Presentation on theme: "Kadra Alvaro April,2010. Introduction: The Android Platform Threats to Smartphones Android-Specific Threats How to Secure Your Android Device The Future."— Presentation transcript:
Introduction: The Android Platform Threats to Smartphones Android-Specific Threats How to Secure Your Android Device The Future of the Android OS
The Android operating system was originally developed by Android Inc A small company that was purchased by Google in July of 2005. Android is both a platform and an operating system. By using Java, Google hopes to make Android development more accessible and easier to participate in.
When smartphones first came out, the threats to them were minimal. These days smartphones are one of the most prevalent handheld devices; accessing their email, their bank account, the internet texting and calling plans All from one portable device.
The fact that most users dont install security software on their phones. Some of the more common threats to mobile devices Bluetooth exploits, SMS/MMS attacks (usually injection), web browser, malware (usually distributed by third-party sources in the form of Apps or other downloads),
SMS and MMS are vulnerable to a variety of attacks these days. SMS is much more than just text or picture messaging; SMS is often used for voicemail notifications and visual voicemail. SMS fuzzing and shellcode injection hit the iPhone soon after its debut, and has been known to attack Windows Mobile and Android phones as well.
Most of the exploits on phones are man-in- the-middle attacks, where software is injected between the modem and the telephony stack where it can eavesdrop on incoming and outgoing messages.
There has been an upsurge in malicious Apps since Apples App Store debuted. They include games designed to surreptitiously record phone numbers and other private user data and steal ID numbers or bank info. This could be one of the most prominent threats to Android phones because of the mostly unregulated Android App Market.
The web browser is one of the most complex components running on the relatively slim handset operating systems. The mobile web browser is constantly evolving and being reinvented by different third-party vendors. Most smartphone browsers are filled with bugs and badly written code that can be exploited.
Many phones come with default settings that will allow the phone to connect to a Bluetooth piece without any authorization or encryption.
Its open-source nature makes it a prime target for hackers since every detail of its inner workings are laid bare to anyone with internet access.
Perhaps the most prominent potential danger is Androids free and open Application Market, which undergoes very little monitoring by Google, which strikes a sharp contrast with Apples infamously fussy App Store regulations.
Apple was the first company to create a popular online technology store that was capable of directly interfacing with handheld Apple devices. The iTunes store is one of the most widely used music applications for organizing and purchasing media. Apple knows that a troupe of vicious Applications roaming around their App Store would be very bad for business.
Once they finish producing their App, they send it to Apple, who then assigns a team of two employees to review the App. Apple not accepted Apps contain private APIs, more than a few bugs, violates the users privacy (such as stealing/logging his data), help the user break any law perform VoIP calls without AT&Ts permission are disqualified
Any Apps that are designed to replace a core Apple program (such as a web browser, email manager, or a calendar App) are also not accepted. Many users who are unsatisfied with Apps that play by Apples rules jailbreak their iPhones to download unapproved Apps, which leads many to unknowingly infect their phones with malicious programs.
Googles security policy is altogether different from Apples in that it transfer responsibility onto the users and Google itself takes little part in patrolling the Market.
Unlike the closely regulated Apple App Store, the Android Market allows all kinds of malicious Apps to be posted, and users perusing the latest uploads need to be wary.
Security researchers Derek Brown and Daniel Tijerina tested the potential for damage by creating a simple weather App called WeatherFist that collects user data like GPS coordinates and phone numbers. Twenty-four hours after the App was released, the researchers had 1,862 phones roped into a potential botnet.
Disable automatic Bluetooth sharing and keep it turned off when youre not using it (it also saves battery). Its not a bad idea to keep your GPS turned off too.
Useful free App, called Mobile Defense, will also track down lost or stolen handsets. After the device syncs with your account, the App promptly uninstalls itself, leaving no trace that the program was ever downloaded or installed. As it is possible for a thief to uninstall the highly visible Antivirus software.
Android is running on quite a few phones, both new and old. If Android devices continue to remain so scattered and unsupported, it could have a negative aspect on security for Android owners.
Googles policy regarding Android seems to be very hands-off so far in the development of the young OS. However, more than a few people think that more regulation from Google is necessary to keep users safe.