Mobile security, or mobile device security, is the protection of

smartphones A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...

, tablets, and

laptops A laptop, laptop computer, or notebook computer is a small, portable personal computer (PC) with a screen and alphanumeric keyboard. Laptops typically have a clam shell form factor with the screen mounted on the inside of the upper li ...

from threats associated with wireless computing. It has become increasingly important in

mobile computing Mobile computing is human–computer interaction in which a computer is expected to be transported during normal usage, which allows for the transmission of data, voice, and video. Mobile computing involves mobile communication, mobile hardware ...

. The

security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...

of personal and business information now stored on

is of particular concern. More and more users and businesses use smartphones not only to communicate, but also to plan and organize both their users' work and private life. Within companies, these technologies are causing profound changes in the organization of

information systems An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people ...

and have therefore become the source of new

risk In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environm ...

s. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of ...

of the

user Ancient Egyptian roles * User (ancient Egyptian official), an ancient Egyptian nomarch (governor) of the Eighth Dynasty * Useramen, an ancient Egyptian vizier also called "User" Other uses * User (computing), a person (or software) using an ...

and the

intellectual property Intellectual property (IP) is a category of property that includes intangible creations of the human intellect. There are many types of intellectual property, and some countries recognize more than others. The best-known types are patents, co ...

of the company. All smartphones, as computers, are preferred targets of attacks. This is because these devices have family photos, pictures of pets,

passwords A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

, and more. For attackers, these items are a digital passport to access everything they would need to know about a person. This is why attacks on mobile devices are on the rise. These attacks exploit weaknesses inherent in smartphones that come from the communication mode—like

Short Message Service Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short tex ...

(SMS, aka text messaging),

Multimedia Messaging Service Multimedia Messaging Service (MMS) is a standard way to send messages that include multimedia content to and from a mobile phone over a cellular network. Users and providers may refer to such a message as a PXT, a picture message, or a multimedia ...

(MMS),

WiFi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio wa ...

Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...

and

GSM The Global System for Mobile Communications (GSM) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation ( 2G) digital cellular networks used by mobile devices such ...

, the ''de facto'' global standard for

mobile communications Mobile telephony is the provision of telephone services to phones which may move around freely rather than stay fixed in one location. Telephony is supposed to specifically point to a voice-only service or connection, though sometimes the ...

. There are also

exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...

s that target

software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consist ...

vulnerabilities in the browser or operating system, taking advantages of the weak knowledge of an average user. Security countermeasures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are practices to be observed at all levels, from design to use, through the development of

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

s, software layers, and downloadable apps.

Challenges of smartphone mobile security

Threats

A smartphone user is exposed to various threats when they use their phone. In just the last two-quarters of 2012, the number of unique mobile threats grew by 261%, according to ABI Research. These threats can disrupt the operation of the smartphone, and transmit or modify user data. So

applications Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a c ...

must guarantee

and

integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. In ...

of the information they handle. In addition, since some apps could themselves be

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...

, their functionality and activities should be limited (for example, restricting the apps from accessing location information via GPS, blocking access to the user's address book, preventing the transmission of data on the

network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematic ...

, sending

SMS Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short text ...

messages that are billed to the user, etc.). Since the recent rise of mobile attacks, hackers have increasingly targeted smartphones through credential theft and snooping. The number of attacks targeting smartphones and other devices has risen by 50 percent. According to the study,

mobile banking Mobile banking is a service provided by a bank or other financial institution that allows its customers to conduct financial transactions remotely using a mobile device such as a smartphone or tablet. Unlike the related internet banking it uses ...

applications are responsible for the increase in attacks. Malware is distributed by the attackers so that they can take over the targets' transaction information, their rights to

log in In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system A computer is a machine that can be programmed to carry out sequences of arithmetic o ...

, and their money. Various types of malware are also developed with anti-detection techniques to avoid detection. Triade malware comes pre-installed on some mobile devices. In addition to Haddad, there is Lotoor, which exploits vulnerabilities in the system to repackage legitimate applications. The devices are also vulnerable due to

spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priv ...

and leaky behaviors through applications. Devices connected to public networks are at risk of attacks. Mobile devices are also effective conveyance systems for malware threats, breaches of information, and thefts. Potential attackers were looking for possible weak points once Apple's iPhone and the first Android devices came onto the market. The Department of Homeland Security's

cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...

department claims that the number of vulnerable points in smartphone operating systems has increased. As mobile phones are connected to utilities and appliances, hackers, cybercriminals, and even intelligence officials have access to these devices. It became increasingly popular to let employees use their own devices for work-related purposes in 2011. The Crowd Research Partners study, published in 2017, reports that during 2017, most businesses that mandated the use of mobile devices were subjected to malware attacks and breaches. It has become common for rogue applications to be installed on user devices without the user's permission. They breach privacy, which hinders the effectiveness of the devices. As well as affecting the device, hidden malware is harmful. Mobile malware has been developed to exploit vulnerabilities in mobile devices.

Ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...

, worms,

botnets A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...

, Trojans, and viruses are some of the types. Since the introduction of mobile banking apps and other apps, which are vital targets for hackers, malware has been rampant. Trojan-droppers can also avoid detection of malware. The attackers who use the malware on the device are able to avoid detection by hiding

malicious code Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, dep ...

. Despite the fact that the malware inside a device does not change, the dropper generates new hashes each time. Additionally, droppers can also create a multitude of files, which can lead to the creation of viruses. Android mobile devices are prone to Trojan-Droppers. The banking Trojans also enable attacks on the banking applications on the phone, which leads to the theft of data for use in stealing money and funds. Additionally, there are jailbreaks for iOS devices, which work by disabling the signing of codes on iPhones so that applications not downloaded from the App Store can be operated. In this way, all the protection layers offered by iOS are disrupted, exposing the device to malware. These outside applications don't run in a sandbox, and as a result, it exposes potential security problems. By installing malicious credentials and virtual private networks (VPN) to direct information to malicious systems, there are attack vectors developed to change the mobile devices' configuration settings. In addition, there is spyware that tends to be installed on mobile devices in order to track an individual. Malicious apps can also be installed without the owners' permission or knowledge. Wi-Fi interference technologies can also attack mobile devices through potentially insecure networks. By compromising the network, hackers are able to gain access to key data. A VPN, on the other hand, can be used to secure networks. As soon as a system is threatened, an active VPN will operate. There are also social engineering techniques, such as

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...

