Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices

Becher, Michael; Freiling, Felix C.; Hoffmann, Johannes; Holz, Thorsten; Uellenbeck, Sebastian; Wolf, Christopher A.

doi:10.1109/sp.2011.29

Cited by 145 publications

(77 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The applications in question are simply so small that the additional 922 bytes is significant, however it is extremely likely that the user is already downloading many other [24], larger applications further reducing any concerns of network performance degradation. Similarly, processor use directly affects battery life on mobile devices [11], and as such, excessive resource use could hinder adoption. Since devices already perform cryptographic signature verification the additional verification is not significantly different.…”

Section: Performance Evaluationmentioning

confidence: 99%

“…Second, markets enforce policies to deal with malicious applications. Some markets (e.g., Apple AppStore) vet applications prior to publication [11]. Others, such as Google Play, allow relatively unmoderated publication, but react to identified malware by removing it both from the market and from all (connected) devices that have already installed the malicious application.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Sweetening Android Lemon Markets: Measuring and Curbing Malware in Application Marketplaces

Vidas¹,

Christin²

2012

View full text Add to dashboard Cite

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. AbstractApplication marketplaces are the main software distribution mechanism for modern mobile devices but are also emerging as a viable alternative to brick-and-mortar stores for personal computers. While most application marketplaces require applications to be cryptographically signed by their developers, in Android marketplaces, self-signed certificates are common, thereby offering very limited authentication properties. As a result, there have been reports of malware being distributed through application "repackaging." We provide a quantitative assessment of this phenomenon by collecting 41,057 applications from 194 alternative Android application markets in October 2011, in addition to a sample of 35,423 applications from the official Google Android Market. We observe that certain alternative markets almost exclusively distribute repackaged applications containing malware. To remedy this situation we propose a simple verification protocol, and discuss a proof-of-concept implementation, AppIntegrity. AppIntegrity strengthens the authentication properties offered in application marketplaces, thereby making it more difficult for miscreants to repackage apps, while presenting very little computational or communication overhead, and being deployable without requiring significant changes to the Android platform.

show abstract

Section: Performance Evaluationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Sweetening Android Lemon Markets: Measuring and Curbing Malware in Application Marketplaces

Vidas¹,

Christin²

2012

View full text Add to dashboard Cite

show abstract

“…In this proposed system, opening and closing of a door is achieved by using an android application. [6] The owner can connect android application device to the system through GSM, which in term to connected to a microcontroller controlled door that can open/close the door by entering the password. This method is very convenient as one doesn't have to get down of his car to open/close the door physically.…”

Section: Design Implementationmentioning

confidence: 99%

Android Password based Door Opener System

Biradar¹,

M²,

Pavithra³

et al. 2017

International Journal of Advanced Research in Computer and Comm

View full text Add to dashboard Cite

This project presents a prototype security door that can be remotely controlled by a GSM phone set acting as the transmitter and another GSM phone set with a dual tone multi-frequency (DTMF) connected to the door motor through a DTMF decoder interfaced with micro controller unit and a stepper motor. The design is composed of four main functional modules, namely; the GSM module, the IR SENSOR module, GAS SENSOR module and the FIRE SENSOR module. The GSM module act as both transmitting and receiving unit employs the use of a mobile phone set serving as the communication device between the user at one end and the object of access (i.e. the door) at the other receiving end. The codes for this project was written in Embedded C language with Android application compiled by visual studio and keil software , the program run without error before it was burn onto the micro controller using a device called the programmer by placing the micro controller on it socket equal to the pin number.

show abstract

“…Thus, the UE will be increasingly vulnerable to mobile malware targeting the stored personal and sensitive information, such as bank credentials, SMSs/MMSs, audio/video files, emails, contacts and GPS coordinates, that attackers can exploit and misuse for financial gain. The malicious software will gain unauthorized access to the stored end-user's information, collect it and forward it to the owner of the malware through all of the UE's communication channels (Becher, 2011;Arabo, 2013;Flo, 2009). …”

Section: Mobile Malware Attacks Targeting Uementioning

confidence: 99%

“…To achieve disruption, the installed malicious software can use all available CPU cycles for junk computations leading to huge power consumption that will rapidly cause the depletion of the UE's power source. This attack falls in the category of Denial of Service attacks against UE (Becher, 2011). However, the above attacks can be also executed by mobile botnets in order to target many mobile end-users at the same time and in an automated way.…”

Section: Mobile Malware Attacks Targeting Uementioning

confidence: 99%