- Email: [email protected]
Reviews on Cybercrime Affecting Portable Devices
Available online at www.sciencedirect.com
ScienceDirect Procedia Technology 11 (2013) 650 – 657
The 4th International Conference on Electrical Engineering and Informatics (ICEEI 2013)
Reviews on Cybercrime Affecting Portable Devices Seyedmostafa Safavi*, Zarina Shukur, Rozilawati Razali Unit of Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia,43600 Bangi, Malaysia
Abstract The popularity of mobile devices in the market is impressive, but this influx of different products has made it difficult for users to secure their infrastructures from potential data breaches. As the number of exposures and attacks increase, there has been a corresponding rise in security solutions offered by researchers. This article reviews the literature to prevent the cybercrime affecting portable devices especially smartphones running Android OS. Extant researches are analyzed and opportunities for future research are identified. Four research questions have been developed and out of 493 articles retrieved, 33 articles have been selected to be analyzed. From the analysis, we have found that Data leakage resulting from device loss or theft, unintentional disclosure of data and phishing attacks are most common between attackers. With no doubt, security investigators have stressed the grandness of protecting classified personal data residing in Android portable devices. They have suggested to use the permission-based security model and behavior-based detection method for protecting classified information. In result we found that Android OS can handle and apply the integrated protection model but still there are opportunities for us to improve the security of personal data. © © 2013 2013 The The Authors. Authors.Published PublishedbybyElsevier ElsevierB.V. Ltd. Selection Science && Technology, Universiti Kebangsaan Selection and and peer-review peer-reviewunder underresponsibility responsibilityofofthe theFaculty FacultyofofInformation Information Science Technology, Universiti Kebangsaan Malaysia. Malaysia. Keywords: Mobile security; Prevent cybercrime; Android; Portable device ;
1. Introduction The mobile phone is a globally recognized communication device [1]. Over the past decade, the rapid procession of semiconductor and related technology has minimized resource constraints in smartphones like CPU and memory, their performance and functions were developed consequently. * Corresponding author. Tel.: +1-323-523-5771 ; E-mail address: [email protected]
2212-0173 © 2013 The Authors. Published by Elsevier Ltd. Selection and peer-review under responsibility of the Faculty of Information Science & Technology, Universiti Kebangsaan Malaysia. doi:10.1016/j.protcy.2013.12.241
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
651
Similarly, market for smartphones has expanded by nineteen percent in the past year [2]. According to IDC, vendors transported a total of 482.5 million cellphones in 4th quarter of 2012 compared to 473.4 million units in 2011. According to the recent statistics provided by ITU [3](2012), total mobile-cellular subscriptions reached almost six billion by the end of 2011, corresponding to a worldwide penetration of eighty-six percent and growth was taken by modernizing areas. Mixing traditional cellphones with computing devices, make them handy and much essential tools in everyday life [4]. The handiness of these ubiquitous and mobile services has significantly expanded due to the different form of connectivity offered by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. According to Technology Research-Gartner recently, the number of Operating Systems sales unit for smartphones has been raised as shown in Figure 1[5] . Consequently, smartphones may now present an ideal target for malware programmers. Due to the increasing Android fame as presented in Figure 1, we have tremendous increase on use and sale of Android devices that equals to 28.6 Percent from whole market in 2012 quarter 3. There are now over 700,000 applications on Google Play [6]and over 25 billion Android applications have been downloaded officially [7]. There are at present a large number of malicious marketers pointing this platform. End users are being successfully hacked on a regular basis. Therefore we choose the Android OS as a most popular OS to concentrate our study on them. The sale per units of Android devices according to Technology Research-Gartner has increased since 2007 quarter 1 as shown in Figure 1.
Fig. 1. World-Wide Smartphones Sales (Thousands of Units) (Source: Technology Research-Gartner)
The objectives of this study is to find out about research done for measures being taken to protect users personalized information in Android OS, check whether it can handle and secure the data and identify the best mechanism for it. We also examine the different attack methods and the extent of damages done to portable devices. This paper is organized into four sections. In section 1, we have discussed about introduction. In section 2, we have presented our systematic literature review and methodology. In Section 3, we have presented our analysis, based on the past research studies as well as books. Finally, in Section 4, we have summarized and presented our conclusions.
