Sunday 26 October 2014

Mobile Computing

     Mobile computing is any type of computing which uses Internet or intranet and respective communications links, as WAN, LAN, WLAN etc.



There are three different types of classes for mobile computing :

1. Portable Computers
  • Its compacted light weight units which includes a set of keyboard and software's. 
  • Examples are notebooks,notepads and laptops.

 2. Mobile Phones
  • Including a restricted key set primarily intended but not restricted  for vocal communications, as cell phone and smartphones.

 3. Wearable Computers
  • Mostly limited to functional keys and primarily intended as incorporation of  software agents, as watches,and wristband.

     Mobile computing involves mobile hardware, and mobile software. Communication issues include infrastructure networks as well as communication properties, protocols, data formats and concrete technologies. Hardware includes mobile devices or device components. Mobile software deals with the characteristics and requirements of mobile applications.



Sunday 19 October 2014

Mobile Security     

     Mobile security or mobile phone security has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal and business information now stored on smartphones.

     More and more users and businesses employ smartphones as communication tools, but also as a means of planning and organizing their work and private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company. According to ABI Research, the Mobile Security Services market will total around $1.88 billion by the end of 2013.

     All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication like Short Message Service (SMS), Multimedia Messaging Service (MMS), Wi-Fi networksBluetooth and GSM, the de facto global standard for mobile communications. There are also attacks that exploit software vulnerabilities from both the web browser and operating system. Finally, there are forms of malicious software that rely on the weak knowledge of average users.

    Different security counter-measures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps.

Challenges Of Mobile Security



Threats

     A smartphone user is exposed to various threats when they use their phone. Just in the last two quarters closing 2012 the number of unique mobile threats grew by 261%, according to ABI Research. These threats can disrupt the operation of the smartphone, and transmit or modify the user data. For these reasons, the applications deployed there must guarantee privacy and integrity of the information they handle. In addition, since some apps could themselves be malware, their functionality and activities should be limited (for example, restricting the apps from accessing location information via GPS, blocking access to the user's address book, preventing the transmission of data on the network, sending SMS messages that are billed to the user, etc.)

There are three prime targets for attackers :  



The source of these attacks are the same actors found in the non-mobile computing space :

  • Data : Smartphones are devices for data management, therefore they may contain sensitive data like credit card numbers, authentication information, private information, activity logs (calendar, call logs);
  • Identity : Smartphones are highly customizable, so the device or its contents are associated with a specific person. For example, every mobile device can transmit information related to the owner of the mobile phone contract, and an attacker may want to steal the identity of the owner of a smartphone to commit other offenses;
  • Availability : By attacking a smartphone one can limit access to it and deprive the owner of the service.


The source of these attacks are the same actors found in the non-mobile computing space :

  • Professionals, whether commercial or military, who focus on the three targets mentioned above. They steal sensitive data from the general public, as well as undertake industrial espionage. They will also use the identity of those attacked to achieve other attacks;
  • Thieves who want to gain income through data or identities they have stolen. The thieves will attack many people to increase their potential income;
  • Black hat hackers who specifically attack availability. Their goal is to develop viruses, and cause damage to the device. In some cases, hackers have an interest in stealing data on devices.
  • Grey hat hackers who reveal vulnerabilities. Their goal is to expose vulnerabilities of the device. Grey hat hackers do not intend on damaging the device or stealing data.


Consequences

When a smartphone is infected by an attacker, the attacker can attempt several things :



  • The attacker can manipulate the smartphone as a zombie machine, that is to say, a machine with which the attacker can communicate and send commands which will be used to send unsolicited messages (spam) via sms or email.
  • The attacker can easily force the smartphone to make phone calls. For example, one can use the API (library that contains the basic functions not present in the smartphone) PhoneMakeCall by Microsoft, which collects telephone numbers from any source such as yellow pages, and then call them. But the attacker can also use this method to call paid services, resulting in a charge to the owner of the smartphone. It is also very dangerous because the smartphone could call emergency services and thus disrupt those services.
  • A compromised smartphone can record conversations between the user and others and send them to a third party. This can cause user privacy and industrial security problems;
  • An attacker can also steal a user's identity, usurp their identity (with a copy of the user's sim card or even the telephone itself), and thus impersonate the owner. This raises security concerns in countries where smartphones can be used to place orders, view bank accounts or are used as an identity card.
  • The attacker can reduce the utility of the smartphone, by discharging the battery. For example, they can launch an application that will run continuously on the smartphone processor, requiring a lot of energy and draining the battery. One factor that distinguishes mobile computing from traditional desktop PCs is their limited performance. Frank Stajano and Ross Anderson first described this form of attack, calling it an attack of "battery exhaustion" or "sleep deprivation torture”.
  • The attacker can prevent the operation and/or starting of the smartphone by making it unusable. This attack can either delete the boot scripts, resulting in a phone without a functioning OS, or modify certain files to make it unusable (e.g. a script that launches at startup that forces the smartphone to restart) or even embed a startup application that would empty the battery.
  • The attacker can remove the personal (photos, music, videos, etc.) or professional data (contacts, calendars, notes) of the user.