Mobile phone security

Mobile device security is something that affects nearly every person in the
world. Users are still however, crying out for good information on what they should
do to prevent theft, protect their smartphone from attack and for advice that they can
use practically to help themselves. This short book sets out to address that.
Originally written as a whitepaper for the Police in the Uk, it gives some of the history
of mobile security and explains the efforts that have gone on behind the scenes in
the mobile industry to help secure users. It also provides guidance for users to help
protect themselves. The technology in mobile phones is constantly evolving and new
threats and attacks emerge on a daily basis. Educating users is one of the most
important and valuable things that can be done to help prevent harm. The author
brings his extensive experience of the mobile industry and security development for
devices to this book in order to help make users safer and more secure.

Security threats and treads of Smartphone

Smartphone are increasingly becoming a target of security threats [SmarThread].

First, the number of attacker performing browser attack is increasing recent year,
whose targets are many different kinds of smartphone's applications [MIB]. There is
one kind of Trojan that can infect users' web searching engine and modify web
pages or transactions. Some approaches can be used to protect users from this kind
of attack, such as transaction validation, site to client authentication, security code
evolution and etc. The providers of smartphone's applications should take more
responsibility to protect their users from these attacks.

Second, when social network application becomes more and more popular, the
importance of security and trust attracts more attention. Security refers to the issue
that whether users' private information can be well protected from other illegal
accessing. Trust refers to the issue that whether people in the social network provide
their real information. To address these issues, a lot of methods, such as strong
authentication, account control and protecting application layer attacks, should be
added into this kind of applications.
Third, data in form of files are more vulnerable than database records, since files are
independent from each other in most of times and hard to be tracked. To perform a
high level of accessing control, data safety should be paid more attention.

Fourth, the number of mobile malwares attacking the platform of the device or
applications is growing very fast in recent years. Therefore, more sophisticated
encryption methods, such as anti-virus software and authentication method should
be used. Moreover, application developer should work together to develop more
reliable applications.

Countermeasures

The security mechanisms in place to counter the threats described above are
presented in this section. They are divided into different categories, as all do not act
at the same level, and they range from the management of security by the operating
system to the behavioral education of the user. The threats prevented by the various
measures are not the same depending on the case. Considering the two cases
mentioned above, in the first case one would protect the system from corruption by
an application, and in the second case the installation of a suspicious software would
be prevented.

Security software

Above the operating system security, there is a layer of security software. This layer
is composed of individual components to strengthen various vulnerabilities: prevent
malware, intrusions, the identification of a user as a human, and user authentication.
It contains software components that have learned from their experience with
computer security; however, on smartphones, this software must deal with greater
constraints.

Resource monitoring in the smartphone

When an application passes the various security barriers, it can take the actions for
which it was designed. When such actions are triggered, the activity of a malicious
application can be sometimes detected if one monitors the various resources used
on the phone. Depending on the goals of the malware, the consequences of infection
are not always the same; all malicious applications are not intended to harm the
devices on which they are deployed. The following sections describe different ways
to detect suspicious activity.

Network surveillance

Network traffic exchanged by phones can be monitored. One can place safeguards
in network routing points in order to detect abnormal behavior. As the mobile's use of
network protocols is much more constrained than that of a computer, expected
network data streams can be predicted (e.g. the protocol for sending an SMS), which
permits detection of anomalies in mobile networks.

Manufacturer surveillance

In the production and distribution chain for mobile devices, it is the responsibility of
manufacturers to ensure that devices are delivered in a basic configuration without
vulnerabilities. Most users are not experts and many of them are not aware of the
existence of security vulnerabilities, so the device configuration as provided by
manufacturers will be retained by many users. Below are listed several points which
manufacturers should consider.

Centralized storage of text messages

One form of mobile protection allows companies to control the delivery and storage
of text messages, by hosting the messages on a company server, rather than on the
sender or receiver's phone. When certain conditions are met, such as an expiration
date, the messages are deleted.

Limitations of certain security measures

The security mechanisms mentioned in this article are to a large extent inherited
from knowledge and experience with computer security. The elements composing
the two device types are similar, and there are common measures that can be used,
such as antivirus software and firewalls. However, the implementation of these
solutions is not necessarily possible or at least highly constrained within a mobile
device. The reason for this difference is the technical resources offered by
computers and mobile devices: even though the computing power of smartphones is
becoming faster, they have other limitations than their computing power.