652
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
2. Methodology The purpose of this study is to review previous studies that can help to prevent the cybercrime affecting portable devices especially smartphones running Android OS. Therefore, we have used systematic literature review (SLR) to obtain the data used in this study. The four research questions that have been prepared for that purpose are as follows: Q1. Has research addressed significance of protecting personalized information in Android operating system and have they suggested any countermeasures? Q2. Is the Android OS able to handle and apply the integrated protection model to secure classified information? Q3. Which security mechanism is the most capable in protecting data and enabling user secrecy in Android OS? Q4. What sort of attack method is the most common and the extent of their damages to portable devices? The search process for articles that addresses issues appropriate to the research questions was conducted using a number of databases and one search engine. The studies were searched electronically to cover a comprehensive range of literature. The electronic search sources used to locate the relevant studies are listed in Table 1. In order to search all appropriate resources, the search terms or keywords of each question were identified as in Table 2. Finally, the total numbers of articles were retrieved, filtered and obtained, shown in Table 3. Table 1: Search Process Sources Major Subject Focuses Databases Search Engines
Databases Computer Science( ACM, IEEE, Scopus, Springer, Cambridge, ISI, Ebscohost, Science Direct) Google Scholar
Table 2: Keywords Research Question Q1
Q2 Q3
Q4
Keywords Mobile device security, security for mobile devices, mobile devices security risks, data security in the cloud, privacy and the cloud, protect sensitive data, ethical use and protection of sensitive data, protecting personal information, data security breaches, data breach protection, breach of data confidentiality, data protection breach examples, data security and privacy, cloud data privacy Mobile data security, mobile security threats, security on mobile phones, mobile phones security, security in mobile phones, security software android Cloud security issues, android security issues, data security issues, smartphone security issues, mobile security issues, personal data security, secure personal information, best cloud security, best security protection, mobile device security policy, security of mobile devices, mobile device security best practices, information security best practices, cyber security threats, cyber security certification, cyber security data, cyber security consulting Attack Android, attacking Android smartphones, malware attacks Android smartphones
Table 3: Keywords Research Question Q1 Q2 Q3 Q4 Total
Total reference retrieved 90 140 123 140 493
After excluded duplicate 67 73 82 59 281
After abstract
After full text screened
52 59 78 46 235
18 4 6 5 33
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
Steps of filtering articles: 1: All related articles that were published between January 2008 and January 2013. 2: Articles that were accessible with its full text. With respect to Q1, articles on the following topics were excluded: x Articles that do not discuss about classified personalized information in android portable devices With respect to Q2, articles on the following topics were excluded: x Articles that do not discuss about handling and application of integrated protection in android portable devices With respect to Q3, articles on the following topics were excluded: x Articles that do not discuss about security mechanisms that protect classified information in android portable devices. With respect to Q4, articles on the following topics were excluded: x Articles that do not discuss about attack methods on android portable devices 3. ANALYSIS Q1. Has research addressed significance of protecting personalized information in Android operating system and have they suggested any countermeasures? Security investigators have stressed the grandness of protecting classified personal data residing in Android portable devices. Wei Tang et al.[ 8 ] reported that the android third party application that requested the READ_PHONE_STATE permission also requested a number of other permissions such as the INTERNET (allowing access to the Internet) may cause the loss of personal data. D. Barrera et al. [9] acknowledged that due to a peculiarity in the current Android implementation, applications sharing a UID i can display no requested permissions and still perform privileged operations in one case observed from the dataset, obtaining full internet access, location data and personal data. Wei Tang et al. [ 10 ] reported that without other useful data information, the phone information alone will not cause any personal data leak problem but due to the popularity of online payment using text messages, the combination of RECEIVE_SMS and SEND_SMS will have a greater impact upon the user. Android platform for portable device becomes a target for hackers as the increase in use of smartphones, personal data stored and accessed on mobile platforms has also risen. Additionally, malware available for these highly used devices has risen at an alarming rate, according to Juniper Networks, Inc. [11] The study showed that the malware available for Android increased by 400%, and a recent study showed that the amount of spyware for 2011 grew by 155% across all platforms. Although Android has become one of the most popular OS for many mobile phones, research studies have ([12],[13],[ 14]) suggested further considerations for its security model. W. Enck et al.[15 ] described how Android application development components interact with the system, and addressed some issues that may be dealt with during their attempt on unmasking the complexity of secure application development. Moreover, A. Shabtai et al. [16]. presented a security assessment of the Android framework and identified high-risk threats to the framework and suggest several security solutions for mitigating them. W. Shin et al.[17] addressed a flaw in the permission scheme of Android, pointing out that the security of the framework depends on a large extent on the owner of a device since the authorization decisions are mainly made by the users. Thus, the permission scheme imposes much of the administrative burden on to the user instead of keeping it simple. To mitigate its vulnerability, many research studies in improving the security of the Android OS are being conducted. W. Enck et al.[18] proposed a lightweight certification application based on evaluating the combination of permission for Android applications. W. Shin et al.[19], [20] presented the permission mechanism for the Android system in terms of a state machine by defining how permissions, applications, components, authorizations, and states work. They also proposed a formal model of the Android permission scheme by describing the scheme specifying entities and relationships, and providing a state-based model which includes the behavior specification of
i
A user ID (UID) is a unique positive integer assigned by a Unix-like operating system to each user.
653
654
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
permission authorization and the interactions between application components. M. Nauman et al. [21] presented Apex, a policy enforcement framework for Android, which allows users to selectively grant permissions to applications as well as impose constraints on the usage of resources. M. Ongtang et al. [22] presented a modified infrastructure that governs install-time permission assignment. However, due to the challenges in discovering diverse malicious applications, many visualization techniques have been applied to explore and monitor them. S. Noel et al. [23 ] described an approach that analyzes vulnerability dependencies and shows all possible attack paths on a network. In their research, the authors applied graph visualizations to provide the users with high-level overviews and an interface to drill down in detail to analyze sophisticated attacks. Using the permission-based security model of the Android, D. Barrera et al.[ 24 ] performed an empirical analysis by applying the Self-Organizing Map (SOM) algorithm in order to evaluate the granularity of the access control permissions. Therefore, we observed that researches addressed the significance of protecting classified personalized information in android portable devices. Q2. Is the Android OS able to handle and apply the integrated protection model to secure classified information? The OS of android provides advance computing capabilities with higher quad-core processor technology it may work almost like desktop computer, and we can replace the PC with portable device. M. V. Pedersen et al.[25] acknowledged the improvement of phone from simple phone calls in the past. In addition, H. Banuri et al.[ 26 ] acknowledged that the android architecture comprises of four layers. Android applications are placed on top of the Android layer stack, which is supported underneath by three layers that include application framework, Android runtime, and Linux kernel. Linux kernel is used as a separation between hardware and the remaining software stack of Android. Android relies on kernel for managing low-level system resources such as memory management, security model, network stack, and process management.