. With phishing, unsuspecting victims are sent links to lead them to malicious websites. The attackers can then hack into the victim's device and copy all of its information. However, mobile device attacks can be prevented with technologies. Containerization is an example, as it allows the creation of a hardware infrastructure that separates the business data from other data. By detecting malicious traffic and rogue access points, there is network protection. Data security is also ensured through authentication. There are three prime targets for attackers: *Data: smartphones are devices for data management, and may contain sensitive data like

credit card A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt (i.e., promise to the card issuer to pay them for the amounts plus the ...

numbers, authentication information, private information, activity logs (calendar, call logs); *Identity: smartphones are highly customizable, so the device or its contents can easily be associated with a specific person. *Availability: attacking a smartphone can limit access to it and deprive the owner of its use. There are a number of threats to mobile devices, including annoyance, stealing money, invading privacy, propagation, and malicious tools. Vulnerability in mobile devices is a weak spot that will allow an attacker to decrease a systems security. There are three elements that intercepts when vulnerability occurs and they are a system weakness, attacker access to the flaw, and attacker competence to exploit the flaw. *

Botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...

s: attackers infect multiple machines with malware that victims generally acquire via e-mail attachments or from compromised applications or websites. The malware then gives hackers remote control of "zombie" devices, which can then be instructed to perform harmful acts. *Malicious applications: hackers upload malicious programs or games to third-party smartphone application marketplaces. The programs steal personal information and open backdoor communication channels to install additional applications and cause other problems. *Malicious links on social networks: an effective way to spread malware where hackers can place Trojans, spyware, and backdoors. *

Spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priv ...

: hackers use this to hijack phones, allowing them to hear calls, see text messages and e-mails as well as track someone's location through GPS updates. The source of these attacks are the same actors found in the non-mobile computing space: *Professionals, whether commercial or military, who focus on the three targets mentioned above. They steal sensitive data from the general public, as well as undertake industrial

espionage Espionage, spying, or intelligence gathering is the act of obtaining secret or confidential information ( intelligence) from non-disclosed sources or divulging of the same without the permission of the holder of the information for a tang ...

. They will also use the identity of those attacked to achieve other attacks; *Thieves who want to gain income through data or identities they have stolen. The thieves will attack many people to increase their potential income; * Black hat hackers who specifically attack availability. Their goal is to develop

viruses A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsky's ...

, and cause damage to the device. In some cases, hackers have an interest in stealing data on devices. * Grey hat hackers who reveal vulnerabilities. Their goal is to expose vulnerabilities of the device. Grey hat hackers do not intend on damaging the device or stealing data.

Consequences

When a smartphone is infected by an attacker, the attacker can attempt several things: * The attacker can manipulate the smartphone as a zombie machine, that is to say, a machine with which the attacker can communicate and send commands which will be used to send unsolicited messages (

spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ...

) via

sms Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short text ...

email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...

; * The attacker can easily force the smartphone to make phone calls. For example, one can use the API (library that contains the basic functions not present in the smartphone) PhoneMakeCall by

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...

, which collects telephone numbers from any source such as

yellow pages The yellow pages are telephone directories of businesses, organized by category rather than alphabetically by business name, in which advertising is sold. The directories were originally printed on yellow paper, as opposed to Telephone direct ...

, and then call them. But the attacker can also use this method to call paid services, resulting in a charge to the owner of the smartphone. It is also very dangerous because the smartphone could call

emergency services Emergency services and rescue services are organizations that ensure public safety and health by addressing and resolving different emergencies. Some of these agencies exist solely for addressing certain types of emergencies, while others deal w ...

and thus disrupt those services; * A compromised smartphone can record conversations between the user and others and send them to a third party. This can cause user privacy and industrial security problems; * An attacker can also steal a user's identity, usurp their identity (with a copy of the user's sim card or even the telephone itself), and thus impersonate the owner. This raises security concerns in countries where smartphones can be used to place orders, view bank accounts or are used as an identity card; * The attacker can reduce the usability of the smartphone, by discharging the battery. For example, they can launch an application that will run continuously on the smartphone processor, requiring a lot of energy and draining the battery. One factor that distinguishes mobile computing from traditional desktop

PCs A personal computer (PC) is a multi-purpose microcomputer whose size, capabilities, and price make it feasible for individual use. Personal computers are intended to be operated directly by an end user, rather than by a computer expert or techn ...

is their limited performance. Frank Stajano and Ross Anderson first described this form of attack, calling it an attack of "battery exhaustion" or "sleep deprivation torture"; * The attacker can also prevent the operation and/or use of the smartphone by making it unusable. This attack can either delete the boot scripts, resulting in a phone without a functioning OS, or modify certain files to make it unusable (e.g. a script that launches at startup that forces the smartphone to restart) or even embed a startup application that would empty the battery; * The attacker can remove the personal (photos, music,

videos Video is an electronic medium for the recording, copying, playback, broadcasting, and display of moving visual media. Video was first developed for mechanical television systems, which were quickly replaced by cathode-ray tube (CRT) system ...

, etc.) or professional data (contacts, calendars, notes) of the user.

Attacks based on communication

Attack based on SMS and MMS

Some attacks derive from flaws in the management of

and MMS. Some mobile phone models have problems in managing binary SMS messages. It is possible by sending an ill-formed block, to cause the phone to restart, leading to the denial of service attacks. If a user with a Siemens S55 received a

text message Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile devices, desktops/laptops, or another type of compatible comput ...

containing a

Chinese character Chinese characters () are logograms developed for the writing of Chinese. In addition, they have been adapted to write other East Asian languages, and remain a key component of the Japanese writing system where they are known as ''kanji' ...

, it would lead to a denial of service. In another case, while the standard requires that the maximum size of a Nokia Mail address is 32 characters, some

Nokia Nokia Corporation (natively Nokia Oyj, referred to as Nokia) is a Finnish multinational telecommunications, information technology, and consumer electronics corporation, established in 1865. Nokia's main headquarters are in Espoo, Finland, i ...

phones did not verify this standard, so if a user enters an email address over 32 characters, that leads to complete dysfunction of the e-mail handler and puts it out of commission. This attack is called "curse of silence". A study on the safety of the SMS infrastructure revealed that SMS messages sent from the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, p ...

can be used to perform a distributed denial of service (DDoS) attack against the

mobile telecommunications Mobile telephony is the provision of telephone services to phones which may move around freely rather than stay fixed in one location. Telephony is supposed to specifically point to a voice-only service or connection, though sometimes the l ...

infrastructure of a big city. The attack exploits the delays in the delivery of messages to overload the network. Another potential attack could begin with a phone that sends an MMS to other phones, with an attachment. This attachment is infected with a virus. Upon receipt of the MMS, the user can choose to open the attachment. If it is opened, the phone is infected, and the virus sends an MMS with an infected attachment to all the contacts in the address book. There is a real-world example of this attack: the virus Commwarrior uses the address book and sends MMS messages including an infected file to recipients. A user installs the software, as received via MMS message. Then, the virus began to send messages to recipients taken from the address book.

