Smartphone malware evolution revisited : Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.

Static smartphone malware detection

Static anaylsis represents an approach of checking source code or compiled code of applications before it gets executed. Chess and McGraw state that static anaylsis promises to identify common coding problems automatically. While manual code checking is also a form of static analysis, software tools are used in most cases in order to perform the checks. Chess and McGraw additionaly claim that good static checkers can help to spot and eradicate common security bugs.

Static analysis of executables for collaborative malware detection on Android

Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.

Detecting Symbian OS malware through static function call analysis

Smartphones become very critical part of our lives as they offer advanced capabilities with PC-like functionalities. They are getting widely deployed while not only being used for classical voice-centric communication. New smartphone malwares keep emerging where most of them still target Symbian OS. In the case of Symbian OS, application signing seemed to be an appropriate measure for slowing down malware appearance. Unfortunately, latest examples showed that signing can be bypassed resulting in new malware outbreak. In this paper, we present a novel approach to static malware detection in resource-limited mobile environments. This approach can be used to extend currently used third-party application signing mechanisms for increasing malware detection capabilities. In our work, we extract function calls from binaries in order to apply our clustering mechanism, called centroid. This method is capable of detecting unknown malwares. Our results are promising where the employed mechanism might find application at distribution channels, like online application stores. Additionally, it seems suitable for directly being used on smartphones for (pre-)checking installed applications.

An Android application sandbox system for suspicious software detection

Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.

Developing and benchmarking native Linux applications on Android

Smartphones get increasingly popular where more and more smartphone platforms emerge. Special attention was gained by the open source platform Android which was presented by the Open Handset Alliance (OHA) hosting members like Google, Motorola, and HTC. Android uses a Linux kernel and a stripped-down userland with a custom Java VM set on top. The resulting system joins the advantages of both environments, while third-parties are intended to develop only Java applications at the moment. In this work, we present the benefit of using native applications in Android. Android includes a fully functional Linux, and using it for heavy computational tasks when developing applications can bring in substantional performance increase. We present how to develop native applications and software components, as well as how to let Linux applications and components communicate with Java programs. Additionally, we present performance measurements of native and Java applications executing identical tasks. The results show that native C applications can be up to 30 times as fast as an identical algorithm running in Dalvik VM. Java applications can become a speed-up of up to 10 times if utilizing JNI.

Google Android : a comprehensive introduction

Google Android, Google's new product and its first attempt to enter the mobile market, might have an equal impact on mobile users like Apple's hyped product, the iPhone. In this Technical report we are going to present the Google Android platform, what Android is, describe why it might be considered as a worthy rival to Apple's iPhone. We will describe parts of its internals, take a look "under the hood" while explaining components of the underlying operating system. We will show how to develop applications for this platform, which difficulties a developer might have to face, and how developers can possibly use other programming languages to develop for Android than the propagated language Java.

Articulating wider smartphone emerging security issues in the case of M-government in Turkey

For the last several years, mobile devices and platform security threats, including wireless networking technology, have been top security issues. A departure has occurred from automatic anti-virus software based on traditional PC defense: risk management (authentication and encryption), compliance, and disaster recovery following polymorphic viruses and malware as the primary activities within many organizations and government services alike. This chapter covers research in Turkey as a reflection of the current market – e-government started officially in 2008. This situation in an emerging country presents the current situation and resistances encountered while engaging with mobile and e-government interfaces. The authors contend that research is needed to understand more precisely security threats and most of all potential solutions for sustainable future intention to use m-government services. Finally, beyond m-government initiatives' success or failure, the mechanisms related to public administration mobile technical capacity building and security issues are discussed.

Enhancing security of linux-based android devices

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.

Smartphone malware based on synchronisation vulnerabilities

Smartphones are mobile phones that offer processing power and features like personal computers (PC) with the aim of improving user productivity as they allow users to access and manipulate data over networks and Internet, through various mobile applications. However, with such anywhere and anytime functionality, new security threats and risks of sensitive and personal data are envisaged to evolve. With the emergence of open mobile platforms that enable mobile users to install applications on their own, it opens up new avenues for propagating malware among various mobile users very quickly. In particular, they become crossover targets of PC malware through the synchronization function between smartphones and computers. Literature lacks detailed analysis of smartphones malware and synchronization vulnerabilities. This paper addresses these gaps in literature, by first identifying the similarities and differences between smartphone malware and PC malware, and then by investigating how hackers exploit synchronization vulnerabilities to launch their attacks.