Fig. 2. Android system architecture. Green items are written in C/C++, blue items are written in Java and run in the Dalvik VM. Image taken from [What is Android?][27]
In the latest version of the Android OS, called Jelly Bean 4.2.2, the company provided multicore processors, Android Beam, USB audio docks, graphical user interface (GUI), and the capability of applications to multitask. Therefore, researchers can provide client side security due to physical and programming specification of Android devices. It can provide its own security policy and it will be more independent from server side security. The only problem is average users that cannot use 3rd party applications or provider’s policy to secure their devices from vulnerabilities.
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
Q3. Which security mechanism is the most capable in protecting data and enabling user secrecy in Android OS? The rapid growth of smartphones has led to a renaissance for mobile application services. Te-En Wei[28] reported Android as the most popular smartphone platform. Android offers a public marketplace named Google Play operated with various approaches to prevent malware. In Android platform, developers cannot directly deliver their applications in the Android market without strict review process, but we have to mention that application maker is capable to upload their program to the non-official marketplace (i.e., Applanet, AppBrain and so on). Te-En Wei[28] proposed an automatic Android malware detection mechanism based on the result from sandbox. R. Mahmood [29] described an Android-specific program analysis technique. This is capable of generating a large number of test cases for fuzzing an application as well as a test bed , which provides the generated test cases . It executes them in parallel based on numerous emulated Androids running on the cloud . T. Bläsing[30] added that a sandbox might be used to improve the efficiency of classical anti-virus applications available for the Android OS. After proper investigation of the methods to protect personal information, we have realized that behavior-based detection method is still capable and can help the end user to protect information in portable devices running Android OS. The following are the 4 steps that can provide with pure security to the device: x
x
x
x
STATIC ANALYSIS: An .apk file extension denotes an Android Package (APK) file. This file is a form of the JAR data format, is applied for distributing and setting up bundled components onto the Android OS. Initially, they decompile the .apk file to produce a comparative program as the sample. Then, additional .apk file will be analyzed whether it holds the factors of the comparative program. If they discover the genes, there are running behaviors in the .apk program like in the sample program. SANDBOX: A sandbox which is a security mechanism for separating running programs will be created. It can assure the executive environment of the mobile application non-interfered. Sandbox is often used in PC, not in the mobile communication device. They should examine and research the principle of sandbox to implement it into mobile phones forbidding the uncertainty and impracticality. VIRTUAL MACHINE: A significant approach to get the running behaviors of mobile applications is supported by the research of virtual machine. An independent mobile application executing in a virtual machine can be remarked by external application easily. In addition, they should examine and explore the clone of all mobile phone environments and the executing state of the mobile application in additional phones and virtual machines in detail. DETECTION PROCESS: Detection module is used to discover the behavior of applications or other files executing in the server sandbox. In server virtual environment, they will run the malware, set up the application which includes the malicious behaviors, generate the sandbox and get behaviors and tracing data of the application. Specifically, they will execute the application in virtual machine bit by bit. In all steps, they will discover the output and the prospect of access to storage location. They will set the observation triggers in classified locations and files which are automatically triggered, will be reported to detection module of certain activity.
In addition, we may consider behavior-based detection methods working mostly on server base. One of the disadvantages of this method is the need to have internet connectivity that can bring more security issues but still because of proper protection in this method, we may consider it as a best protection method. Q4. What sort of attack method is the most common and the extent of their damages to portable devices? Some examples of future risks associated with a smartphone include: data leakage resulting from device loss or theft; unintentional disclosure of data; attacks on decommissioned devices; phishing attacks; spyware attacks; network spoofing attacks; surveillance attacks; diallerware attacks. Engineering & Technology[31] point out that the most popular attacks used by hackers are mostly email attacks that promise them to bring confidential data to compromise or other way to spam victim's portable device. Actually, the hackers mostly download useful applications and popular video games and after attaching the malware source put them again available in non-recognize markets to attract users and get to the point of installing mobile malware in victim’s machine. In addition to Costin Raiu, Kaspersky[32] reported in August 2010, that they identified the first
655
656
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
Trojan for the Android platform – Trojan-SMS. In less than a year, Android malware quickly exploded and became the most popular mobile malware in its category. This trend became obvious in the third quarter of 2011 and finally in November 2011 when Kaspersky uncovered over 1,000 malicious samples for Android, which is almost as many as all the mobile malware they have discovered in the past six years. 4. Conclusion and discussion The intention of this paper was to review on cybercrime involving movable devices specially smartphones carrying Android OS and to look into the security risks associated with privacy-sensitive information, specified as transactions that need exposing confidential personal information. We have used systematic literature review for this study. Four research questions have been designed, and we collected 493 articles to analyze the collection. From the collection, we have chosen thirty-three articles to do the investigation. We suggested further considerations for Android OS security model because malware available for these highly used devices has risen at an alarming rate. The study showed that the malware available for Android increased by 400%. In the latest version of the Android OS, called Jelly Bean 4.2.2, the company provides multicore processors, Android Beam and the capability of applications to multitask. Therefore, researchers can provide client side security due to physical and programming specification of Android devices. Automatic Android malware detection mechanism based on the result from sandbox is one of the most popular protection methods for personal information. Through our research and after examining the methods to protect personal information. We can infer that behavior-based detection method is still the most powerful method that can help end user to protect information in portable devices running Android OS. We have found from the analysis that Data leakage resulting from device loss or theft, unintentional disclosure of data, phishing and spoofing attacks are most common between attackers. After comparing the most common attack method between attackers, we proposed email attacks as the most popular which enable the hacker to extract confidential data from portable devices. As a result, we discovered that OSs can manage and apply the integrated security model, but still there are chances for us to improve the security for classified personal data. In addition, we have suggested that more research is required in providing a security assessment for the Android framework and identifying high-risk threats to the proper policy enforcement for Android devices.