Attacks based on communication networks

Attacks based on the GSM networks

The attacker may try to break the

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can d ...

of the mobile network. The

network encryption algorithms belong to the family of algorithms called A5. Due to the policy of security through obscurity it has not been possible to openly test the robustness of these algorithms. There were originally two variants of the algorithm:

A5/1 A5/1 is a stream cipher used to provide over-the-air communication privacy in the GSM cellular telephone standard. It is one of several implementations of the A5 security protocol. It was initially kept secret, but became public knowledge through l ...

and

A5/2 A5/2 is a stream cipher used to provide voice privacy in the GSM cellular telephone protocol. It was designed in 1992-1993 (finished March 1993) as a replacement for the relatively stronger (but still weak) A5/1, to allow the GSM standard to be e ...

(stream ciphers), where the former was designed to be relatively strong, and the latter was designed to be weak on purpose to allow easy

cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic s ...

and eavesdropping.

ETSI The European Telecommunications Standards Institute (ETSI) is an independent, not-for-profit, standardization organization in the field of information and communications. ETSI supports the development and testing of global technical standard ...

forced some countries (typically outside Europe) to use

. Since the encryption algorithm was made public, it was proved it was possible to break the encryption:

could be broken on the fly, and

in about 6 hours . In July 2007, the 3GPP approved a change request to prohibit the implementation of

in any new mobile phones, which means that it has been decommissioned and is no longer implemented in mobile phones. Stronger public algorithms have been added to the

standard, the A5/3 and A5/4 (

Block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified elementary components in the design of many cryptographic protocols and are widely used to en ...

s), otherwise known as KASUMI or UEA1 published by the

. If the network does not support A5/1, or any other A5 algorithm implemented by the phone, then the base station can specify A5/0 which is the null algorithm, whereby the radio traffic is sent unencrypted. Even in case mobile phones are able to use 3G or 4G which have much stronger encryption than 2G

, the base station can downgrade the radio communication to 2G

and specify A5/0 (no encryption) . This is the basis for eavesdropping attacks on mobile radio networks using a fake base station commonly called an IMSI catcher. In addition, tracing of mobile terminals is difficult since each time the mobile terminal is accessing or being accessed by the network, a new temporary identity (TMSI) is allocated to the mobile terminal. The TMSI is used as the identity of the mobile terminal the next time it accesses the network. The TMSI is sent to the mobile terminal in encrypted messages. Once the encryption algorithm of

is broken, the attacker can intercept all unencrypted communications made by the victim's smartphone.

Attacks based on Wi-Fi

An attacker can try to eavesdrop on

Wi-Fi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves ...

communications to derive information (e.g. username, password). This type of attack is not unique to smartphones, but they are very vulnerable to these attacks because very often the Wi-Fi is the only means of communication they have to access the internet. The security of wireless networks (

WLAN A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office buildin ...

) is thus an important subject. Initially, wireless networks were secured by WEP keys. The weakness of WEP is a short encryption key which is the same for all connected clients. In addition, several reductions in the search space of the keys have been found by researchers. Now, most wireless networks are protected by the WPA security protocol. WPA is based on the " Temporal Key Integrity Protocol (TKIP)" which was designed to allow migration from WEP to WPA on the equipment already deployed. The major improvements in security are the dynamic encryption keys. For small networks, the WPA is a "

pre-shared key In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Key To build a key from shared secret, the key derivation function is typically ...

" which is based on a shared key. Encryption can be vulnerable if the length of the shared key is short. With limited opportunities for input (i.e. only the numeric keypad), mobile phone users might define short encryption keys that contain only numbers. This increases the likelihood that an attacker succeeds with a brute-force attack. The successor to WPA, called WPA2, is supposed to be safe enough to withstand a brute force attack. Free Wi-Fi is usually provided by organizations such as airports, coffee shops, and restaurants for a number of reasons. In addition to spending more time on the premises, Wi-Fi access helps them to stay productive. It's likely they'll end up spending more money if they spend more time on the premises. Enhancing customer tracking is another reason. A lot of restaurants and coffee shops compile data about their customers so they can target advertisements directly to their devices. This means that customers know what services the facility provides. Generally, individuals filter business premises based on Internet connections as another reason to gain a competitive edge. The ability to access free and fast Wi-Fi gives a business an edge over those who do not. Network security is the responsibility of the organizations. There are numerous risks associated with their unsecured Wi-Fi networks, however. The man-in-the-middle attack entails the interception and modification of data between parties. Additionally, malware can be distributed via the free Wi-Fi network and hackers can exploit software vulnerabilities to smuggle malware onto connected devices. It is also possible to eavesdrop and sniff Wifi signals using special software and devices, capturing login credentials and hijacking accounts. As with GSM, if the attacker succeeds in breaking the identification key, it will be possible to attack not only the phone but also the entire network it is connected to. Many smartphones for wireless LANs remember they are already connected, and this mechanism prevents the user from having to re-identify with each connection. However, an attacker could create a WIFI access point twin with the same parameters and characteristics as the real network. Using the fact that some smartphones remember the networks, they could confuse the two networks and connect to the network of the attacker who can intercept data if it does not transmit its data in encrypted form. Lasco is a worm that initially infects a remote device using the SIS file format. SIS file format (Software Installation Script) is a script file that can be executed by the system without user interaction. The

smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whi ...

thus believes the file to come from a trusted source and downloads it, infecting the machine.

Principle of Bluetooth-based attacks

Security issues related to

on mobile devices have been studied and have shown numerous problems on different phones. One easy to exploit

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

: unregistered services do not require authentication, and vulnerable applications have a virtual serial port used to control the phone. An attacker only needed to connect to the port to take full control of the device. Another example: a phone must be within reach and Bluetooth in discovery mode. The attacker sends a file via

. If the recipient accepts, a virus is transmitted. For example: Cabir is a worm that spreads via Bluetooth connection. The worm searches for nearby phones with Bluetooth in discoverable mode and sends itself to the target device. The user must accept the incoming file and install the program. After installing, the worm infects the machine.

Attacks based on vulnerabilities in software applications

Other attacks are based on flaws in the OS or applications on the phone.

Web browser

The mobile

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...

is an emerging attack vector for mobile devices. Just as common Web browsers,

mobile web The mobile web refers to mobile browser-based World Wide Web services accessed from handheld mobile devices, such as smartphones or feature phones, through a mobile or other wireless network. History and development Traditionally, the ...

browsers are extended from pure web navigation with widgets and plug-ins, or are completely native mobile browsers. Jailbreaking the iPhone with firmware 1.1.1 was based entirely on vulnerabilities on the web browser. As a result, the exploitation of the vulnerability described here underlines the importance of the Web browser as an attack vector for mobile devices. In this case, there was a vulnerability based on a stack-based buffer overflow in a library used by the web browser ( LibTIFF). A vulnerability in the web browser for Android was discovered in October 2008. As the iPhone vulnerability above, it was due to an obsolete and vulnerable

library A library is a collection of materials, books or media that are accessible for use and not just for display purposes. A library provides physical (hard copies) or digital access (soft copies) materials, and may be a physical location or a vi ...

