Kadra Alvaro April,2010

greenpepperwhinnySecurity

Nov 3, 2013 (3 years and 9 months ago)

66 views

Kadra

Alvaro April,2010


Introduction: The Android Platform


Threats to
Smartphones


Android
-
Specific Threats


How to Secure Your Android Device


The Future of the Android OS


The Android operating system was originally
developed by Android Inc


A small company that was purchased by
Google in July of 2005.


Android is both a platform and an operating
system.


By using Java, Google hopes to make Android
development more
accessible

and
easier

to
participate in.



When
smartphones

first came out, the threats
to them were minimal.


These days
smartphones

are one of the most
prevalent handheld devices;


accessing their email,


their bank account,


the internet


texting and calling plans


All from one portable device.



The fact that most users don’t install
security

software on their phones.


Some of the more common threats to mobile
devices


Bluetooth exploits,


SMS/MMS attacks (usually injection),


web browser,


malware (usually distributed by third
-
party sources
in the form of Apps or other downloads),


SMS and MMS are vulnerable to a variety of
attacks these days.


SMS is much more than just text or picture
messaging; SMS is often used for
voicemail
notifications
and
visual voicemail
.


SMS
fuzzing

and
shellcode

injection hit the
iPhone

soon after its
debut
, and has been
known to attack Windows Mobile and Android
phones as well.




Most of the exploits on phones are
man
-
in
-
the
-
middle attacks
, where software is
injected between the modem and the
telephony stack where it can eavesdrop on
incoming and outgoing messages.



There has been an
upsurge

in malicious Apps
since Apple’s App Store debuted.


They include games designed to
surreptitiously record phone numbers and
other private user data and steal ID numbers
or bank info.


This could be one of the most prominent
threats to Android phones because of the
mostly
unregulated

Android App Market.




The web browser is one of the most complex
components running on the relatively slim

handset operating systems.


The mobile web browser is constantly

evolving and being reinvented by different
third
-
party vendors.


Most
smartphone

browsers are

filled with
bugs and badly written code that can be
exploited.




Many phones come with
default settings
that
will
allow

the phone to connect to

a Bluetooth
piece without any
authorization

or
encryption
.




Its
open
-
source

nature makes it a

prime
target for hackers since
every detail

of its
inner workings are laid bare to anyone with

internet access.



Perhaps the most prominent potential danger
is Android’s free and open Application Market,

which undergoes very little monitoring by
Google, which strikes a sharp contrast with
Apple’s

infamously fussy App Store
regulations.



Apple was the first company to create a
popular online technology store that was
capable of

directly interfacing with handheld
Apple devices.


The iTunes store is one of the most widely

used music applications for organizing and
purchasing media.


Apple knows that a troupe of vicious
Applications roaming around their App Store
would be very

bad for business.





Once they finish producing their App, they
send it to Apple, who

then assigns a team of
two employees to review the App.


Apple not accepted Apps contain


private API’s,


more than a few bugs,


violates the user’s privacy (such as stealing/logging
his data),


help the user break any law


perform VoIP calls without AT&T’s permission are
disqualified




Any Apps that are designed to replace a core
Apple program (such as a
web browser
,
email
manager
, or
a calendar App
) are also not
accepted.


Many users who are unsatisfied with Apps
that play by Apple’s rules
jailbreak

their
iPhones

to download unapproved Apps,
which leads many to unknowingly infect their
phones with malicious programs.




Google’s
security

policy is altogether
different from Apple’s in that it transfer
responsibility onto the users and Google itself
takes little part in patrolling the Market.



Unlike the closely regulated Apple App Store,
the Android Market allows all kinds of
malicious Apps to be posted, and users
perusing the latest uploads need to be wary.




Security researchers Derek Brown and Daniel
Tijerina

tested the potential for damage by
creating a simple weather App called
WeatherFist

that collects user data like GPS
coordinates and phone numbers.


Twenty
-
four hours after the App was released,
the researchers had 1,862 phones roped into
a potential
botnet
.



Disable
automatic Bluetooth sharing
and keep
it
turned off
when you’re not using it (it also
saves battery).


It’s not a bad idea to keep your
GPS turned
off

too.



Useful free App, called
Mobile Defense
, will
also track down lost or stolen handsets.


After the device syncs with your account, the
App promptly “
uninstalls
” itself, leaving no
trace that the program was ever downloaded
or installed.


As it is possible for a thief to uninstall the
highly visible Antivirus software.




Android is running on quite a few phones,
both new and old.


If Android devices continue to remain so
scattered and unsupported, it could have a
negative aspect on
security

for Android
owners.




Google’s policy regarding Android seems to
be very hands
-
off so far in the development
of the young OS.


However, more than a few people think that
more regulation from Google is necessary to
keep users safe
.