References [1]
Matti Haverila, "Behavioral aspects of cell phone usage among youth: an exploratory study", Young Consumers: Insight and Ideas for Responsible Marketers, (2011),Vol. 12 Iss: 4 pp. 310 - 325 [2] Welderufael Berhane Tesfay, Todd Booth, and Karl Andersson, "Reputation Based Security Model for Android Applications", 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications. 2012. [3] The International Telecommunication Union (ITU) report on 2012 [4] H. S. Chiang and W. J. Tsaur, “Mobile malware behavioral analysis and preventive strategy using ontology, in Proc. the 2010 IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT 2010), pp. 1080-1085, 2010. [5] Gartner Research, “Gartner Says Worldwide Mobile Phone Sales Grew 35 Percent in Third Quarter 2010; Smartphone Sales Increased 96 Percent,” 2010. [Online. http://www.gartner.com/it/page.jsp?id=1466313] [6] Google Says 700,000 Applications Available for Android". Bloomberg Businessweek. 29 October 2012. Retrieved 5 November 2011. [Online: http://www.businessweek.com/news/2012-10-29/google-says-700-000-applications-available-for-android-devices] [7] Zachary Lutz (26 September 2012). "Google Play celebrates 25 billion downloads with 25 cent apps, discounted books, music, and movies". Engadget.com. Retrieved 5 November 2012. Online: http://www.engadget.com/2012/09/26/google-play-hits-25-billion-app-downloads [8] Wei Tang, Guang Jin, Jiaming He, Xianliang Jiang , Feb 2011 [9] David Barrera, Jeremy Clark, Daniel McCarney, SPSM’12, Oct 2012 [10] Wei Tang, Guang Jin, Jiaming He, Xianliang Jiang , Feb 2011 [11] Juniper Networks, Inc, May-2011
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
[12] W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, New York, NY, U.S.A., pp. 235–245, 2009. [13] A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer. “Google android: A comprehensive security assessment,” Security Privacy, IEEE, 8(2):35 –44, 2010. [14] W. Shin, S. Kwak, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A small but non-negligible flaw in the android permission scheme,” Policies for Distributed Systems and Networks, IEEE International Workshop, pp. 107-110, 2010. [15] W. Enck, M. Ongtang, and P. McDaniel, “Understanding android security,” IEEE Security and Privacy, pp. 7:50–57, January 2009. [16] A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer. “Google android: A comprehensive security assessment,” Security Privacy, IEEE, 8(2):35 –44, 2010. [17] W. Shin, S. Kwak, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A small but non-negligible flaw in the android permission scheme,” Policies for Distributed Systems and Networks, IEEE International Workshop, pp. 107-110, 2010. [18] W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, New York, NY, U.S.A., pp. 235–245, 2009. [19] W. Shin, S. Kiyomoto, K. Fukushima, and T. Tanaka, “Towards formal analysis of the permission-based security model for android,” In Proceedings of the 2009 Fifth International Conference on Wireless and Mobile Communications, ICWMC ’09, Washington, D.C., U.S.A., pp. 87–92, 2009. [20] W. Shin, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A formal model to analyze the permission authorization and enforcement in the android framework,” Social Computing / IEEE International Conference on Privacy, Security, Risk and Trust, pp. 944– 951, 2010. [21] M. Nauman, S. Khan, and X. Zhang, “Apex: extending android permission model and enforcement with user-defined runtime constraints,” In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS ’10, New York, NY, USA, pp. 328–332, 2010. [22] M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel, “Semantically rich application-centric security in android,” In ACSAC 09: Annual Computer Security Applications Conference, 2009. [23] S. Noel, M. Elder, S. Jajodia, P. Kalapa, S. O’Hare, and K. Prole, “Advances in topological vulnerability analysis,” In Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security, Washington, DC, U.S.A., pp. 124–129, 2009. [24] D. Barrera, H. G. u. c. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” In Proceedings of the 17th ACM Conference on Computer and Communication Security, CCS’10, New York, NY, U.S.A, pp. 73-84, 2010. [25] Morten V. Pedersen, Frank H. P. Fitzek, May 2012 [26] Hammad Banuri, Masoom Alam, Springer Jan 2011 [27] GOOGLE INC. (Hrsg.): Android Software Development Kit (SDK). Google Inc., http://developer.android.com/sdk/index.html. – Android 2.2, Release 2 [28] Te-En Wei; Ching-Hao Mao; Jeng, A.B.; Hahn-Ming Lee; Horng-Tzer Wang; Dong-Jie Wu, "Android Malware Detection via a Latent Network Behavior Analysis," Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on , vol., no., pp.1251,1258, 25-27 June 2012 [29] Nariman Mirzaei, Sam Malek, Corina S. Păsăreanu, Naeem Esfahani, and Riyadh Mahmood. 2012. Testing android apps through symbolic execution. SIGSOFT Softw. Eng. Notes 37, 6 (November 2012), 1-5. DOI=10.1145/2382756.2382798 http://doi.acm.org/10.1145/2382756.2382798 [30] Bläsing, T.; Batyuk, L.; Schmidt, A.-D.; Camtepe, S.A.; Albayrak, S., "An Android Application Sandbox system for suspicious software detection," Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on , vol., no., pp.55,62, 1920 Oct. 2010 [31] Engineering & Technology March 2012 [32] Costin Raiu, Kaspersky, March 2012
