From mobile phones to responsible devices

Traynor, Patrick; Amrutkar, Chaitrali; Rao, Vikhyath; Jaeger, Trent; McDaniel, Patrick; Porta, Thomas F. La

doi:10.1002/sec.218

Cited by 16 publications

(14 citation statements)

References 8 publications

(10 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thereupon, by granting these permissions, users deliberately circumvent some of the access control mechanisms of their smartphones and become dependent on the good will or on the malicious intentions of developers, which may prove harmful. Similar concerns over the malicious potential of mobile phones were raised by [13].…”

Section: Introductionmentioning

confidence: 79%

Is Granting Permissions to Applications an Informed Decision?

Harison¹,

Koren²,

Perel³

2017

IJSEIA

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 79%

Is Granting Permissions to Applications an Informed Decision?

Harison¹,

Koren²,

Perel³

2017

IJSEIA

View full text Add to dashboard Cite

show abstract

“…Traynor et al summarize in [28] the lack of security features on mobile and smartphones and discuss possible solutions. Part of their work presents SELinux [18] as means of access control of system resources.…”

Section: Related Workmentioning

confidence: 99%

Taming Mr Hayes: Mitigating signaling based attacks on smartphones

Mulliner

Liebergeld

Lange

et al. 2012

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012)

View full text Add to dashboard Cite

Abstract-Malicious injection of cellular signaling traffic from mobile phones is an emerging security issue. The respective attacks can be performed by hijacked smartphones and by malware resident on mobile phones. Until today there are no protection mechanisms in place to prevent signaling based attacks other than implementing expensive additions to the cellular core network. In this work we present a protection system that resides on the mobile phone. Our solution works by partitioning the phone software stack into the application operating system and the communication partition. The application system is a standard fully featured Android system. On the other side, communication to the cellular network is mediated by a flexible monitoring and enforcement system running on the communication partition. We implemented and evaluated our protection system on a real smartphone. Our evaluation shows that it can mitigate all currently known signaling based attacks and in addition can protect users from cellular Trojans.

show abstract

“…There exist works concerning vulnerabilities of mobile phones [19,25,30,31]. Some vulnerabilities are caused by the interaction between mobile devices, the Internet, and telecommunications networks [31].…”

Section: Related Workmentioning

confidence: 99%

“…Up to now, however, end users do not seem to be prepared for attacks on mobile phones, although some reports on hacking mobile phones already exist, e.g., [19,25,30]. In the future, it can be expected that the rate of security incidents will rise because of the increasing attractiveness of the attack target "mobile phone" [10].…”

Section: Introductionmentioning

confidence: 99%

Software security aspects of Java-based mobile phones

Sohr

Mustafa

Nowak³

2011

Proceedings of the 2011 ACM Symposium on Applied Computing

View full text Add to dashboard Cite

More and more functionality is provided by mobile phones today; this trend will continue over the next years. However, with the increasing functionality new risks go along. This not only applies to security-critical mobile applications such as m-banking or m-commerce applications. The end user's privacy may also be in danger or the operator may be the target of an attack. In this paper, we discuss security risks introduced by mobile phones considering the perspectives of the different parties involved in telecommunications systems. Specifically, we demonstrate those risks by means of a security hole discovered in a large number of mobile phones. The security hole can be exploited to obtain manufacturer or even operator permissions. In particular, we implemented a Java-based Trojan horse. This way, the compromised mobile phone can be used as an eavesdropping device by an attacker. All in all, this demonstrates that the risks are not only theoretical, but also real. We also sketch a methodology for the security analysis of mobile phone software.

show abstract

From mobile phones to responsible devices

Cited by 16 publications

References 8 publications

Is Granting Permissions to Applications an Informed Decision?

Is Granting Permissions to Applications an Informed Decision?

Taming Mr Hayes: Mitigating signaling based attacks on smartphones

Software security aspects of Java-based mobile phones

Contact Info

Product

Resources

About