Mobile Security and Privacy
eBook - ePub

Mobile Security and Privacy

Advances, Challenges and Future Research Directions

Man Ho Au,Raymond Choo

  1. 274 páginas
  2. English
  3. ePUB (apto para móviles)
  4. Disponible en iOS y Android
eBook - ePub

Mobile Security and Privacy

Advances, Challenges and Future Research Directions

Man Ho Au,Raymond Choo

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

Mobile Security and Privacy: Advances, Challenges and Future Research Directions provides the first truly holistic view of leading edge mobile security research from Dr. Man Ho Au and Dr. Raymond Choo—leading researchers in mobile security. Mobile devices and apps have become part of everyday life in both developed and developing countries. As with most evolving technologies, mobile devices and mobile apps can be used for criminal exploitation. Along with the increased use of mobile devices and apps to access and store sensitive, personally identifiable information (PII) has come an increasing need for the community to have a better understanding of the associated security and privacy risks.

Drawing upon the expertise of world-renowned researchers and experts, this volume comprehensively discusses a range of mobile security and privacy topics from research, applied, and international perspectives, while aligning technical security implementations with the most recent developments in government, legal, and international environments. The book does not focus on vendor-specific solutions, instead providing a complete presentation of forward-looking research in all areas of mobile security.

The book will enable practitioners to learn about upcoming trends, scientists to share new directions in research, and government and industry decision-makers to prepare for major strategic decisions regarding implementation of mobile technology security and privacy. In addition to the state-of-the-art research advances, this book also discusses prospective future research topics and open challenges.

  • Presents the most current and leading edge research on mobile security and privacy, featuring a panel of top experts in the field
  • Provides a strategic and international overview of the security issues surrounding mobile technologies
  • Covers key technical topics and provides readers with a complete understanding of the most current research findings along with future research directions and challenges
  • Enables practitioners to learn about upcoming trends, scientists to share new directions in research, and government and industry decision-makers to prepare for major strategic decisions regarding the implementation of mobile technology security and privacy initiatives

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Mobile Security and Privacy un PDF/ePUB en línea?
Sí, puedes acceder a Mobile Security and Privacy de Man Ho Au,Raymond Choo en formato PDF o ePUB, así como a otros libros populares de Informatique y Architecture des systèmes. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
Syngress
Año
2016
ISBN
9780128047460
Categoría
Informatique
Categoría
Architecture des systèmes
Chapter 1

Mobile Security and Privacy

M.H. Au*; K.-K.R. Choo, * The Hong Kong Polytechnic University, Kowloon, Hong Kong
University of Texas at San Antonio, San Antonio, TX, United States
University of South Australia, Adelaide, SA, Australia

Abstract

The number of Internet-connected mobile devices reportedly surpassed the human population in Oct. 2014, proving that such devices are an indispensable part of our daily lives. One might also argue that in the world of business, every business is potentially a “mobile” business. This is not surprising, as the increasing capabilities of mobile devices have paved the way for many new and exciting applications (e.g., mobile commerce and payment). However, due to their popularity and the amount of data that they can store and make accessible, these devices are increasingly being targeted by cybercriminals.
This chapter presents background information on the capabilities of mobile devices, the role of mobile devices within an enterprise, mobile operating systems, and finally, mobile security and privacy threats.

Keywords

Mobile device capabilities; Mobile operating systems; Mobile security and privacy; Mobile threats

1 Introduction

Security and privacy are highly dynamic and fast-paced research areas due to rapid technological advancements. Mobile security and privacy are no exception. For example, 10 or 15 years ago, research in mobile security was mainly concerned about securing the Global System for Mobile Communications (GSM) network and communications (Jøsang and Sanderud, 2003). Since mobile phones become user programmable (i.e., the device supports third-party software), the scope for security and privacy research extends to studying the security of such third-party software and associated privacy risks (La Polla et al., 2013) (e.g., whether third-party software will result in the leakage of user data).
It is also in the user's interest to ensure both confidentiality and integrity of the data that is stored on and made accessible via these devices. This is the focus of this book.
Specifically, in this book, we will be presenting the state-of-the-art advances in mobile device security and privacy. Such devices (e.g., Android, iOS, BlackBerry, and Windows devices) are, in fact, “minicomputers,” with processing, communication, and storage capabilities. In addition, these devices often include additional sensing capabilities from the built-in camera, GPS, barometer, accelerometer, and gyro sensors. It should be noted that the modern-day mobile devices are generally more powerful than the IBM Deep Blue supercomputer of 1997 (Nick, 2014).
According to research detailed in the report entitled “State of Mobile Commerce,” 34% of electronic commerce transactions are conducted over mobile devices globally (Wolf, 2015). In some parts of the world, such as technologically advanced countries like Japan and South Korea, more than half of e-commerce transactions are conducted over mobile devices (Wolf, 2015).
A prominent example of the shift in conventional business processes to mobile is mobile payments. This is evidenced by the significant worldwide trend of using platforms such as Apple Pay, Google Wallet, Samsung Pay, and WeChat Pay. According to Statista (2016), the annual transaction volume for mobile payments is reportedly $450 billion in 2015 and is forecasted to double in 3 years.
Another emerging mobile application is mobile health, which is the practice of integrating mobile technologies in supporting medical and health care services (Istepanian et al., 2006; Kay et al., 2011). With the anticipated benefits of increased access to point-of-care tools amongst others, mobile devices are becoming commonplace in medical and health care settings. It has also been suggested that mobile health supports better clinical decision making and improved patient outcomes (Divall et al., 2013).
Finally, we would also like to highlight the risks associated with the use of mobile devices in the workplace, a practice known as bring your own device or BYOD.