657
ScienceDirect Procedia Technology 11 (2013) 650 – 657
The 4th International Conference on Electrical Engineering and Informatics (ICEEI 2013)
Reviews on Cybercrime Affecting Portable Devices Seyedmostafa Safavi*, Zarina Shukur, Rozilawati Razali Unit of Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia,43600 Bangi, Malaysia
Abstract The popularity of mobile devices in the market is impressive, but this influx of different products has made it difficult for users to secure their infrastructures from potential data breaches. As the number of exposures and attacks increase, there has been a corresponding rise in security solutions offered by researchers. This article reviews the literature to prevent the cybercrime affecting portable devices especially smartphones running Android OS. Extant researches are analyzed and opportunities for future research are identified. Four research questions have been developed and out of 493 articles retrieved, 33 articles have been selected to be analyzed. From the analysis, we have found that Data leakage resulting from device loss or theft, unintentional disclosure of data and phishing attacks are most common between attackers. With no doubt, security investigators have stressed the grandness of protecting classified personal data residing in Android portable devices. They have suggested to use the permission-based security model and behavior-based detection method for protecting classified information. In result we found that Android OS can handle and apply the integrated protection model but still there are opportunities for us to improve the security of personal data. © © 2013 2013 The The Authors. Authors.Published PublishedbybyElsevier ElsevierB.V. Ltd. Selection Science && Technology, Universiti Kebangsaan Selection and and peer-review peer-reviewunder underresponsibility responsibilityofofthe theFaculty FacultyofofInformation Information Science Technology, Universiti Kebangsaan Malaysia. Malaysia. Keywords: Mobile security; Prevent cybercrime; Android; Portable device ;
1. Introduction The mobile phone is a globally recognized communication device [1]. Over the past decade, the rapid procession of semiconductor and related technology has minimized resource constraints in smartphones like CPU and memory, their performance and functions were developed consequently. * Corresponding author. Tel.: +1-323-523-5771 ; E-mail address: [email protected]
2212-0173 © 2013 The Authors. Published by Elsevier Ltd. Selection and peer-review under responsibility of the Faculty of Information Science & Technology, Universiti Kebangsaan Malaysia. doi:10.1016/j.protcy.2013.12.241
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
651
Similarly, market for smartphones has expanded by nineteen percent in the past year [2]. According to IDC, vendors transported a total of 482.5 million cellphones in 4th quarter of 2012 compared to 473.4 million units in 2011. According to the recent statistics provided by ITU [3](2012), total mobile-cellular subscriptions reached almost six billion by the end of 2011, corresponding to a worldwide penetration of eighty-six percent and growth was taken by modernizing areas. Mixing traditional cellphones with computing devices, make them handy and much essential tools in everyday life [4]. The handiness of these ubiquitous and mobile services has significantly expanded due to the different form of connectivity offered by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. According to Technology Research-Gartner recently, the number of Operating Systems sales unit for smartphones has been raised as shown in Figure 1[5] . Consequently, smartphones may now present an ideal target for malware programmers. Due to the increasing Android fame as presented in Figure 1, we have tremendous increase on use and sale of Android devices that equals to 28.6 Percent from whole market in 2012 quarter 3. There are now over 700,000 applications on Google Play [6]and over 25 billion Android applications have been downloaded officially [7]. There are at present a large number of malicious marketers pointing this platform. End users are being successfully hacked on a regular basis. Therefore we choose the Android OS as a most popular OS to concentrate our study on them. The sale per units of Android devices according to Technology Research-Gartner has increased since 2007 quarter 1 as shown in Figure 1.
Fig. 1. World-Wide Smartphones Sales (Thousands of Units) (Source: Technology Research-Gartner)
The objectives of this study is to find out about research done for measures being taken to protect users personalized information in Android OS, check whether it can handle and secure the data and identify the best mechanism for it. We also examine the different attack methods and the extent of damages done to portable devices. This paper is organized into four sections. In section 1, we have discussed about introduction. In section 2, we have presented our systematic literature review and methodology. In Section 3, we have presented our analysis, based on the past research studies as well as books. Finally, in Section 4, we have summarized and presented our conclusions.
