Effects of Wi-Fi and Bluetooth Battery Exhaustion Attacks on Mobile Devices

Lecture Notes in Computer Science

Johnson

Murmuria

et al. 2012

Abstract. Recent advances in the hardware capabilities of mobile handheld devices have fostered the development of open source operating systems and a wealth of applications for mobile phones and table devices. This new generation of smart devices, including iPhone and Google Android, are powerful enough to accomplish most of the user tasks previously requiring a personal computer. Moreover, mobile devices have access to Personally Identifiable Information (PII) including a full suite of location services, camera, microphone, among others. In this paper, we discuss the cyber threats that stem from these new smart device capabilities and the online application markets for mobile devices. These threats include malware, data exfiltration, exploitation through USB, and user and data tracking. We will present the ongoing GMU efforts to defend against or mitigate the impact of attacks against mobile devices. Our approaches involve analyzing the source code and binaries of mobile applications, hardening the device by using Kernel-level network and data encryption, and controlling the communication mechanisms for synchronizing the user contents with computers and other phones. We will also explain the enhanced difficulties in dealing with these security issues when the end-goal is to deploy security-enhanced smart phones into military and tactical scenarios. The talk will conclude with a discussion of our current and future research directions.

Section: Background and Related Workmentioning

confidence: 99%

Exposing Security Risks for Commercial Mobile Devices

Lecture Notes in Computer Science

Johnson

Murmuria

et al. 2012

“…Their work shows that attacks were mainly carried out through the MMS/SMS interfaces on the device. In addition, in [25] the authors show that applications can simply overuse the WiFi, Bluetooth or display of the device and eventually cause a denial of service attack. VirusMeter [24] models the power consumption and detects the malware based on power abnormality.…”

Section: Related Workmentioning

confidence: 99%

Implementing and Optimizing an Encryption Filesystem on Android

2012 IEEE 13th International Conference on Mobile Data Management

Murmuria

Stavrou

2012

Abstract-The recent surge in popularity of smart handheld devices, including smart-phones and tablets, has given rise to new challenges in protection of Personal Identifiable Information (PII). Indeed, modern mobile devices store PII for applications that span from email to SMS and from social media to location-based services increasing the concerns of the end user's privacy. Therefore, there is a clear need and expectation for PII data to be protected in the case of loss, theft, or capture of the portable device.In this paper, we present a novel FUSE (Filesystem in USErspace) encryption filesystem to protect the removable and persistent storage on heterogeneous smart gadget devices running the Android platform. The proposed filesystem leverages NIST certified cryptographic algorithms to encrypt the dataat-rest. We present an analysis of the security and performance trade-offs in a wide-range of usage and load scenarios. Using existing known micro benchmarks in devices using encryption without any optimization, we show that encrypted operations can incur negligible overhead for read operations and up to twenty (20) times overhead for write operations for I/Ointensive programs. In addition, we quantified the database transaction performance and we observed a 50% operation time slowdown on average when using encryption. We further explore generic and device specific optimizations and gain 10% to 60% performance for different operations reducing the initial cost of encryption. Finally, we show that our approach is easy to install and configure across all Android platforms including mobile phones, tablets, and small notebooks without any user perceivable delay for most of the regular Android applications.

“…Their work shows that attacks were mainly carried out through the MMS/SMS interfaces on the device. In addition, in [18] the authors show that applications can simply overuse the WiFi, Bluetooth or display of the device and eventually cause a denial of service attack. VirusMeter [17] modeled the power consumption and detect the malware based on power abnormality.…”

Section: Related Workmentioning

confidence: 99%

Exploiting smart-phone USB connectivity for fun and profit

Proceedings of the 26th Annual Computer Security Applications Conference

Stavrou

2010

The Universal Serial Bus (USB) connection has become the de-facto standard for both charging and data transfers for smart phone devices including Google's Android and Apple's iPhone. To further enhance their functionality, smart phones are equipped with programmable USB hardware and open source operating systems that empower them to alter the default behavior of the end-to-end USB communications. Unfortunately, these new capabilities coupled with the inherent trust that users place on the USB physical connectivity and the lack of any protection mechanisms render USB a insecure link, prone to exploitation. To demonstrate this new avenue of exploitation, we introduce novel attack strategies that exploit the functional capabilities of the USB physical link. In addition, we detail how a sophisticated adversary who has under his control one of the connected devices can subvert the other. This includes attacks where a compromised smart phone poses as a Human Interface Device (HID) and sends keystrokes in order to control the victim host. Moreover, we explain how to boot a smart phone device into USB host mode and take over another phone using a specially crafted cable. Finally, we point out the underlying reasons behind USB exploits and propose potential defense mechanisms that would limit or even prevent such USB borne attacks.