Security Threats and Analysis of SecurityChallenges in Smartphones
Yong Wang, Kevin Streff and Sonell RamanDakota State University
—A smartphone carries a substantial amount of sen-sitive data and thus is very attractive to hackers, making it aneasy target. For these reasons, ensuring smartphone security isextremely important. While there are many similarities betweensmartphone security and regular security, distinct differencesexist between these two. The unique characteristics of smart-phones make securing them very challenging. In this paper, wesummarize smartphone threats and attacks, reveal the uniquecharacteristics of smartphones, evaluate their impact on smart-phone security, and explore the countermeasures to overcomethese challenges. Many enterprises have started to look intosecurity issues in smartphones. However, these solutions mustcorrespond with the unique characteristics in smartphones. Newbusiness models are highly desired to solve security issues insmartphones.
—Smartphone, security, threats, attacks.
MARTPHONES overtook PCs in the global market in Q42010 . They surpassed feature phones in shipments inWestern Europe in Q2 2011 . According to Nielsen’s surveyin May 2011, smartphone purchases outsold feature phonesin the U.S. in the same time frame as Western Europe .Compared to 5.9 billion worldwide mobile phone subscribers,smartphone usage (835 million) still has signiﬁcant upside .IDC predicts smartphone shipments will approach one billionin 2015 .Many functions have been integrated into smartphonesfar surpassing the original functions of a traditional phone.Compared to feature phones, a smartphone usually includesthe following elements:
Pre-installed with a modern mobile operating system
,such as iOS, Android, or Windows Mobile.
Support a carrier’s networks (2G/3G/4G), WiFi connec-tivity, and Bluetooth
. These networks work independentlyand serve different purposes for voice and data services.
Access the Internet
. A smartphone provides Internet ac-cessibility through either a carrier’s network or a localWiFi hotspot.
Capable of running third party applications
. These ap-plications can be downloaded from application storesthrough the Internet.
Support MMS messages
. A smartphone supports Multi-media Message Service (MMS). A smartphone user caninteract with another mobile phone subscriber throughthese messaging systems.
Embedded sensors inside smartphones
. Smartphone sen-sors usually include GPS, gyroscopic sensors, and ac-celerometer sensors.
Equipped with camera(s) and microphone
. A smartphoneis often equipped with a high-resolution camera, a micro-phone, and a speaker.Among all the characteristics, Internet accessibility is themost important feature of smartphones. Internet accessibilityis usually provided through a carrier network via a data plan.Feature phones usually do not have data plans or have limitedInternet access.As smartphones become more popular for personal andbusiness use, it raises many security concerns , , ,. The central data management of a smartphone is veryattractive to hackers and it makes smartphones easy targets.Viruses emerged in smartphones as early as 2004. Since then,many incidents have been reported of spam, viruses, spyware,and other malicious software. As smartphones continue theirrapid growth in the next few years, it is critical to assuresmartphone subscribers that these services are reliable, secureand can be trusted.However, due to unique characteristics of smartphones,security is very challenging. In this paper, we summarizesmartphone threats and attacks, reveal the unique character-istics of smartphones, evaluate their impacts on smartphonesecurity, and explore the countermeasures to overcome thesechallenges. Practical ways to secure smartphones are alsodiscussed in the paper. To the best of our knowledge, thisis the ﬁrst paper focusing on the uniqueness of smartphonesand their impacts on smartphone security.II. S
Mobile phone virus emerged as early as 2004. Since then,signiﬁcant amounts of malware have been reported in smart-phones. In the last seven months of 2011, malware targetingthe Android platform rose 3,325 percent .
A. Smartphone Threat Model
Figure 1 shows a threat model in a smartphone. The modelconsists of four parts, a malicious user, malware, a smartphone,and premium accounts/malicious websites.1) A
publishes malware through applicationstores or websites.2)
carries threats and attacks while it waits to bedownloaded to a smartphone.3) A
is the target of malware. It carries largeamounts of sensitive data which is very attractive tomalicious users.
Digital Object Indentifier 10.1109/MC.2012.288 0018-9162/$26.00 2012 IEEEThis article has been accepted for publication in Computer but has not yet been fully edited.Some content may change prior to final publication.