is an open-source operating system and runs on a wide variety of hardware produced by companies like HTC and Samsung. Due to its open nature the user must be more vigilant in protecting the device from malware and remote access. The Android market contains over 900 applications dedicated to security in addition to built-in options. One unique security feature that can be enabled is a pass pattern instead of a pass code although pass codes are considered a better option. A pass pattern requires the user to repeat a pattern on dot grid to unlock the phone. Other application like Lookout Mobile Security protects the device from malware and viruses. Essentially smart phones used in the enterprise should be treated by IT Security like a laptop. The enterprise must enforce password policies and screen locks. The user must be trained in corporate security standards to ensure that they take precautions and care needed to protect these devices from hackers and data loss.

C. Smartphone Protection Technologies

International Journal of Emerging Technology and Advanced Engineering

238 Under no circumstances should anyone send confidential communication, like texting, or sending files without encryption. Security SSL VPN should be in place to guarantee the confidentiality of transmission. SSL VPN works by allowing limited but secure access to the corporate network from any location. In this way, users can achieve secure browser-based access to corporate resources at any time. Deep Packet Inspection of Secure Socket Layer (DPI-SSL) technology inspects HTTPS traffic and other SSL-based traffic. If the traffic is encrypted, the SSL traffic is first decrypted transparently, then scanned for threats and re-encrypted before going to its destination. If no threats or vulnerabilities appear, DPI-SSL is a security layer that provides application control, and data leakage prevention. Firewalls can control the flow of calls going out and coming in to a corporate site. Wireless and VoIP (voice over IP) technologies have their own encryption mechanisms that should be implemented. In the area of VoIP tools and policies should be implemented following the best practices outlined by VOIPSA's Best Practices Project.

III.

A.

There are other security policies that should be in place. Security administrators should scan all Smartphone traffic with the use of firewall; then maximize firewall bandwidth throughput in order to eliminate application latency. Latency can open the door to hack attacks. Security administrators should establish controls over Smartphone application traffic. In this case, application control technology should be in network place to report how much application usage is occurring on the Smartphone.

1) The GPS angle

There doesn‘t seem to be much of a grip on unendorsed GPS operations nor its modifications to perform unsupervised tracking tasks, which is why hacking is a public practice bounded by no kind of law really. There are however, restrictions that ban unethical GPS use and the means by which it is done; this often entails hacking into someone‘s personal GPS unit including GPS-enabled cell phone without their knowledge or consent whether to change the settings or retrieve private information. What we seek to do here is entirely on a different wavelength, if you are the rightful owner of GPS device, you are welcome to learn some interesting tricks and tips on how to hack your way to a better running, more efficient and cost effective GPS system.

2) Intrusion via Your GPS Device

No matter what type of GPS device you have, there are number of ways to hack into it so that it can do exactly what you want. There are number of hacking sites that can help you to do specific modifications and there are also technically inclined individuals who can program an exclusive hack, whether it is a portable handheld unit, car navigation device or a GPS-enabled cell phone. There are techniques to get it hacked. Consumers no longer have to settle or compromise features they most desire with a standard purchase.

3) Hacking Your GPS-Enabled Smartphone

B.

Hacking a GPS-enabled Smartphone is quite common, perhaps the easiest hacking procedure there is. The GPS feature on a cell phone isn‘t as accurate or widespread with functions as a dedicated GPS unit nor is it susceptive or compatible for all the new, high-tech system updates out there. GPS-enabled cell phones do, however, compensate for some very effective navigational needs when driving, hiking, jogging and such. So keeping it as current and up-to-date as possible should always be one of your first options.

IV.

F

Millions of victims, billions of lost dollars, and untold hours of downtime- cybercrime is a vicious ever-growing trend in today's internet space. Cybercrime is constantly evolving to bypass today's IT security. See what the future holds with the evolution of cybercrime.

International Journal of Emerging Technology and Advanced Engineering

239 capabilities of phones. All the pictures, phone numbers, and private information is another target for these viruses to capture.

V.

A.