. A significant difference with the iPhone vulnerability was Android's sandboxing architecture which limited the effects of this vulnerability to the Web browser process. Smartphones are also victims of classic

piracy Piracy is an act of robbery or criminal violence by ship or boat-borne attackers upon another ship or a coastal area, typically with the goal of stealing cargo and other valuable goods. Those who conduct acts of piracy are called pirates, v ...

related to the web:

, malicious websites, software that run in the background, etc. The big difference is that smartphones do not yet have strong

antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...

available. The internet offers numerous interactive features that ensure a higher engagement rate, capture more and relevant data, and increase brand loyalty. Blogs, forums, social networks, and wikis are some of the most common interactive websites. Due to the tremendous growth of the internet, there has been a rapid rise in the number of security breaches experienced by individuals and businesses over the past few years. Users can balance the need to utilize the interactive features while also maintaining caution regarding security issues in several ways. Reviewing computer security regularly and correcting, upgrading, and replacing the necessary features are a few of the ways to do this. Installation of

antivirus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...

and anti-spyware programs is the most effective way of protecting the computer, and they offer protection against malware, spyware, and viruses. As well, they use firewalls, which are typically installed between the internet and the computer network in order to find a balance. By acting as a web server, the firewall prevents external users from accessing the internal computer system. Also, secure passwords and not sharing them help maintain the balance.

Operating system

Sometimes it is possible to overcome the security safeguards by modifying the operating system itself. As real-world examples, this section covers the manipulation of

firmware In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...

and malicious signature certificates. These attacks are difficult. In 2004, vulnerabilities in virtual machines running on certain devices were revealed. It was possible to bypass the

bytecode Bytecode (also called portable code or p-code) is a form of instruction set designed for efficient execution by a software interpreter. Unlike human-readable source code, bytecodes are compact numeric codes, constants, and references (norma ...

verifier and access the native underlying operating system. The results of this research were not published in detail. The firmware security of Nokia's

Symbian Symbian is a discontinued mobile operating system (OS) and computing platform designed for smartphones. It was originally developed as a proprietary software OS for personal digital assistants in 1998 by the Symbian Ltd. consortium. Symbian OS ...

Platform Security Architecture (PSA) is based on a central configuration file called SWIPolicy. In 2008, it was possible to manipulate the Nokia firmware before it is installed, and in fact in some downloadable versions of it, this file was human-readable, so it was possible to modify and change the image of the firmware. This vulnerability has been solved by an update from Nokia. In theory, smartphones have an advantage over hard drives since the OS files are in ROM, and cannot be changed by

. However, in some systems it was possible to circumvent this: in the Symbian OS it was possible to overwrite a file with a file of the same name. On the Windows OS, it was possible to change a pointer from a general configuration file to an editable file. When an application is installed, the signing of this application is verified by a series of certificates. One can create a valid

signature A signature (; from la, signare, "to sign") is a Handwriting, handwritten (and often Stylization, stylized) depiction of someone's name, nickname, or even a simple "X" or other mark that a person writes on documents as a proof of identity and ...

without using a valid certificate and add it to the list. In the Symbian OS all certificates are in the directory: . With firmware changes explained above, it is very easy to insert a seemingly valid but malicious certificate. Android is the OS that has been attacked the most. Because it has most of users among the operation systems. According to cybersecurity company, it reported that they have blocked about 18 millions attack in 2016.

Attacks based on hardware vulnerabilities

Electromagnetic Waveforms

In 2015, researchers at the French government agency

Agence nationale de la sécurité des systèmes d'information The ''Agence nationale de la sécurité des systèmes d'information'' (ANSSI; English: French National Agency for the Security of Information Systems) is a French service created on 7 July 2009 with responsibility for computer security.electromagnetic waveforms". * The exploit took advantage of antenna-properties of headphone wires while plugged into the audio-output jacks of the vulnerable smartphones and effectively spoofed audio input to inject commands via the audio interface.

Juice Jacking

Juice Jacking is a physical or hardware vulnerability specific to mobile platforms. Utilizing the dual purpose of the USB charge port, many devices have been susceptible to having data exfiltrated from, or malware installed onto a mobile device by utilizing malicious charging

kiosks Historically, a kiosk () was a small garden pavilion open on some or all sides common in Persia, the Indian subcontinent, and in the Ottoman Empire from the 13th century onward. Today, several examples of this type of kiosk still exist in an ...

set up in public places or hidden in normal charge adapters.

Jail-breaking and rooting

Jail-breaking is also a physical access vulnerability, in which mobile device users initiate to hack into the devices to unlock it, and exploit weaknesses in the operating system. Mobile device users take control of their own device by jail-breaking it, and customize the interface by installing applications, change

system settings System Settings (System Preferences on macOS Monterey and earlier) is an application included with macOS. It allows users to modify various system settings, which are divided into separate Preference Panes. The System Settings application wa ...

that are not allowed on the devices. Thus, allowing to tweak the mobile devices operating systems processes, run programs in the background, thus devices are being expose to variety of malicious attack that can lead to compromise important private data.

Password cracking

In 2010, researcher from the

University of Pennsylvania The University of Pennsylvania (also known as Penn or UPenn) is a Private university, private research university in Philadelphia. It is the fourth-oldest institution of higher education in the United States and is ranked among the highest- ...

investigated the possibility of cracking a device's password through a smudge attack (literally imaging the finger smudges on the screen to discern the user's password). The researchers were able to discern the device password up to 68% of the time under certain conditions. Outsiders may perform over-the-shoulder on victims, such as watching specific keystrokes or pattern gestures, to unlock device password or passcode.

Malicious software (malware)

As smartphones are a permanent point of access to the internet (mostly on), they can be compromised as easily as computers with malware. A

is a computer program that aims to harm the system in which it resides. Mobile malware variants have increased by 54% in the year 2017.

Trojans Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...

worms Worms may refer to: *Worm, an invertebrate animal with a tube-like body and no limbs Places *Worms, Germany Worms () is a city in Rhineland-Palatinate, Germany, situated on the Upper Rhine about south-southwest of Frankfurt am Main. It had ...

and

are all considered malware. A Trojan is a program that is on the smartphone and allows external users to connect discreetly. A worm is a program that reproduces on multiple computers across a network. A virus is a malicious software designed to spread to other computers by inserting itself into legitimate programs and running programs in parallel. However, it must be said that the malware are far less numerous and important to smartphones as they are to computers. Graphiquemalware_en

Nonetheless, recent studies show that the evolution of malware in smartphones have rocketed in the last few years posing a threat to analysis and detection.