Modeling malware propagation in smartphone social networks

Smartphones have become an integral part of our everyday lives, such as online information accessing, SMS/MMS, social networking, online banking, and other applications. The pervasive usage of smartphones also results them in enticing targets of hackers and malware writers. This is a desperate threat to legitimate users and poses considerable challenges to network security community. In this paper, we model smartphone malware propagation through combining mathematical epidemics and social relationship graph of smartphones. Moreover, we design a strategy to simulate the dynamic of SMS/MMS-based worm propagation process from one node to an entire network. The strategy integrates infection factor that evaluates the propagation degree of infected nodes, and resistance factor that offers resistance evaluation towards susceptible nodes. Extensive simulations have demonstrated that the proposed malware propagation model is effective and efficient.

Comparative mobile platforms security solutions

 Mobile platform security solution has become especially important for mobile computing paradigms, due to the fact that increasing amounts of private and sensitive information are being stored on the smartphones' on-device memory or MicroSD/SD cards. This paper aims to consider a comparative approach to the security aspects of the current smartphone systems, including: iOS, Android, BlackBerry (QNX), and Windows Phone.

Security and privacy of users' personal Information on smartphones

 This research investigated the proliferation of malicious applications on smartphones and a framework that can efficiently detect and classify such applications based on behavioural patterns was proposed. Additionally the causes and impact of unauthorised disclosure of personal information by clean applications were examined and countermeasures to protect smartphone users’ privacy were proposed.

A review of security protocols in mHealth Wireless Body Area Networks (WBAN)

The popularity of smartphones has led to an increasing demand for health apps. As a result, the healthcare industry is embracing mobile technology and the security of mHealth is essential in protecting patient’s user data and WBAN in a clinical setting. Breaches of security can potentially be life-threatening as someone with malicious intentions could misuse mHealth devices and user information. In this article, threats to security for mHealth networks are discussed in a layered approach addressing gaps in this emerging field of research. Suite B and Suite E, which are utilized in many security systems, including in mHealth applications, are also discussed. In this paper, the support for mHealth security will follow two approaches; protecting patient-centric systems and associated link technologies. Therefore this article is focused on the security provisioning of the communication path between the patient terminal (PT; e.g., sensors) and the monitoring devices (e.g., smartphone, data-collector).

Integrated luminescent chemical microsensors based on GaN LEDs for security applications using smartphones

Development of PCB-integrateable microsensors for monitoring chemical species is a goal in areas such as lab-on-a-chip analytical devices, diagnostics medicine and electronics for hand-held instruments where the device size is a major issue. Cellular phones have pervaded the world inhabitants and their usefulness has dramatically increased with the introduction of smartphones due to a combination of amazing processing power in a confined space, geolocalization and manifold telecommunication features. Therefore, a number of physical and chemical sensors that add value to the terminal for health monitoring, personal safety (at home, at work) and, eventually, national security have started to be developed, capitalizing also on the huge number of circulating cell phones. The chemical sensor-enabled “super” smartphone provides a unique (bio)sensing platform for monitoring airborne or waterborne hazardous chemicals or microorganisms for both single user and crowdsourcing security applications. Some of the latest ones are illustrated by a few examples. Moreover, we have recently achieved for the first time (covalent) functionalization of p- and n-GaN semiconductor surfaces with tuneable luminescent indicator dyes of the Ru-polypyridyl family, as a key step in the development of innovative microsensors for smartphone applications. Chemical “sensoring” of GaN-based blue LED chips with those indicators has also been achieved by plasma treatment of their surface, and the micrometer-sized devices have been tested to monitor O2 in the gas phase to show their full functionality. Novel strategies to enhance the sensor sensitivity such as changing the length and nature of the siloxane buffer layer are discussed in this paper.