Embed Doc
Copy Link
Readcast
Collections

CommentGo Back

Download

www.smobilesystems.com • 4320 E. 5th Avenue · Columbus, OH 43219 · tel: +1.866.323.0480 · fax: +1.614.251.4083

Page 1

SMobile Global Threat Center

Study of MITM Attacks Against Smartphone Devices

Mayank

Aggarwal,

GTC

Research

Engineer

Troy

Vennon,

GTC

Research

Engineer

Oct

22,

2009

www.smobilesystems.com • 4320 E. 5th Avenue · Columbus, OH 43219 · tel: +1.866.323.0480 · fax: +1.614.251.4083

Page 2

TABLE

OF

CONTENTS

ABSTRACT ............................................................................................................................................................................ 3INTRODUCTION ................................................................................................................................................................. 4Man in the Middle Attack (MITM) ......................................................................................................................... 4TOOLS ..................................................................................................................................................................................... 5MITM ATTACK IMPLEMENTATION......................................................................................................................... 5RESULTS ................................................................................................................................................................................ 7Nokia N95. ....................................................................................................................................................................... 7Windows HTC tilt ......................................................................................................................................................... 9Android G1 .................................................................................................................................................................... 11Apple iPhone 3G S ...................................................................................................................................................... 12CONCLUSION ..................................................................................................................................................................... 13REFERENCES ..................................................................................................................................................................... 14

www.smobilesystems.com • 4320 E. 5th Avenue · Columbus, OH 43219 · tel: +1.866.323.0480 · fax: +1.614.251.4083

Page 3

ABSTRACT

According to a survey conducted by a mobile advertising researcher, AdMob, smartphone usersare driving up the use of Wi‐Fi hotspots. The result of the survey indicates that there were 550million smartphone Wi‐Fi requests in Western Europe alone in 2008, a 132% increase for theyear. AdMob said that 42% of the requests from iPhones originated from Wi‐Fi hotspots [1]. Inthe United States, AT&T reported a 41% increase for the year in iPhone connections, alone, at wireless hotspots [2]. In a new report, the market research firm Yankee group [3] has forecast that the number of smartphone users will quadruple to 160 million by the year 2013. In anotherreport released by ABI Research, Wi‐Fi smartphone sales will double by 2011 [4]. ABI Researchalso found that 74% of people who have Wi‐Fi enabled smartphone’s use the technology and77% say they want a Wi‐Fi enabled handset when they make their next purchase [5].To summarize, we can foresee a huge growth in Wi‐Fi enabled smartphone’s in the future. Theimportant question to ask is whether the general public understands the security risksassociated with using a smartphone device in an unencrypted wireless hotspot. As an end user,can they be certain that there is no security threat to their privacy and data when conductingpersonal or corporate business from their smartphone, over a wireless network? In a publishedarticle, Dan Hoffman describes how a computer can passively listen on a wireless network anduse the information to perform a man‐in‐the‐middle (MITM) attack to gain access to personal orfinancial information. [6]. It is widely known that MITM attacks are a viable attack vector whenconsidering necessary precautions related to operating PC's in a wireless network environment.The remaining question is whether the same types of precautions can be considered whenutilizing smartphone devices to perform similar tasks from the palm of your hand.

of 00

Leave a Comment

Study of MITM Attacks Against Smartphone Devices

detailed report on research indicating that smartphone users are just as susceptible to man-in-the-middle (MITM) attacks as PC users. This report details the results of attempts... (More)

Download or Print

1,212 Reads

Info and Rating

Category:	Research > Internet & Technology
Rating:
Upload Date:	11/19/2009
Copyright:	Attribution Non-commercial
Tags:	hacking security MOBILE iphone encryption SSL android htc N95 hacking security MOBILE iphone encryption SSL android htc N95 (fewer)

Flag document for inapproriate content

Uploaded by

Download

Embed Doc
Copy Link
Add To Collection
Comments
Readcast
Share

×

Share on Scribd:

Readcast

TIP Press Ctrl-F⌘F to quickly search anywhere in the document.

Searching...

Result 00 of 00

00 results for result for

p.

More from This User

Related Documents

More From This User

Facebook’s Response to Questions from the Data Inspectorate of Norw...

"Facebook Inc. takes data published on its users’ pages to target advertising...