652
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
2. Methodology The purpose of this study is to review previous studies that can help to prevent the cybercrime affecting portable devices especially smartphones running Android OS. Therefore, we have used systematic literature review (SLR) to obtain the data used in this study. The four research questions that have been prepared for that purpose are as follows: Q1. Has research addressed significance of protecting personalized information in Android operating system and have they suggested any countermeasures? Q2. Is the Android OS able to handle and apply the integrated protection model to secure classified information? Q3. Which security mechanism is the most capable in protecting data and enabling user secrecy in Android OS? Q4. What sort of attack method is the most common and the extent of their damages to portable devices? The search process for articles that addresses issues appropriate to the research questions was conducted using a number of databases and one search engine. The studies were searched electronically to cover a comprehensive range of literature. The electronic search sources used to locate the relevant studies are listed in Table 1. In order to search all appropriate resources, the search terms or keywords of each question were identified as in Table 2. Finally, the total numbers of articles were retrieved, filtered and obtained, shown in Table 3. Table 1: Search Process Sources Major Subject Focuses Databases Search Engines
Databases Computer Science( ACM, IEEE, Scopus, Springer, Cambridge, ISI, Ebscohost, Science Direct) Google Scholar
Table 2: Keywords Research Question Q1
Q2 Q3
Q4
Keywords Mobile device security, security for mobile devices, mobile devices security risks, data security in the cloud, privacy and the cloud, protect sensitive data, ethical use and protection of sensitive data, protecting personal information, data security breaches, data breach protection, breach of data confidentiality, data protection breach examples, data security and privacy, cloud data privacy Mobile data security, mobile security threats, security on mobile phones, mobile phones security, security in mobile phones, security software android Cloud security issues, android security issues, data security issues, smartphone security issues, mobile security issues, personal data security, secure personal information, best cloud security, best security protection, mobile device security policy, security of mobile devices, mobile device security best practices, information security best practices, cyber security threats, cyber security certification, cyber security data, cyber security consulting Attack Android, attacking Android smartphones, malware attacks Android smartphones
Table 3: Keywords Research Question Q1 Q2 Q3 Q4 Total
Total reference retrieved 90 140 123 140 493
After excluded duplicate 67 73 82 59 281
After abstract
After full text screened
52 59 78 46 235
18 4 6 5 33
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
Steps of filtering articles: 1: All related articles that were published between January 2008 and January 2013. 2: Articles that were accessible with its full text. With respect to Q1, articles on the following topics were excluded: x Articles that do not discuss about classified personalized information in android portable devices With respect to Q2, articles on the following topics were excluded: x Articles that do not discuss about handling and application of integrated protection in android portable devices With respect to Q3, articles on the following topics were excluded: x Articles that do not discuss about security mechanisms that protect classified information in android portable devices. With respect to Q4, articles on the following topics were excluded: x Articles that do not discuss about attack methods on android portable devices 3. ANALYSIS Q1. Has research addressed significance of protecting personalized information in Android operating system and have they suggested any countermeasures? Security investigators have stressed the grandness of protecting classified personal data residing in Android portable devices. Wei Tang et al.[ 8 ] reported that the android third party application that requested the READ_PHONE_STATE permission also requested a number of other permissions such as the INTERNET (allowing access to the Internet) may cause the loss of personal data. D. Barrera et al. [9] acknowledged that due to a peculiarity in the current Android implementation, applications sharing a UID i can display no requested permissions and still perform privileged operations in one case observed from the dataset, obtaining full internet access, location data and personal data. Wei Tang et al. [ 10 ] reported that without other useful data information, the phone information alone will not cause any personal data leak problem but due to the popularity of online payment using text messages, the combination of RECEIVE_SMS and SEND_SMS will have a greater impact upon the user. Android platform for portable device becomes a target for hackers as the increase in use of smartphones, personal data stored and accessed on mobile platforms has also risen. Additionally, malware available for these highly used devices has risen at an alarming rate, according to Juniper Networks, Inc. [11] The study showed that the malware available for Android increased by 400%, and a recent study showed that the amount of spyware for 2011 grew by 155% across all platforms. Although Android has become one of the most popular OS for many mobile phones, research studies have ([12],[13],[ 14]) suggested further considerations for its security model. W. Enck et al.[15 ] described how Android application development components interact with the system, and addressed some issues that may be dealt with during their attempt on unmasking the complexity of secure application development. Moreover, A. Shabtai et al. [16]. presented a security assessment of the Android framework and identified high-risk threats to the framework and suggest several security solutions for mitigating them. W. Shin et al.[17] addressed a flaw in the permission scheme of Android, pointing out that the security of the framework depends on a large extent on the owner of a device since the authorization decisions are mainly made by the users. Thus, the permission scheme imposes much of the administrative burden on to the user instead of keeping it simple. To mitigate its vulnerability, many research studies in improving the security of the Android OS are being conducted. W. Enck et al.[18] proposed a lightweight certification application based on evaluating the combination of permission for Android applications. W. Shin et al.[19], [20] presented the permission mechanism for the Android system in terms of a state machine by defining how permissions, applications, components, authorizations, and states work. They also proposed a formal model of the Android permission scheme by describing the scheme specifying entities and relationships, and providing a state-based model which includes the behavior specification of
i
A user ID (UID) is a unique positive integer assigned by a Unix-like operating system to each user.
653
654
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
permission authorization and the interactions between application components. M. Nauman et al. [21] presented Apex, a policy enforcement framework for Android, which allows users to selectively grant permissions to applications as well as impose constraints on the usage of resources. M. Ongtang et al. [22] presented a modified infrastructure that governs install-time permission assignment. However, due to the challenges in discovering diverse malicious applications, many visualization techniques have been applied to explore and monitor them. S. Noel et al. [23 ] described an approach that analyzes vulnerability dependencies and shows all possible attack paths on a network. In their research, the authors applied graph visualizations to provide the users with high-level overviews and an interface to drill down in detail to analyze sophisticated attacks. Using the permission-based security model of the Android, D. Barrera et al.[ 24 ] performed an empirical analysis by applying the Self-Organizing Map (SOM) algorithm in order to evaluate the granularity of the access control permissions. Therefore, we observed that researches addressed the significance of protecting classified personalized information in android portable devices. Q2. Is the Android OS able to handle and apply the integrated protection model to secure classified information? The OS of android provides advance computing capabilities with higher quad-core processor technology it may work almost like desktop computer, and we can replace the PC with portable device. M. V. Pedersen et al.[25] acknowledged the improvement of phone from simple phone calls in the past. In addition, H. Banuri et al.[ 26 ] acknowledged that the android architecture comprises of four layers. Android applications are placed on top of the Android layer stack, which is supported underneath by three layers that include application framework, Android runtime, and Linux kernel. Linux kernel is used as a separation between hardware and the remaining software stack of Android. Android relies on kernel for managing low-level system resources such as memory management, security model, network stack, and process management.