Smartphone are a new medium for cybercrime that's ripe for the taking, but another piece of technology is Voice over Internet Protocol (VOIP). VOIP is a new technology that allows consumers to use internet to make calls. Companies such as Vonage, Skype, and even Google offer these services. Cyber criminals are beginning to integrate VOIP into their cybercrimes and using it as a new medium. Many consumers are worry of e-mails and fake websites that could phish their accounts. There is continual education around verifying the sites users log into. In this evolution of phishing attack, an e-mail is sent by the cyber criminal, asking the consumer to dial into their secure toll free number, as their account may have been compromised and using the internet may cause additional harm. The consumer, believing that the number listed is real, dials in and is prompted with a familiar automated service. The consumer dials in their account credentials or they speak to a fake representative and give away their information. This is all possible because cyber criminals can make a phone number using VOIP services. Many companies install VOIP into their enterprises without understanding the security flaws. A cyber criminal can take advantage of these security holes and break a company's VOIP server or use it as their own to make these false numbers for consumers to dial into Cybercrime as a Service. To criminals, cybercrime is another business opportunity for them. They have a lot to gain with very little to lose. The broad, general cybercrime legislation available across the globe is not strict enough to scare them. The ability to remain anonymous on the internet is also another lucrative proposition for cybercrime. This will not change in the future of cybercrime; rather it will make even older criminal gangs that have the financial resources delve into cybercrime. Currently, legitimate businesses use what's known as Software as a Service (SaaS). It means a company saves money and resources by having their software installed over the internet, on web servers of third parties. This saves companies from having to buy servers and architect out networks and all work is performed using browsers. Cybercrime of the future may be headed in the same direction. Cyber criminals in the future can use Crime ware as a Service (CaaS). They don't have to buy and develop their servers to coordinate attacks, instead they can use infrastructure that's already out there.

Rather than wasting time and resources developing infrastructure they would pay a fee to use CaaS. Just like a legitimate business that pays a third party vendor to use SaaS, cyber criminal in the future would

p

VI.

Open source is the entire buzz these days in the cell phone world, from Google's Android OS to DIY Linux hacking enthusiasts. Below is the list of some of open source operating systems that have been put on phones to date

A. Open Source: Advantages & Disadvantages for Cell Phones

With regards to cell phones, open source bears a number of advantages and disadvantages both for the cell phone carriers and to the consumers. Currently, most operating systems that run on cell phone are proprietary to the company that manufactures them. There are precious few third party operating systems. The most distinct advantage for cell phone carriers is the small size of Linux and Linux-based operating systems as well as their efficiency. Windows-based and other operating systems for cell phones have come under a fair bit of fire for their slowness and some open source seems to supply a way out of that mess. However, this is more than a story of efficiency. One of the major differences between proprietary and open source models is how development proceeds. Under the open source model it is a mass, grass roots endeavor with some centralization under project managers and the like, but is largely unpredictable and difficult to control. Not exactly the stablest premise coming from the traditionalist camp: it had be a huge upset and mobile companies that aren't comfortable with that. Change is dangerous even if theoretically it's for the better—and even if it's synonymous with innovation

B. IPhone

International Journal of Emerging Technology and Advanced Engineering

240 So while some elements of open source model exist within the iPhone it is not truly open source.

VII.

Being able to use a mobile device such as Smartphone /tablets without being tracked or having your emails intercepted is becoming more and more difficult.

VIII.

C

The present paper covers different aspects of intrusions possible on a smart phone. The study is important in the global environment to find out strategic trend of intrusions algorithms in software industry. We focus on key area of both the advantages/disadvantages of remotely controlling access to smart phone. In order to establish corporate policy for security, businesses should understand the range of vulnerabilities that a Smartphone is open to. By their very nature, they are more prone to information theft, password compromises, hacks and theft in general. The policy should take into account ways to minimize how unsecured information is transmitted and how to handle the Smartphone. A policy of only secure information transmission should be the highest goal of the company.

REFERENCES

[1] Mark Murphy,‖ Beginning Android 3‖, Apress; 1st edition, ISBN13: 978-1-4302-3297-1, 612 Pages, User Level: Beginner to Intermediate Publication Date: July 4, 2011

[2] http://www.guardian.co.uk/technology/2011/oct/31/ half-uk-population-owns-smartphon

[3] Shabtai, A., Fledel, Y., Kanonov, U. ,Elovici, Y.,Dolev, S.,Glezer, ―Google Android: A Comprehensive security Assessment‖, Security & Privacy, IEEEVolume: 8 Issue 2 Date: March-April 2010

[4]http://www.brighthub.com/mobile/emerging-platforms/articles/119614.aspx

[5] Christian Cawley and Simon Hill, ―Is Your Smartphone Safe from Government Security Agencies?‖, Related Guides: Android, Blackberry & Rim, Updated Jun 22, 2011

[6] Kevin McLaughlin (December 17, 2009). "BlackBerry Users Call For RIM To Rethink Service". CRN.com.. Retrieved 2011-12-15

