Mobile communication has various important issues such as congestion control, scarcity of radio spectrum, bandwidth utilization, and security. With increased number of threats in mobile devices, security has become the most important issue now-a-days. Security can be considered primarily at two levels; wireless transmission medium and mobile data level, where malicious applications execute their behavior by exploiting vulnerabilities present in mobile OS. The chapter also focuses on the latter one as these attacks can be easily performed by targeting vulnerabilities present in OS. The content is specifically on Android Operating System security as Android has become the largest installed base of mobile platform. This chapter specifies these vulnerabilities and focuses on malicious intentions of latest and sophisticated malware in detail. The chapter covers static and dynamic analysis tools as well as focuses on limitations of these methods for analyses. The results for malware samples with emulator detection capabilities show that these malware behaves more as benign samples.
TopIntroduction
Wireless communication is playing a vital role in our daily life due to the portability of wireless devices. Nearly every person is using many types of the wireless devices such as mobile phones, pagers, Global Positioning System (GPS), Remote controls of Home-entertainment-system, Remote door openers for Vehicles (WIRELESS Types). As large number of competing users transmit their data through wireless medium, stringent laws are mandatory to circumvent transmissions by interfering with the each other. Governments are spending a considerable amount of time in allocating specific frequencies for specific services to avoid interferences. These allocations are agreed world wide to minimize interferences.
According to applications and usages, wireless communication technology is further classified as Radio Communication, Cellular or Mobile Communication, Satellite Communication and Wi-Fi Communication. Among these, Cellular and Wi-Fi technologies are the most common technologies used in our daily life. Also, Cellular (mobile) technology is used by almost every person. Starting with simple regular handsets which were used just for phone calls, mobiles have turned our lives and have become an essential part in our lives. Mobiles have vast applications such as camera, music player, video calling, document readers, web browsing, chats, etc. The mobile phone market, which has 4.33 billion users in 2013 is likely to reach 5.13 billion users globally by 2017 (Internet Usage, 2014). The average mobile connection speed will increase 2.4-fold, from 1.7 Mbps in 2014 to 4.0 Mbps by 2019 (VNI). According to CNN Global News of January 2014, 55% of Internet usage was from Mobile devices and only 45% from PC in the United States. Out of 55% of mobile device Internet usage, mobile applications uses 47% of Internet traffic and remaining 8% is of mobile browsers (CNN, 2014).
There are many issues need to be focused in mobile communication such as congestion control, scarcity of radio spectrum, bandwidth utilization, security. Among these security issue is most important looking at cases of attacks happening on mobile devices. Security goals of Mobile Communication are also same as other networks: authentication, confidentiality, integrity, availability, and non-repudiation. Authentication is the process of verification of the identity of a user. Confidentiality means that read, write and execute of protected data or programs is allowed only by authorized people. In mobile communication, confidentiality of data is more important than any other requirement as it contains private data. Integrity ensures that the information or data is not altered or damaged by unauthorized users. Availability means the network is able to provide services as and when required (Sen et al., 2010).
In Mobile communication, one of the classification of attacks can be according to network protocol stack. Even a single attack can occur at any of the layer of protocol stack. Same DoS attack can occur in different layers in different ways, e.g. jamming at physical layer, hello flood attack at network layer, and SYN flood attack at transport layer (Sen et al., 2010). Figure 1 gives some examples of attacks implemented at various layers.
Figure 1. Attacks on protocol stack