Fig. 2. Android system architecture. Green items are written in C/C++, blue items are written in Java and run in the Dalvik VM. Image taken from [What is Android?][27]
In the latest version of the Android OS, called Jelly Bean 4.2.2, the company provided multicore processors, Android Beam, USB audio docks, graphical user interface (GUI), and the capability of applications to multitask. Therefore, researchers can provide client side security due to physical and programming specification of Android devices. It can provide its own security policy and it will be more independent from server side security. The only problem is average users that cannot use 3rd party applications or provider’s policy to secure their devices from vulnerabilities.
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
Q3. Which security mechanism is the most capable in protecting data and enabling user secrecy in Android OS? The rapid growth of smartphones has led to a renaissance for mobile application services. Te-En Wei[28] reported Android as the most popular smartphone platform. Android offers a public marketplace named Google Play operated with various approaches to prevent malware. In Android platform, developers cannot directly deliver their applications in the Android market without strict review process, but we have to mention that application maker is capable to upload their program to the non-official marketplace (i.e., Applanet, AppBrain and so on). Te-En Wei[28] proposed an automatic Android malware detection mechanism based on the result from sandbox. R. Mahmood [29] described an Android-specific program analysis technique. This is capable of generating a large number of test cases for fuzzing an application as well as a test bed , which provides the generated test cases . It executes them in parallel based on numerous emulated Androids running on the cloud . T. Bläsing[30] added that a sandbox might be used to improve the efficiency of classical anti-virus applications available for the Android OS. After proper investigation of the methods to protect personal information, we have realized that behavior-based detection method is still capable and can help the end user to protect information in portable devices running Android OS. The following are the 4 steps that can provide with pure security to the device: x
x
x
x
STATIC ANALYSIS: An .apk file extension denotes an Android Package (APK) file. This file is a form of the JAR data format, is applied for distributing and setting up bundled components onto the Android OS. Initially, they decompile the .apk file to produce a comparative program as the sample. Then, additional .apk file will be analyzed whether it holds the factors of the comparative program. If they discover the genes, there are running behaviors in the .apk program like in the sample program. SANDBOX: A sandbox which is a security mechanism for separating running programs will be created. It can assure the executive environment of the mobile application non-interfered. Sandbox is often used in PC, not in the mobile communication device. They should examine and research the principle of sandbox to implement it into mobile phones forbidding the uncertainty and impracticality. VIRTUAL MACHINE: A significant approach to get the running behaviors of mobile applications is supported by the research of virtual machine. An independent mobile application executing in a virtual machine can be remarked by external application easily. In addition, they should examine and explore the clone of all mobile phone environments and the executing state of the mobile application in additional phones and virtual machines in detail. DETECTION PROCESS: Detection module is used to discover the behavior of applications or other files executing in the server sandbox. In server virtual environment, they will run the malware, set up the application which includes the malicious behaviors, generate the sandbox and get behaviors and tracing data of the application. Specifically, they will execute the application in virtual machine bit by bit. In all steps, they will discover the output and the prospect of access to storage location. They will set the observation triggers in classified locations and files which are automatically triggered, will be reported to detection module of certain activity.
In addition, we may consider behavior-based detection methods working mostly on server base. One of the disadvantages of this method is the need to have internet connectivity that can bring more security issues but still because of proper protection in this method, we may consider it as a best protection method. Q4. What sort of attack method is the most common and the extent of their damages to portable devices? Some examples of future risks associated with a smartphone include: data leakage resulting from device loss or theft; unintentional disclosure of data; attacks on decommissioned devices; phishing attacks; spyware attacks; network spoofing attacks; surveillance attacks; diallerware attacks. Engineering & Technology[31] point out that the most popular attacks used by hackers are mostly email attacks that promise them to bring confidential data to compromise or other way to spam victim's portable device. Actually, the hackers mostly download useful applications and popular video games and after attaching the malware source put them again available in non-recognize markets to attract users and get to the point of installing mobile malware in victim’s machine. In addition to Costin Raiu, Kaspersky[32] reported in August 2010, that they identified the first
655
656
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
Trojan for the Android platform – Trojan-SMS. In less than a year, Android malware quickly exploded and became the most popular mobile malware in its category. This trend became obvious in the third quarter of 2011 and finally in November 2011 when Kaspersky uncovered over 1,000 malicious samples for Android, which is almost as many as all the mobile malware they have discovered in the past six years. 4. Conclusion and discussion The intention of this paper was to review on cybercrime involving movable devices specially smartphones carrying Android OS and to look into the security risks associated with privacy-sensitive information, specified as transactions that need exposing confidential personal information. We have used systematic literature review for this study. Four research questions have been designed, and we collected 493 articles to analyze the collection. From the collection, we have chosen thirty-three articles to do the investigation. We suggested further considerations for Android OS security model because malware available for these highly used devices has risen at an alarming rate. The study showed that the malware available for Android increased by 400%. In the latest version of the Android OS, called Jelly Bean 4.2.2, the company provides multicore processors, Android Beam and the capability of applications to multitask. Therefore, researchers can provide client side security due to physical and programming specification of Android devices. Automatic Android malware detection mechanism based on the result from sandbox is one of the most popular protection methods for personal information. Through our research and after examining the methods to protect personal information. We can infer that behavior-based detection method is still the most powerful method that can help end user to protect information in portable devices running Android OS. We have found from the analysis that Data leakage resulting from device loss or theft, unintentional disclosure of data, phishing and spoofing attacks are most common between attackers. After comparing the most common attack method between attackers, we proposed email attacks as the most popular which enable the hacker to extract confidential data from portable devices. As a result, we discovered that OSs can manage and apply the integrated security model, but still there are chances for us to improve the security for classified personal data. In addition, we have suggested that more research is required in providing a security assessment for the Android framework and identifying high-risk threats to the proper policy enforcement for Android devices.
