eBook - ePub
Mobile Security and Privacy
Advances, Challenges and Future Research Directions
Man Ho Au, Raymond Choo
This is a test
Share book
- 274 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Mobile Security and Privacy
Advances, Challenges and Future Research Directions
Man Ho Au, Raymond Choo
Book details
Book preview
Table of contents
Citations
About This Book
Mobile Security and Privacy: Advances, Challenges and Future Research Directions provides the first truly holistic view of leading edge mobile security research from Dr. Man Ho Au and Dr. Raymond Chooāleading researchers in mobile security. Mobile devices and apps have become part of everyday life in both developed and developing countries. As with most evolving technologies, mobile devices and mobile apps can be used for criminal exploitation. Along with the increased use of mobile devices and apps to access and store sensitive, personally identifiable information (PII) has come an increasing need for the community to have a better understanding of the associated security and privacy risks.
Drawing upon the expertise of world-renowned researchers and experts, this volume comprehensively discusses a range of mobile security and privacy topics from research, applied, and international perspectives, while aligning technical security implementations with the most recent developments in government, legal, and international environments. The book does not focus on vendor-specific solutions, instead providing a complete presentation of forward-looking research in all areas of mobile security.
The book will enable practitioners to learn about upcoming trends, scientists to share new directions in research, and government and industry decision-makers to prepare for major strategic decisions regarding implementation of mobile technology security and privacy. In addition to the state-of-the-art research advances, this book also discusses prospective future research topics and open challenges.
- Presents the most current and leading edge research on mobile security and privacy, featuring a panel of top experts in the field
- Provides a strategic and international overview of the security issues surrounding mobile technologies
- Covers key technical topics and provides readers with a complete understanding of the most current research findings along with future research directions and challenges
- Enables practitioners to learn about upcoming trends, scientists to share new directions in research, and government and industry decision-makers to prepare for major strategic decisions regarding the implementation of mobile technology security and privacy initiatives
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Mobile Security and Privacy an online PDF/ePUB?
Yes, you can access Mobile Security and Privacy by Man Ho Au, Raymond Choo in PDF and/or ePUB format, as well as other popular books in Informatik & Systemarchitektur. We have over one million books available in our catalogue for you to explore.
Information
Topic
InformatikSubtopic
SystemarchitekturChapter 1
Mobile Security and Privacy
M.H. Au*; K.-K.R. Chooā ,ā” * The Hong Kong Polytechnic University, Kowloon, Hong Kong
ā University of Texas at San Antonio, San Antonio, TX, United States
ā” University of South Australia, Adelaide, SA, Australia
ā University of Texas at San Antonio, San Antonio, TX, United States
ā” University of South Australia, Adelaide, SA, Australia
Abstract
The number of Internet-connected mobile devices reportedly surpassed the human population in Oct. 2014, proving that such devices are an indispensable part of our daily lives. One might also argue that in the world of business, every business is potentially a āmobileā business. This is not surprising, as the increasing capabilities of mobile devices have paved the way for many new and exciting applications (e.g., mobile commerce and payment). However, due to their popularity and the amount of data that they can store and make accessible, these devices are increasingly being targeted by cybercriminals.
This chapter presents background information on the capabilities of mobile devices, the role of mobile devices within an enterprise, mobile operating systems, and finally, mobile security and privacy threats.
Keywords
Mobile device capabilities; Mobile operating systems; Mobile security and privacy; Mobile threats
1 Introduction
Security and privacy are highly dynamic and fast-paced research areas due to rapid technological advancements. Mobile security and privacy are no exception. For example, 10 or 15 years ago, research in mobile security was mainly concerned about securing the Global System for Mobile Communications (GSM) network and communications (JĆøsang and Sanderud, 2003). Since mobile phones become user programmable (i.e., the device supports third-party software), the scope for security and privacy research extends to studying the security of such third-party software and associated privacy risks (La Polla et al., 2013) (e.g., whether third-party software will result in the leakage of user data).
It is also in the user's interest to ensure both confidentiality and integrity of the data that is stored on and made accessible via these devices. This is the focus of this book.
Specifically, in this book, we will be presenting the state-of-the-art advances in mobile device security and privacy. Such devices (e.g., Android, iOS, BlackBerry, and Windows devices) are, in fact, āminicomputers,ā with processing, communication, and storage capabilities. In addition, these devices often include additional sensing capabilities from the built-in camera, GPS, barometer, accelerometer, and gyro sensors. It should be noted that the modern-day mobile devices are generally more powerful than the IBM Deep Blue supercomputer of 1997 (Nick, 2014).
