Smartphone security in ubiquitous networking environments

Abstract

Currently researchers mainly focus on new countermeasures against malware, e.g. new malware analysis and detection technologies. With structure and functionality similar to computers, Smartphones also face the threat of the attacks of mobile malware. In terms of personal communication platform, the big market of Smartphones attracts and leaves room for malicious hackers to exploit the vulnerabilities in Smartphones for mischiefs or, even worse, for criminal gains. In terms of mobile social network platform, the ubiquitous networking security vulnerabilities have spread from the Internet to 3G, WiFi, and LTE networks. There is a chain of communication traversing multiple networks, enabling hackers to attack the weakest link - Smartphones, and hence causing significant damages to otherwise well protected networks. In this light, researchers gradually turn to focus on the Smartphones security. In this thesis, we make our contributions from following three aspects. Stealthy Video Capturer - New Video-based Spyware in 3G Smartphones As personal communication platforms, 3G Smartphones have become increasingly pervasive in recent years. Unfortunately they contain much personal and confidential information and are easily compromised. We will first address the privacyrelated Smartphone security, as well as relevant typical applications. We designed and implemented Stealthy Video Capturer (SVC), a new video-based spyware, on real 3G Smartphones. SVC can steal users' private information through secretly recording videos for the third party and transmitting them to that party. To our knowledge, our work is the first one that investigates video-based vulnerabilities in 3G Smartphones. We illustrate two practical applications of SVC, i.e. mobile forensics and child care. We anticipate that our work will draw widespread attention to this issue. 3G Real Time Video-based Mobile Guarder We investigate a novel technique to acquire comprehensive context information of remote Smartphone users, including surrounding environment, location and behaviors, for further information process, e.g. localization and human safeguard. Our system is simply launched by a normal 3G video call and to transmit the captured real time video in 3G connections. The technique makes use of the efficiency of 3G video call and thus zero-configuration for the call initiator. It can achieve the remote user's status on-demand and fast show a general view of the user for the call initiator, besides location based service. Moreover, no costly special devices other than normal 3G Smartphones are needed in our technique. It can also help to revise the inherent limitations of GPS by employing the surrounding environment information provided by captured real time video when lies indoor or dense high building districts. Smartphone Operating System Fingerprinting As mobile social network platform, there is an unavoidable potential threat for infected Smartphones propagating mobile malware to others in the ubiquitous networking environment. Moreover, stimulated by the fast growing popularity of wireless-enabled Smartphones and the inherent vulnerability of Smartphone operating system (OS), we investigate a new fingerprinting technique that identifies the Smartphone OS. The technique is greatly helpful for wireless network administrators to adaptively accommodate the network security policy based on the real time fingerprinting data. Different from existing schemes on Personal Computer (PC) OS fingerprinting, our fingerprinting technique is launched during the WiFi connection period of a Smartphone. The technique makes use of a new reliable metric called channel dwell time, which is the Smartphone's stay time on a certain channel in the normal probing process of Smartphones. Our technique can quickly identify the Smartphone operating system with high accuracy based on channel dwell time without any modification to or specific interaction with the Smartphone. Moreover no costly special apparatuses other than several normal PC or notebooks installed with WiFi cards are needed. Then we implement the technique and conduct extensive experiments with real world popular Smartphone OSes. Our experimental evaluation shows that our technique is applicable to most commercial Smartphones and reaches an average identification accuracy of up to 98.1%. This thesis is organized as follows. Chapter 1 describes the background of the thesis. Chapter 2 introduces the related work. Chapter 3 investigates the video-based vulnerabilities in 3G Smartphones, especially a new video-based spyware on 3G Smartphones. Chapter 4 develops an novel technique to acquire comprehensive context information of remote Smartphone users for further information process, e.g. localization and human safeguard. Chapter 5 exploits a new reliable metric called channel dwell time to quickly identify Smartphone OSes. Chapter 6 concludes this thesis.