References [1]
Matti Haverila, "Behavioral aspects of cell phone usage among youth: an exploratory study", Young Consumers: Insight and Ideas for Responsible Marketers, (2011),Vol. 12 Iss: 4 pp. 310 - 325 [2] Welderufael Berhane Tesfay, Todd Booth, and Karl Andersson, "Reputation Based Security Model for Android Applications", 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications. 2012. [3] The International Telecommunication Union (ITU) report on 2012 [4] H. S. Chiang and W. J. Tsaur, “Mobile malware behavioral analysis and preventive strategy using ontology, in Proc. the 2010 IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT 2010), pp. 1080-1085, 2010. [5] Gartner Research, “Gartner Says Worldwide Mobile Phone Sales Grew 35 Percent in Third Quarter 2010; Smartphone Sales Increased 96 Percent,” 2010. [Online. http://www.gartner.com/it/page.jsp?id=1466313] [6] Google Says 700,000 Applications Available for Android". Bloomberg Businessweek. 29 October 2012. Retrieved 5 November 2011. [Online: http://www.businessweek.com/news/2012-10-29/google-says-700-000-applications-available-for-android-devices] [7] Zachary Lutz (26 September 2012). "Google Play celebrates 25 billion downloads with 25 cent apps, discounted books, music, and movies". Engadget.com. Retrieved 5 November 2012. Online: http://www.engadget.com/2012/09/26/google-play-hits-25-billion-app-downloads [8] Wei Tang, Guang Jin, Jiaming He, Xianliang Jiang , Feb 2011 [9] David Barrera, Jeremy Clark, Daniel McCarney, SPSM’12, Oct 2012 [10] Wei Tang, Guang Jin, Jiaming He, Xianliang Jiang , Feb 2011 [11] Juniper Networks, Inc, May-2011
Seyedmostafa Safavi et al. / Procedia Technology 11 (2013) 650 – 657
[12] W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, New York, NY, U.S.A., pp. 235–245, 2009. [13] A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer. “Google android: A comprehensive security assessment,” Security Privacy, IEEE, 8(2):35 –44, 2010. [14] W. Shin, S. Kwak, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A small but non-negligible flaw in the android permission scheme,” Policies for Distributed Systems and Networks, IEEE International Workshop, pp. 107-110, 2010. [15] W. Enck, M. Ongtang, and P. McDaniel, “Understanding android security,” IEEE Security and Privacy, pp. 7:50–57, January 2009. [16] A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer. “Google android: A comprehensive security assessment,” Security Privacy, IEEE, 8(2):35 –44, 2010. [17] W. Shin, S. Kwak, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A small but non-negligible flaw in the android permission scheme,” Policies for Distributed Systems and Networks, IEEE International Workshop, pp. 107-110, 2010. [18] W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, New York, NY, U.S.A., pp. 235–245, 2009. [19] W. Shin, S. Kiyomoto, K. Fukushima, and T. Tanaka, “Towards formal analysis of the permission-based security model for android,” In Proceedings of the 2009 Fifth International Conference on Wireless and Mobile Communications, ICWMC ’09, Washington, D.C., U.S.A., pp. 87–92, 2009. [20] W. Shin, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A formal model to analyze the permission authorization and enforcement in the android framework,” Social Computing / IEEE International Conference on Privacy, Security, Risk and Trust, pp. 944– 951, 2010. [21] M. Nauman, S. Khan, and X. Zhang, “Apex: extending android permission model and enforcement with user-defined runtime constraints,” In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS ’10, New York, NY, USA, pp. 328–332, 2010. [22] M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel, “Semantically rich application-centric security in android,” In ACSAC 09: Annual Computer Security Applications Conference, 2009. [23] S. Noel, M. Elder, S. Jajodia, P. Kalapa, S. O’Hare, and K. Prole, “Advances in topological vulnerability analysis,” In Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security, Washington, DC, U.S.A., pp. 124–129, 2009. [24] D. Barrera, H. G. u. c. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” In Proceedings of the 17th ACM Conference on Computer and Communication Security, CCS’10, New York, NY, U.S.A, pp. 73-84, 2010. [25] Morten V. Pedersen, Frank H. P. Fitzek, May 2012 [26] Hammad Banuri, Masoom Alam, Springer Jan 2011 [27] GOOGLE INC. (Hrsg.): Android Software Development Kit (SDK). Google Inc., http://developer.android.com/sdk/index.html. – Android 2.2, Release 2 [28] Te-En Wei; Ching-Hao Mao; Jeng, A.B.; Hahn-Ming Lee; Horng-Tzer Wang; Dong-Jie Wu, "Android Malware Detection via a Latent Network Behavior Analysis," Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on , vol., no., pp.1251,1258, 25-27 June 2012 [29] Nariman Mirzaei, Sam Malek, Corina S. Păsăreanu, Naeem Esfahani, and Riyadh Mahmood. 2012. Testing android apps through symbolic execution. SIGSOFT Softw. Eng. Notes 37, 6 (November 2012), 1-5. DOI=10.1145/2382756.2382798 http://doi.acm.org/10.1145/2382756.2382798 [30] Bläsing, T.; Batyuk, L.; Schmidt, A.-D.; Camtepe, S.A.; Albayrak, S., "An Android Application Sandbox system for suspicious software detection," Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on , vol., no., pp.55,62, 1920 Oct. 2010 [31] Engineering & Technology March 2012 [32] Costin Raiu, Kaspersky, March 2012
657