Privacy-intruding common apps and problematic pre-installed software

Various common apps installed by millions can intrude privacy, even if they were installed from a software distribution service like the

Google Play Store Google Play, also known as the Google Play Store and formerly the Android Market, is a digital distribution service operated and developed by Google. It serves as the official app store for certified devices running on the Android operating syst ...

. For example, in 2022 it was shown that the popular app

TikTok TikTok, known in China as Douyin (), is a short-form video hosting service owned by the Chinese company ByteDance. It hosts user-submitted videos, which can range in duration from 15 seconds to 10 minutes. TikTok is an international version o ...

adds a

keylogger Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...

to its, on iOS essentially unavoidable, in-app browser in iOS, which allows its Chinese company to gather, for example, passwords, credit card details, and everything else that is typed into websites opened from taps on any external links within the app. Shortly after the report, the company claims such capabilities are only used for

debugging In computer programming and software development, debugging is the process of finding and resolving '' bugs'' (defects or problems that prevent correct operation) within computer programs, software, or systems. Debugging tactics can involve i ...

-types of purposes. To date, it has largely not been investigated which and to which extent (other) apps have capacities for such or similar data-collection. The

and "stock software" preinstalled on devices – and updated with preinstalled software – can also have undesired components or privacy-intruding default configurations or substantial security vulnerabilities, albeit extensive research investigating this potential issue may be missing. Analysis of data traffic by popular smartphones running variants of Android found substantial by-default data collection and sharing with no opt-out by

pre-installed software Pre-installed software (also known as bundled software) is software already installed and licensed on a computer or smartphone bought from an original equipment manufacturer (OEM).packet analyzer A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or ...

s and with firewall apps like the NetGuard firewall app for Android that allows reading blocked traffic logs.

The three phases of malware attacks

Typically an attack on a smartphone made by malware takes place in 3 phases: the infection of a host, the accomplishment of its goal, and the spread of the malware to other systems. Malware often uses the resources offered by infected smartphones. It will use the output devices such as Bluetooth or

infrared Infrared (IR), sometimes called infrared light, is electromagnetic radiation (EMR) with wavelengths longer than those of Light, visible light. It is therefore invisible to the human eye. IR is generally understood to encompass wavelengths from ...

, but it may also use the address book or email address of the person to infect the user's acquaintances. The malware exploits the trust that is given to data sent by an acquaintance.

Infection

Infection is the means used by the malware to get into the smartphone, it can either use one of the faults previously presented or may use the gullibility of the user. Infections are classified into four classes according to their degree of user interaction: ; Explicit permission:The most benign interaction is to ask the user if it is allowed to infect the machine, clearly indicating its potential malicious behavior. This is typical behavior of a

proof of concept Proof of concept (POC or PoC), also known as proof of principle, is a realization of a certain method or idea in order to demonstrate its feasibility, or a demonstration in principle with the aim of verifying that some concept or theory has prac ...

malware. ; Implied permission:This infection is based on the fact that the user has a habit of installing software. Most trojans try to seduce the user into installing attractive applications (games, useful applications etc.) that actually contain malware. ; Common interaction:This infection is related to a common behavior, such as opening an MMS or email. ; No interaction:The last class of infection is the most dangerous. Indeed, a worm that could infect a smartphone and could infect other smartphones without any interaction would be catastrophic.

Accomplishment of its goal

Once the malware has infected a phone it will also seek to accomplish its goal, which is usually one of the following: monetary damage, damage data and/or device, and concealed damage: ; Monetary damages:The attacker can steal user data and either sell them to the same user or sell to a third party. ; Damage:Malware can partially damage the device, or delete or modify data on the device. ; Concealed damage:The two aforementioned types of damage are detectable, but the malware can also leave a backdoor for future attacks or even conduct wiretaps.

Spread to other systems

Once the malware has infected a smartphone, it always aims to spread one way or another: * It can spread through proximate devices using Wi-Fi, Bluetooth and infrared; * It can also spread using remote networks such as telephone calls or SMS or emails.

Examples of malware

Here are various

that exist in the world of

with a short description of each.

Viruses and trojans

* Cabir (also known as Caribe, SybmOS/Cabir, Symbian/Cabir and EPOC.cabir) is the name of a computer worm developed in 2004, designed to infect mobile phones running

Symbian OS Symbian is a discontinued mobile operating system (OS) and computing platform designed for smartphones. It was originally developed as a proprietary software OS for personal digital assistants in 1998 by the Symbian Ltd. consortium. Symbian OS ...

. It is believed to have been the first computer worm that can infect mobile phones. * Commwarrior, founded in March 7, 2005, was the first worm that can infect many machines from MMS. It is sent as COMMWARRIOR.ZIP containing the file COMMWARRIOR.SIS. When this file is executed, Commwarrior attempts to connect to nearby devices by

or infrared under a random name. It then attempts to send MMS message to the contacts in the smartphone with different header messages for each person, who receive the MMS and often open them without further verification. *Phage is the first

Palm OS Palm OS (also known as Garnet OS) was a mobile operating system initially developed by Palm, Inc., for personal digital assistants (PDAs) in 1996. Palm OS was designed for ease of use with a touchscreen-based graphical user interface. It is pro ...

virus discovered. It transfers to the Palm from a PC via

synchronization Synchronization is the coordination of events to operate a system in unison. For example, the conductor of an orchestra keeps the orchestra synchronized or ''in time''. Systems that operate with all parts in synchrony are said to be synchronou ...

. It infects all applications in the smartphone and embeds its own code to function without the user and the system detecting it. All that the system will detect is that its usual applications are functioning. *RedBrowser is a

Trojan Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...

based on

java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mo ...

. The Trojan masquerades as a program called "RedBrowser" which allows the user to visit WAP sites without a WAP connection. During application installation, the user sees a request on their phone that the application needs permission to send messages. If the user accepts, RedBrowser can send SMS to paid call centers. This program uses the smartphone's connection to social networks (

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dust ...

Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...

, etc.) to get the contact information for the user's acquaintances (provided the required permissions have been given) and will send them messages. *WinCE.PmCryptic.A is a malicious software on Windows Mobile which aims to earn money for its authors. It uses the infestation of memory cards that are inserted in the smartphone to spread more effectively. *CardTrap is a virus that is available on different types of smartphone, which aims to deactivate the system and third-party applications. It works by replacing the files used to start the smartphone and applications to prevent them from executing. There are different variants of this virus such as Cardtrap.A for SymbOS devices. It also infects the memory card with malware capable of infecting

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for se ...