[7] Segan, Sascha ,"Kyocera Launches First Smartphone In Years | News & Opinion". PCmag. Retrieved 2011

[8] M. Rohs,, "Real-World Interaction with Camera Phones," Proc. 2nd Int"l Symp. Ubiquitous Computing Systems (UCS 04), LNCS 3598, Springer-Verlag, 2005

[9] Stephen H. Wildstrom. "Handspring's Breakthrough Hybrid", Businessweek.com.. Retrieved November 30, 2011

[10] Kevin McLaughlin, "BlackBerry Users Call For RIM To RethinkService".CRN.com. Retrieved 2011-12-15., December 17, 2009

http://www.crn.com/news/client-devices/222002587/blackberry- users-call-for-rim-to-rethink-service.htm.

[11] ‗Nokia, Microsoft in pact to rival Apple, Google Technology & Science". Associated Press. 2011-02-11.

http://www.cbc.ca/news/technology/story/2011/02/11/nokia- microsoft-smart-phone-apple-google.html.

[12]"Apple Launches iPhone 4S, iOS5 & iCloud". AppleInc, October 04, 2011

[13]http://www.apple.com/pr/library/2011/10/04Apple-Launches-iPhone-4S-iOS-5-iCloud.html.Retrieved 2011-12

[14] Tianzhou Chen, Qingsong Shi, Xueqing Lou, "Smartphone

Software Development Course Design Based on Android", Computer

and Information Technology (CIT), 2010 IEEE 10th International

Conference on, On page(s): 2180 - 2184, Volume: Issue: , June 29 2010-July 1 2010

[15] Sharp, Alastair. Retrieved 18 October 2011.

http://www.reuters.com/article/2011/10/18/us-rim-dUSTRE79H4SR20111018"Reuters

[16] Molen, Brad. "Research in Motion announces BBX 'combines the best of BlackBerry and QNX'", Engadget Retrieved 18 October, 2011

[17] M. Silfverberg, I.S. MacKenzie, and T. Kauppinen,, "An Isometric Joystick as a Pointing Device for Handheld Information Terminals," Proc. Graphics Interface, 2001, pp. 119

[18]Hardy, R., Rukzio, E.,Wagner, M.,Paolucci, M., "Exploring Expressive NFC-Based Mobile Phone Interaction with Large Dynamic Displays", Near Field Communication, 2009. NFC'09. First International Workshop on, On page(s): 36 – 41, Volume: Issue: 24-24 Feb. 2009

[19]http://www.arubanetworks.com/pdf/technology/whitepapers/wp_CSS. pdf

[20]http://www.brighthub.com/computing/enterprise-security/articles/114133.aspx

[21] Thomas F.La.Porta, Introduction to the IEEE Transactions on Mobile Computing‖,IEEE Transaction on Mobile Computing,Vol.1 No.1, Jan-March 2002

[22]Das, S.R.; Chita, S.; Peterson, N.; Shirazi, B.A.; Bhadkamkar, M.; ―Home automation and security for mobile devices‖, Massachusetts Inst. of Technol., Cambridge, MA, USA, Pervasive computing & communication workshop, 2011 IEEE conference, Date: 21-25 March 2011

International Journal of Emerging Technology and Advanced Engineering

241

[24] W. Frank Ableson, Robi Sen, Chris King and C. Enrique Ortiz,

”Android in Action‖, Manning Publications; 3rd edition, November, 2011

[25] Gould, Stephen Jay (1987) "The Panda's Thumb of Technology." Natural History 96 (1): 14-23; Reprinted in Bully for Brontosaurus. New York: W.W. Norton. 1992, pp. 59-75

[26] David Wolber, Hal Abelson, Ellen Spertus and Liz Looney,‖App Inventor: Create Your Own Android Apps O‘Reilly Media‖; 1st edition, 2010

[27] Charlie Collins, and Matthias Kaeppler,‖Android in Practice ―, Manning Publications; 1st edition, 2009

[28] http://arstechnica.com/old/content/2008/01/where-gps-wont-do-wifi-triangulation-might.ars

[29] Ian F. Darwin, ―Android Development, Applications and Resources ―,Brian Jepson, Senior Editor for O'Reilly Media , Building Android Apps with HTML, CSS, and JavaScript, 2nd Edition Android Open Conference 2011

[30] R. Raskar et al., "RFIG Lamps: Interacting with a Self-Describing

World via Photosensing Wireless Tags and Projectors," Trans. Graphics, vol. 23, no. 3, 2004

[31http://www.brighthub.com/mobile/emerging-platforms/articles/88187.aspx