2 Threats to Mobile Security

Mobile threats can be broadly categorized into application-, web-, network-, and physical-level threats, as discussed in the following section.

2.1 Application-Level Threats

Application-level threats appear to be the most widely discussed threats in the literature (Faruki et al., 2015). As mobile devices can execute downloadable applications (apps), it is clear that apps can be a target vector to breach the security of the device and the system it connects to (e.g., a corporate network). The threats can be due to malicious applications (malware), particularly those downloaded from a third-party app store, as well as vulnerable apps.
Malware can, for instance, inject code into the mobile device in order to send unsolicited messages; allow an adversary the ability to remotely control the device; or exfiltrate user data, such as contact lists, email, and photos, without the user's knowledge or permission. For example, in a recent work, mobile security researchers demonstrated that it is possible to exfiltrate data from Android devices using inaudible sound waves (Do et al., 2015). As D'Orazio and Choo (2015, 2016) aptly explained, in the rush to reduce the time-to-market, applications are usually designed with functionality rather than security in mind. Hence it is not surprising that there are a large number of applications that contain security loopholes that can be exploited by an attacker. In another recent work, Chen et al. (2016) discussed how a botnet master issues commands, via multiple message push services, to remotely control mobile devices infected by malware. While vulnerable apps may not be developed with a malicious intent, they can result in significant security and privacy risks to the users. For example, D'Orazio and Choo (2015) revealed previous vulnerabilities in a widely used Australian government health care app that consequently exposed the users' sensitive personal data stored on the device. Other examples include the work of Zhao et al. (2016) and Farnden et al. (2015). Zhao et al. (2016) demonstrated how the geographic coordinates of a location-based social network app user can be obtained via probing attack, which resulted in location privacy leakage. Farnden et al. (2015) demonstrated that using forensic techniques, a wide range of data can be recovered from the devices of nine popular proximity-based dating app users, including the details of users who had been discovered nearby.

2.2 Web-Level Threats

While these threats are not specific to mobile devices (see Prokhorenko et al., 2013, 2016a,b for a review of web applications vulnerability and protection techniques), the security and privacy risks to mobile devices due to web-level threats are real. One key web-level threat is phishing, which uses email or other social media apps to send an unwitting user links to a phishing website designed to trick users into providing sensitive information such as user credentials. When combined with social engineering, phishing is one of the top seven security threats identified by Kaspersky Lab for the 2015–16.

2.3 Network Level Threats

One of the distinct features of mobile devices is the ability to connect. Typical connection supported by currently mobile devices include cellular/mobile networks, local wireless networks, and near field-communication (NFC). Security of the connection at the network level is another active research area at the time of this writing.

2.4 Physical-Level Threats

Finally, physical security of mobile devices is equally important, if not more so. Since mobile devices are typically small and portable, these devices can be easily stolen or misplaced. A lost or stolen device could be used to gain access to user data stored on the device or as an entry point into the user's corporate network (Imgraben et al., 2014; Choo et al., 2015).

3 Organization of the Book

The rest of this book is organized as follows.
The use cases of mobile devices within ...

Índice

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Contributors
  6. About the Editors
  7. Chapter 1: Mobile Security and Privacy
  8. Chapter 2: Mobile Security: A Practitioner’s Perspective
  9. Chapter 3: Mobile Security: End Users are the Weakest Link in the System
  10. Chapter 4: How Cyber-Savvy are Older Mobile Device Users?
  11. Chapter 5: The Role of Mobile Devices in Enhancing the Policing System to Improve Efficiency and Effectiveness: A Practitioner’s Perspective
  12. Chapter 6: Supervised Learning Based Detection of Malware on Android
  13. Chapter 7: On Discovering Vulnerabilities in Android Applications
  14. Chapter 8: A Study of the Effectiveness Abs Reliability of Android Free Anti-Mobile Malware Apps
  15. Chapter 9: Timeline Analysis for Digital Evidence on MTK-Based Shanzhai Mobile Phone
  16. Chapter 10: RESTful IoT Authentication Protocols
  17. Chapter 11: An Introduction to Various Privacy Models
  18. Chapter 12: Performance of Digital Signature Schemes on Mobile Devices
  19. Index
Estilos de citas para Mobile Security and Privacy

APA 6 Citation

Ho, M., & Choo, R. (2016). Mobile Security and Privacy ([edition unavailable]). Elsevier Science. Retrieved from https://www.perlego.com/book/1809363/mobile-security-and-privacy-advances-challenges-and-future-research-directions-pdf (Original work published 2016)

Chicago Citation

Ho, Man, and Raymond Choo. (2016) 2016. Mobile Security and Privacy. [Edition unavailable]. Elsevier Science. https://www.perlego.com/book/1809363/mobile-security-and-privacy-advances-challenges-and-future-research-directions-pdf.

Harvard Citation

Ho, M. and Choo, R. (2016) Mobile Security and Privacy. [edition unavailable]. Elsevier Science. Available at: https://www.perlego.com/book/1809363/mobile-security-and-privacy-advances-challenges-and-future-research-directions-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Ho, Man, and Raymond Choo. Mobile Security and Privacy. [edition unavailable]. Elsevier Science, 2016. Web. 15 Oct. 2022.