. * Ghost Push is malicious software on Android OS which automatically roots the android device and installs malicious applications directly to system partition then unroots the device to prevent users from removing the threat by master reset (The threat can be removed only by reflashing). It cripples the system resources, executes quickly, and is hard to detect.

Ransomware

Mobile

ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...

is a type of malware that locks users out of their mobile devices in a pay-to-unlock-your-device ploy, it has grown by leaps and bounds as a threat category since 2014. Specific to mobile computing platforms, users are often less security-conscious, particularly as it pertains to scrutinizing applications and web links trusting the native protection capability of the mobile device operating system. Mobile ransomware poses a significant threat to businesses reliant on instant access and availability of their proprietary information and contacts. The likelihood of a traveling businessman paying a ransom to unlock their device is significantly higher since they are at a disadvantage given inconveniences such as timeliness and less likely direct access to IT staff. Recent ransomware attack has caused a stir in the world as the attack caused many of the internet connected devices to not work and companies spent a large amount to recover from these attacks.

Spyware

* Pegasus – In 2021, journalists and researchers reported the discovery of spyware, called

Pegasus Pegasus ( grc-gre, Πήγασος, Pḗgasos; la, Pegasus, Pegasos) is one of the best known creatures in Greek mythology. He is a winged divine stallion usually depicted as pure white in color. He was sired by Poseidon, in his role as hor ...

, developed and distributed by a private company which can and has been used to infect both iOS and Android smartphones often – partly via use of 0-day exploits – without the need for any user-interaction or significant clues to the user and then be used to exfiltrate data, track user locations, capture film through its camera, and activate the microphone at any time. *Flexispy is an application that can be considered as a trojan, based on Symbian. The program sends all information received and sent from the smartphone to a Flexispy server. It was originally created to protect children and spy on adulterous spouses.

Number of malware

Below is a diagram which loads the different behaviors of smartphone malware in terms of their effects on smartphones: MalwareEffect

We can see from the graph that at least 50 malware varieties exhibit no negative behavior, except their ability to spread.

Portability of malware across platforms

There is a multitude of malware. This is partly due to the variety of operating systems on smartphones. However attackers can also choose to make their malware target multiple platforms, and malware can be found which attacks an OS but is able to spread to different systems. To begin with, malware can use runtime environments like

Java virtual machine A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. The JVM is detailed by a specification that formally describe ...

or the

.NET Framework The .NET Framework (pronounced as "''dot net"'') is a proprietary software framework developed by Microsoft that runs primarily on Microsoft Windows. It was the predominant implementation of the Common Language Infrastructure (CLI) until bein ...

. They can also use other libraries present in many operating systems. Other malware carry several executable files in order to run in multiple environments and they utilize these during the propagation process. In practice, this type of malware requires a connection between the two operating systems to use as an attack vector. Memory cards can be used for this purpose, or synchronization software can be used to propagate the virus.

Countermeasures

The security mechanisms in place to counter the threats described above are presented in this section. They are divided into different categories, as all do not act at the same level, and they range from the management of security by the operating system to the behavioral education of the user. The threats prevented by the various measures are not the same depending on the case. Considering the two cases mentioned above, in the first case one would protect the system from corruption by an application, and in the second case the installation of a suspicious software would be prevented.

Security in operating systems

The first layer of security in a smartphone is the operating system (OS). Beyond needing to handle the usual roles of an operating system (e.g.

resource management In organizational studies, resource management is the efficient and effective development of an organization's resources when they are needed. Such resources may include the financial resources, inventory, human skills, production resources, or ...

, scheduling processes) on the device, it must also establish the protocols for introducing external applications and data without introducing risk. A central paradigm in mobile operating systems is the idea of a

sandbox A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic. Sandbox or Sand box may also refer to: Arts, entertainment, and media * Sandbox (band), a Canadian rock music group * ''Sand ...

. Since smartphones are currently designed to accommodate many applications, they must have mechanisms to ensure these applications are safe for the phone itself, for other applications and data on the system, and for the user. If a malicious program reaches a mobile device, the vulnerable area presented by the system must be as small as possible. Sandboxing extends this idea to compartmentalize different processes, preventing them from interacting and damaging each other. Based on the history of operating systems, sandboxing has different implementations. For example, where iOS will focus on limiting access to its public API for applications from the

App Store An App Store (or app marketplace) is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not include the running of the c ...

by default, Managed Open In allows you to restrict which apps can access which types of data. Android bases it's sandboxing on its legacy of

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, whi ...

and

TrustedBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular op ...

. The following points highlight mechanisms implemented in operating systems, especially Android. ; Rootkit Detectors : The intrusion of a

rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...

in the system is a great danger in the same way as on a computer. It is important to prevent such intrusions, and to be able to detect them as often as possible. Indeed, there is concern that with this type of malicious program, the result could be a partial or complete bypass of the device security, and the acquisition of administrator rights by the attacker. If this happens, then nothing prevents the attacker from studying or disabling the safety features that were circumvented, deploying the applications they want, or disseminating a method of intrusion by a rootkit to a wider audience. We can cite, as a defense mechanism, the

Chain of trust In computer security, a chain of trust is established by validating each component of hardware and software from the end entity up to the root certificate. It is intended to ensure that only trusted software and hardware can be used while still ...

in iOS. This mechanism relies on the signature of the different applications required to start the operating system, and a certificate signed by Apple. In the event that the signature checks are inconclusive, the device detects this and stops the boot-up. If the Operating System is compromised due to Jailbreaking, rootkit detection may not work if it is disabled by the Jailbreak method or software is loaded after Jailbreak disables Rootkit Detection. ; Process isolation : Android uses mechanisms of user process isolation inherited from Linux. Each application has a user associated with it, and a tuple ( UID, GID). This approach serves as a

: while applications can be malicious, they can not get out of the sandbox reserved for them by their identifiers, and thus cannot interfere with the proper functioning of the system. For example, since it is impossible for a process to end the process of another user, an application can thus not stop the execution of another. ; File permissions : From the legacy of Linux, there are also

filesystem permissions Most file systems include attributes of files and directories that control the ability of users to read, change, navigate, and execute the contents of the file system. In some cases, menu options or functions may be made visible or hidden dependin ...

mechanisms. They help with sandboxing: a process can not edit any files it wants. It is therefore not possible to freely corrupt files necessary for the operation of another application or system. Furthermore, in Android there is the method of locking memory permissions. It is not possible to change the permissions of files installed on the SD card from the phone, and consequently it is impossible to install applications. ; Memory Protection : In the same way as on a computer, memory protection prevents

privilege escalation Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The re ...