[Dutch] DEFINITIEVE BEVINDINGEN: Onderzoek CBP naar de verzameling ...

The Dutch Data protection authority, like author DPA's in the European Union,...

Geotags and Location-based networking

Presentation by "Online and Social Media Division" of US army, warning milita...

[Dutch] 'Databases – Over ICT-beloftes, informatiehonger en digital...

Rapport van Rathenau over grootschalige databases en impact op samenleving. ...

[Dutch] Sociale Netwerken en Privacy PI 2009 5

[Dutch] Artikel van Koen Versmissen (idwise.nl) dat een overzicht geeft van p...

An Analysis of Private Browsing Modes in Modern Browsers

Paper by : Gaurav Aggarwal Elie Burzstein Collin Jackson Dan Boneh Source: h...

[Dutch] Raamwerk beveiliging webapplicaties, Govcert

Whitepaper published by Dutch Governmental digital security watchdog Govcert....

Opt-in Dystopias

By 2 Google lobbyists, arguing for a nuanced approach to opt-in versus opt-ou...

Enisa Briefing: Behavioural BioMetrics

Introduction to the possibilities offered by behavioural biometrics, as well ...

Hearing on The Collection and Use of Location Information for Comme...

Testimonial + paper on privacy aspects of Location-based services before comm...

[Dutch] Scrapen : het verzamelen van on-line publiekelijk beschikba...

[Dutch] Artikel door Ywein Van den Brande, o.a. verschenen in “Auteurs & Medi...

State of the eUnion: Government 2.0 and Onwards

E-book, freely available as pdf, published under CC license. Edited by John ...

Internet usage in 2009 in the European Union (statistics)

Internet usage in 2009 - Households and Individuals - Issue number 46/2009 ...

Algorithmic Tools for Data-Oriented Law Enforcement (phd Thesis by ...

[Dutch] "Het onderzoek van de Leidse informaticus Tim Cocx legt niet alleen o...

Enisa Cloud Computing Risk Assessment

"ENISA, supported by a group of subject matter expert comprising representati...

Study of MITM Attacks Against Smartphone Devices

detailed report on research indicating that smartphone users are just as susc...

Tailored Advertising (survey published sep 2009)

Survey from professors at the University of Pennsylvania and the University o...

Ambtenaar 2.0 artikel in personeelsblad CBP, september 2009

"Een jaar of 4 geleden bedacht de Amerikaanse uitgever en congresorganisator ...

[Dutch] Roadmap voor Vertrouwen in de Informatiesamenleving

"belangrijkste voorwaarden voor een gerechtvaardigd vertrouwen in ICT-toepass...

[Dutch] Wieowie Enquete Rapport

Verwerking van antwoorden van 3000 mensen in online enquête. Gaat vooral ove...

[Dutch] Krabbels en Respect Plz

Resultaat van onderzoek onder 1051 kinderen en tieners door Stichting Mijn K...

Open Trust Frameworks for Open Gov 2009-08-10

White paper from the OpenID Foundation and the Information Card Foundation, o...

[Dutch] Alles onder controle?

Afstudeerscriptie van Axel Arnbak aan de Universiteit van Amsterdam over de i...

Flash Cookies and privacy

"pilot study of the use of “Flash cookies” by popular websites. We find that...

Opinion on Online Social Networking by Working Party 29

WP29 is the collaboration of EU Data Protection Authorities. Source: http://...

Related Docuements

Tutorial on Metasploit

Metasploit technique

check dis out.. !!!

From Puspala Manojkumar

web spoofing

From Subhash Annapragada

From Vinaykumar Singh

Developing Applications for Windows Mobile-FAQ

From api_11797_poison947

A Smart Phone Application to Remotely a PC Over the Internet

From api_user_11797_Suman

From marketingdeals

SMT 5600 Manual

manual for the SMT5600 phone from Cingular.

From anon-982209

Quick Introduction to DoS and DDoS

From Abid

The Smartphone Market in the US 2010-2015 EXTRACT

Document at a glance: Type – US market and behavioral assessment, with fore...

From Coda Research Consultancy

Worldwide Smartphone Sales Forecast to 2015 EXTRACT

Document at a glance: Type – Market forecast report, covering 2010 to 2015 ...

From Coda Research Consultancy