According to research detailed in the report entitled āState of Mobile Commerce,ā 34% of electronic commerce transactions are conducted over mobile devices globally (Wolf, 2015). In some parts of the world, such as technologically advanced countries like Japan and South Korea, more than half of e-commerce transactions are conducted over mobile devices (Wolf, 2015).
A prominent example of the shift in conventional business processes to mobile is mobile payments. This is evidenced by the significant worldwide trend of using platforms such as Apple Pay, Google Wallet, Samsung Pay, and WeChat Pay. According to Statista (2016), the annual transaction volume for mobile payments is reportedly $450 billion in 2015 and is forecasted to double in 3 years.
Another emerging mobile application is mobile health, which is the practice of integrating mobile technologies in supporting medical and health care services (Istepanian et al., 2006; Kay et al., 2011). With the anticipated benefits of increased access to point-of-care tools amongst others, mobile devices are becoming commonplace in medical and health care settings. It has also been suggested that mobile health supports better clinical decision making and improved patient outcomes (Divall et al., 2013).
Finally, we would also like to highlight the risks associated with the use of mobile devices in the workplace, a practice known as bring your own device or BYOD.
2 Threats to Mobile Security
Mobile threats can be broadly categorized into application-, web-, network-, and physical-level threats, as discussed in the following section.
2.1 Application-Level Threats
Application-level threats appear to be the most widely discussed threats in the literature (Faruki et al., 2015). As mobile devices can execute downloadable applications (apps), it is clear that apps can be a target vector to breach the security of the device and the system it connects to (e.g., a corporate network). The threats can be due to malicious applications (malware), particularly those downloaded from a third-party app store, as well as vulnerable apps.
Malware can, for instance, inject code into the mobile device in order to send unsolicited messages; allow an adversary the ability to remotely control the device; or exfiltrate user data, such as contact lists, email, and photos, without the user's knowledge or permission. For example, in a recent work, mobile security researchers demonstrated that it is possible to exfiltrate data from Android devices using inaudible sound waves (Do et al., 2015). As D'Orazio and Choo (2015, 2016) aptly explained, in the rush to reduce the time-to-market, applications are usually designed with functionality rather than security in mind. Hence it is not surprising that there are a large number of applications that contain security loopholes that can be exploited by an attacker. In another recent work, Chen et al. (2016) discussed how a botnet master issues commands, via multiple message push services, to remotely control mobile devices infected by malware. While vulnerable apps may not be developed with a malicious intent, they can result in significant security and privacy risks to the users. For example, D'Orazio and Choo (2015) revealed previous vulnerabilities in a widely used Australian government health care app that consequently exposed the users' sensitive personal data stored on the device. Other examples include the work of Zhao et al. (2016) and Farnden et al. (2015). Zhao et al. (2016) demonstrated how the geographic coordinates of a location-based social network app user can be obtained via probing attack, which resulted in location privacy leakage. Farnden et al. (2015) demonstrated that using forensic techniques, a wide range of data can be recovered from the devices of nine popular proximity-based dating app users, including the details of users who had been discovered nearby.
2.2 Web-Level Threats
While these threats are not specific to mobile devices (see Prokhorenko et al., 2013, 2016a,b for a review of web applications vulnerability and protection techniques), the security and privacy risks to mobile devices due to web-level threats are real. One key web-level threat is phishing, which uses email or other social media apps to send an unwitting user links to a phishing website designed to trick users into providing sensitive information such as user credentials. When combined with social engineering, phishing is one of the top seven security threats identified by Kaspersky Lab for the 2015ā16.
2.3 Network Level Threats
One of the distinct features of mobile devices is the ability to connect. Typical connection supported by currently mobile devices include cellular/mobile networks, local wireless networks, and near field-communication (NFC). Security of the connection at the network level is another active research area at the time of this writing.
2.4 Physical-Level Threats
Finally, physical security of mobile devices is equally important, if not more so. Since mobile devices are typically small and portable, these devices can be easily stolen or misplaced. A lost or stolen device could be used to gain access to user data stored on the device or as an entry point into the user's corporate network (Imgraben et al., 2014; Choo et al., 2015).
3 Organization of the Book
The rest of this book is organized as follows.
The use cases of mobile devices within ...