. Indeed, if a process managed to reach the area allocated to other processes, it could write in the memory of a process with rights superior to their own, with root in the worst case, and perform actions which are beyond its permissions on the system. It would suffice to insert function calls are authorized by the privileges of the malicious application. ; Development through runtime environments : Software is often developed in high-level languages, which can control what is being done by a running program. For example, Java Virtual Machines continuously monitor the actions of the execution threads they manage, monitor and assign resources, and prevent malicious actions. Buffer overflows can be prevented by these controls.

Security software

Above the operating system security, there is a layer of security software. This layer is composed of individual components to strengthen various vulnerabilities: prevent malware, intrusions, the identification of a user as a human, and user authentication. It contains software components that have learned from their experience with computer security; however, on smartphones, this software must deal with greater constraints (see limitations). ; Antivirus and firewall : An antivirus software can be deployed on a device to verify that it is not infected by a known threat, usually by signature detection software that detects malicious executable files. A

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...

, meanwhile, can watch over the existing traffic on the network and ensure that a malicious application does not seek to communicate through it. It may equally verify that an installed application does not seek to establish suspicious communication, which may prevent an intrusion attempt. A mobile antivirus product would scan files and compare them against a database of known mobile malware code signatures. ; Visual Notifications : In order to make the user aware of any abnormal actions, such as a call they did not initiate, one can link some functions to a visual notification that is impossible to circumvent. For example, when a call is triggered, the called number should always be displayed. Thus, if a call is triggered by a malicious application, the user can see, and take appropriate action. ; Turing test : In the same vein as above, it is important to confirm certain actions by a user decision. The

Turing test The Turing test, originally called the imitation game by Alan Turing in 1950, is a test of a machine's ability to exhibit intelligent behaviour equivalent to, or indistinguishable from, that of a human. Turing proposed that a human evaluat ...

is used to distinguish between a human and a virtual user, and it often comes as a

captcha A CAPTCHA ( , a contrived acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge–response test used in computing to determine whether the user is human. The term was coined in 2003 b ...

. ; Biometric identification : Another method to use is

biometrics Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify i ...

. Biometrics is a technique of identifying a person by means of their morphology(by recognition of the face or eye, for example) or their behavior (their signature or way of writing for example). One advantage of using biometric security is that users can avoid having to remember a password or other secret combination to authenticate and prevent malicious users from accessing their devices. In a system with strong biometric security, only the primary user can access the smartphone.

Resource monitoring in the smartphone

When an application passes the various security barriers, it can take the actions for which it was designed. When such actions are triggered, the activity of a malicious application can be sometimes detected if one monitors the various resources used on the phone. Depending on the goals of the malware, the consequences of infection are not always the same; all malicious applications are not intended to harm the devices on which they are deployed. The following sections describe different ways to detect suspicious activity. ; Battery : Some malware is aimed at exhausting the energy resources of the phone. Monitoring the energy consumption of the phone can be a way to detect certain malware applications. ; Memory usage : Memory usage is inherent in any application. However, if one finds that a substantial proportion of memory is used by an application, it may be flagged as suspicious. ; Network traffic : On a smartphone, many applications are bound to connect via the network, as part of their normal operation. However, an application using a lot of bandwidth can be strongly suspected of attempting to communicate a lot of information, and disseminate data to many other devices. This observation only allows a suspicion, because some legitimate applications can be very resource-intensive in terms of network communications, the best example being

streaming video Video on demand (VOD) is a media distribution system that allows users to access videos without a traditional video playback device and the constraints of a typical static broadcasting schedule. In the 20th century, broadcasting in the form of ...

. ; Services : One can monitor the activity of various services of a smartphone. During certain moments, some services should not be active, and if one is detected, the application should be suspected. For example, the sending of an SMS when the user is filming video: this communication does not make sense and is suspicious; malware may attempt to send SMS while its activity is masked. The various points mentioned above are only indications and do not provide certainty about the legitimacy of the activity of an application. However, these criteria can help target suspicious applications, especially if several criteria are combined.

Network surveillance

Network traffic exchanged by phones can be monitored. One can place safeguards in network routing points in order to detect abnormal behavior. As the mobile's use of network protocols is much more constrained than that of a computer, expected network data streams can be predicted (e.g. the protocol for sending an SMS), which permits detection of anomalies in mobile networks. ; Spam filters : As is the case with email exchanges, we can detect a spam campaign through means of mobile communications (SMS, MMS). It is therefore possible to detect and minimize this kind of attempt by filters deployed on network infrastructure that is relaying these messages. ; Encryption of stored or transmitted information : Because it is always possible that data exchanged can be intercepted, communications, or even information storage, can rely on

to prevent a malicious entity from using any data obtained during communications. However, this poses the problem of key exchange for encryption algorithms, which requires a secure channel. ; Telecom

network monitoring Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble. Network monito ...

: The networks for SMS and MMS exhibit predictable behavior, and there is not as much liberty compared with what one can do with protocols such as TCP or UDP. This implies that one cannot predict the use made of the common protocols of the web; one might generate very little traffic by consulting simple pages, rarely, or generate heavy traffic by using video streaming. On the other hand, messages exchanged via mobile phone have a framework and a specific model, and the user does not, in a normal case, have the freedom to intervene in the details of these communications. Therefore, if an abnormality is found in the flux of network data in the mobile networks, the potential threat can be quickly detected.

Manufacturer surveillance

In the production and distribution chain for mobile devices, it is the responsibility of manufacturers to ensure that devices are delivered in a basic configuration without vulnerabilities. Most users are not experts and many of them are not aware of the existence of security vulnerabilities, so the device configuration as provided by manufacturers will be retained by many users. Below are listed several points which manufacturers should consider. Some of the smartphone manufacturers insert Titan M2 to powers up mobile security. ; Remove debug mode : Phones are sometimes set in a debug mode during manufacturing, but this mode must be disabled before the phone is sold. This mode allows access to different features, not intended for routine use by a user. Due to the speed of development and production, distractions occur and some devices are sold in debug mode. This kind of deployment exposes mobile devices to exploits that utilize this oversight. ; Default settings : When a smartphone is sold, its default settings must be correct, and not leave security gaps. The default configuration is not always changed, so a good initial setup is essential for users. There are, for example, default configurations that are vulnerable to denial of service attacks. ; Security audit of apps : Along with smart phones, appstores have emerged. A user finds themselves facing a huge range of applications. This is especially true for providers who manage appstores because they are tasked with examining the apps provided, from different points of view (e.g. security, content). The security audit should be particularly cautious, because if a fault is not detected, the application can spread very quickly within a few days, and infect a significant number of devices. ; Detect suspicious applications demanding rights : When installing applications, it is good to warn the user against sets of permissions that, grouped together, seem potentially dangerous, or at least suspicious. Frameworks like such as Kirin, on Android, attempt to detect and prohibit certain sets of permissions. ; Revocation procedures : Along with appstores appeared a new feature for mobile apps: remote revocation. First developed by Android, this procedure can remotely and globally uninstall an application, on any device that has it. This means the spread of a malicious application that managed to evade security checks can be immediately stopped when the threat is discovered. ; Avoid heavily customized systems : Manufacturers are tempted to overlay custom layers on existing operating systems, with the dual purpose of offering customized options and disabling or charging for certain features. This has the dual effect of risking the introduction of new bugs in the system, coupled with an incentive for users to modify the systems to circumvent the manufacturer's restrictions. These systems are rarely as stable and reliable as the original, and may suffer from phishing attempts or other exploits. ; Improve software patch processes : New versions of various software components of a smartphone, including operating systems, are regularly published. They correct many flaws over time. Nevertheless, manufacturers often do not deploy these updates to their devices in a timely fashion, and sometimes not at all. Thus, vulnerabilities persist when they could be corrected, and if they are not, since they are known, they are easily exploitable.

