Recent Post

October 8, 2012

Exploits in Smart Phones

The Flip Side
Although, Smart-phones are very popular because of its feature and flexibility but on the other side, these feature and flexibility opens the new doors of cybercrime and security threats. With all the advance features of smart phones, this device is the pack that is the catalyst to cyber crime and internet security threats, according to the professionals:
 “In general, a moderate Smartphone today is running an operating system that is roughly on par with Windows 95, it has memory protection mechanisms that are roughly at the same level of Windows 95 and runs a comparable software stack. The challenge is that we’re dealing in a world with threats that are a little more advanced than that.” (Jun, 2010)
 “We go to all the hacker conferences and monitor the literature very carefully, and there’s no question that every hacker on the planet right now has his or her sights set on mobile infrastructure, mobile devices, mobility services,” “Now as we go to operating systems that allow, for example, multitasking, we have to be ever more vigilant to ensure that malware doesn’t get implanted on the device,” (Amoroso, 2010)
Basically the threat itself has the multidimensional characteristics from physical security to logical data access, warms, viruses and scams that target e-mail to Trojans horses and other suspicious programs that can be hidden in downloadable applications.
“As device operating systems become more powerful and more feature rich, the good news is that allows more attractive applications to be written,…..It makes it easier for developers to do the kinds of things that we all want our devices to do. The obligation for the computer security engineer, though, is to recognize that exploitable codes malware also potentially would try to take advantage of these more powerful services. So we have to be that much more vigilant.” (Amoroso, 2010)
 “There’s also the threat of intercepted voice and data. A few hundred dollars is all it takes to acquire the equipment necessary to passively extract keys used within certain cell phones.  It basically says that if you monitor a device while it is operating, the amount of power it uses is tightly correlated to what the device is doing…If you monitor a phone while someone is using it, and they’re not doing anything special maybe they’re simply making a phone call or accessing their private data the phone will begin the process of doing various encryption operations… And by simply measuring the device’s power consumption, DPA can extract the secret keys that are used in those encryption operations….These devices regularly tell the mother ship where they’re located and a couple of other pieces of information about the phone itself….This is very useful because in a commercial phone network, you have to know where to route messages. In a more sensitive deployment, even when encrypted communications are used, conventional Smartphone send pings of where they are located and what cell they are closest to. That may not be so good in an active deployment situation…... Of course, the most basic threat to Smartphone security is losing the device itself. With the device in-hand, it is simple to access contact lists, call logs and any information stored on the phone’s internal memory.” (Jun, 2010)
However, the Smartphone’s threats are being multiplied with the technology advancements, "The combination of 3G or 4G connectivity services and network-connected Smartphone creates a preferred target for attackers to misuse the phones' software," (Meyran, 2010).
The rapidly changing world of Information technology opened the door of flexibility and ease but simultaneously, on the other hand, it also raised and is raising the rate of cyber crimes and threats. Every coming day new dimensions with unique challenges are being emerged that requires strict and urgent attention.
Like that, using cutting edge gadget and gizmos are fun but using it with security and safety is another challenge. In that connection, the necessary precautionary and safety measure is being taken and established continuously both by vendors and by third parties but it is the user’s responsibility to be updated properly and continuously to be able to do secure transaction and communications.


Post a Comment