User awareness

Much malicious behavior is allowed by the carelessness of the user. Smartphone users were found to ignore security messages during application installation, especially during application selection, checking application reputation, reviews and security and agreement messages. From simply not leaving the device without a password, to precise control of permissions granted to applications added to the smartphone, the user has a large responsibility in the cycle of security: to not be the vector of intrusion. This precaution is especially important if the user is an employee of a company who stores business data on the device. Detailed below are some precautions that a user can take to manage security on a smartphone. A recent survey by

internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...

experts BullGuard showed a lack of insight into the rising number of malicious threats affecting mobile phones, with 53% of users claiming that they are unaware of security software for Smartphones. A further 21% argued that such protection was unnecessary, and 42% admitted it hadn't crossed their mind ("Using APA," 2011). These statistics show consumers are not concerned about security risks because they believe it is not a serious problem. The key here is to always remember smartphones are effectively handheld computers and are just as vulnerable. ; Being skeptical : A user should not believe everything that may be presented, as some information may be phishing or attempting to distribute a malicious application. It is therefore advisable to check the reputation of the application that they want to buy before actually installing it. ; Permissions given to applications : The mass distribution of applications is accompanied by the establishment of different permissions mechanisms for each operating system. It is necessary to clarify these permissions mechanisms to users, as they differ from one system to another, and are not always easy to understand. In addition, it is rarely possible to modify a set of permissions requested by an application if the number of permissions is too great. But this last point is a source of risk because a user can grant rights to an application, far beyond the rights it needs. For example, a note taking application does not require access to the geolocation service. The user must ensure the privileges required by an application during installation and should not accept the installation if requested rights are inconsistent. ; Be careful : Protection of a user's phone through simple gestures and precautions, such as locking the smartphone when it is not in use, not leaving their device unattended, not trusting applications, not storing sensitive data, or encrypting sensitive data that cannot be separated from the device. : ;Disconnect peripheral devices, that are not in use :NIST Guidelines for Managing the Security of Mobile Devices 2013, recommends: Restrict user and application access to hardware, such as the digital camera, GPS, Bluetooth interface, USB interface, and removable storage. :

Enable Android Device Encryption

The latest Android smartphones come with an inbuilt encryption setting for securing all the information saved on your device. It makes it difficult for a hacker to extract and decipher the information in case your device is compromised. Here is how to do it, ''Settings – Security – Encrypt Phone + Encrypt SD Card'' : ; Ensure data : Smartphones have a significant memory and can carry several gigabytes of data. The user must be careful about what data it carries and whether they should be protected. While it is usually not dramatic if a song is copied, a file containing bank information or business data can be more risky. The user must have the prudence to avoid the transmission of sensitive data on a smartphone, which can be easily stolen. Furthermore, when a user gets rid of a device, they must be sure to remove all personal data first. These precautions are measures that leave no easy solution to the intrusion of people or malicious applications in a smartphone. If users are careful, many attacks can be defeated, especially phishing and applications seeking only to obtain rights on a device.

Centralized storage of text messages

One form of mobile protection allows companies to control the delivery and storage of text messages, by hosting the messages on a company server, rather than on the sender or receiver's phone. When certain conditions are met, such as an expiration date, the messages are deleted.

Limitations of certain security measures

The security mechanisms mentioned in this article are to a large extent inherited from knowledge and experience with computer security. The elements composing the two device types are similar, and there are common measures that can be used, such as

and firewalls. However, the implementation of these solutions is not necessarily possible or at least highly constrained within a mobile device. The reason for this difference is the technical resources offered by computers and mobile devices: even though the computing power of smartphones is becoming faster, they have other limitations than their computing power. *Single-task system: Some operating systems, including some still commonly used, are single-tasking. Only the foreground task is executed. It is difficult to introduce applications such as antivirus and firewall on such systems, because they could not perform their monitoring while the user is operating the device, when there would be most need of such monitoring. *Energy autonomy: A critical one for the use of a smartphone is energy autonomy. It is important that the security mechanisms not consume battery resources, without which the autonomy of devices will be affected dramatically, undermining the effective use of the smartphone. *Network Directly related to battery life, network utilization should not be too high. It is indeed one of the most expensive resources, from the point of view of energy consumption. Nonetheless, some calculations may need to be relocated to remote servers in order to preserve the battery. This balance can make implementation of certain intensive computation mechanisms a delicate proposition. Furthermore, it is common to find that updates exist, or can be developed or deployed, but this is not always done. One can, for example, find a user who does not know that there is a newer version of the operating system compatible with the smartphone, or a user may discover known vulnerabilities that are not corrected until the end of a long development cycle, which allows time to exploit the loopholes.

Next Generation of mobile security

There is expected to be four mobile environments that will make up the security framework: ; Rich operating system: In this category will fall traditional Mobile OS like Android, iOS, Symbian OS or Windows Phone. They will provide the traditional functionality and security of an OS to the applications. ;Secure Operating System (Secure OS): A secure kernel which will run in parallel with a fully featured Rich OS, on the same processor core. It will include drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world"). The trusted infrastructure could include interfaces like the display or keypad to regions of PCI-E address space and memories. ;Trusted Execution Environment (TEE): Made up of hardware and software. It helps in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS. It effectively acts as a firewall between the "normal world" and "secure world". ; Secure Element (SE): The SE consists of tamper resistant hardware and associated software or separate isolated hardware. It can provide high levels of security and work in tandem with the TEE. The SE will be mandatory for hosting proximity payment applications or official electronic signatures. SE may connect, disconnect, block peripheral devices and operate separate set of hardware. ; Security Applications (SA): Numerous security applications are available on App Stores providing services of protection from viruses and performing vulnerability assessment.