Case Study on Security of Smartphones

User Generated

cbyylGurQbyy

Writing

Description

Statement

OWASP, static analysis and dynamic analysis, vulnerabilities, safe development, etc. have been discussed throughout the contents. Smartphones are not free of attacks. OWASP defines a top 10 risk in applications for mobile devices ( https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10 ).

It is requested

From the contents studied and after reading the previous statement, you should analyze three Android applications (.apk) in search of vulnerabilities.

For this you can use tools such as MobSF (Mobile Security Framework), Drozer, etc.
The type of analysis can be static.

Analysis must contain:

- The files of applications analyzed.

- Reason for the analysis - why you have chosen these particular applications.

- List of vulnerabilities (if any) detected classified according to the OWASP classification.

- Peculiarities or facts to highlight of each of them.

Good quality and readable screenshots of the analysis process using tools is a must.

Attached is a file with basic material security of mobile platforms, specifically Android.

Unformatted Attachment Preview

Introduction to security on mobile platforms introduction The increasingly strong and omnipresent introduction of mobile terminals such as smartphones and tablets, as well as the amount of personal and professional information they contain as a valuable asset for users and organizations, make them a succulent goal for several types of attackers and criminals who seek ways to orchestrate and launch digital threats that have the consequence of obtaining all kinds of benefits, especially economic, to companies and organizations. The old paradigm of digital security of personal computers and corporate servers now more than ever needs to be expanded to accommodate terminals that have the same data as the previous ones, but which are also extremely susceptible to threats of physical origin, such as thefts , losses, manipulations ... and that have as a final result a compromise at the level of digital security, privacy, etc. For this reason we must also pay special attention to provide a certain level of security so that when these things happen our information is not compromised. Taking into account that they are environments oriented to the use of applications, we will see that this is one of the main focuses in terms of security problems. Fortunately, and as we will see throughout this and other units, apart from many threats and vulnerabilities, we also have many tools to protect our devices. II. goals During the different teaching units of the present course we will deal with different specific aspects of the security of the mobile ecosystems that have more depth in both the personal and the professional sector today. These are: Windows Phone, Android and iOS. However, in order to properly delve into the advanced and specific content, we will first know the basics of digital security and the methodology and basic objectives that it has when it comes to protecting digital devices, such as mobile terminals, and the information they contain. These devices. We will understand the interrelation that exists between mobile terminals and their entire ecosystem, including what types of attackers focus on them and what motivates them. We will also see the direct repercussions on our security that this ecosystem entails when having certain policies or being the preferred environment for certain types of audience. We will see the direct relationship between digital security and physical security for the particular case of mobile terminals, and what may be the consequences of a physical commitment at the level of digital information that the terminal contains. We will visit the most conflictive points that, in general, in terms of security, have all the mobile platforms in common, starting from the previous premise that physical security can be easily compromised by theft or loss, and it is necessary to protect the data. III. Fundamentals of security Each mobile platform needs an independent analysis of its characteristics, not only at the level of device architecture and software; the ecosystems of applications to which the terminals are connected, as well as the policies by which they are governed, play a fundamental role in the user's level of security and final privacy. Each of them has different strengths and weaknesses. Before this analysis, it is convenient to review some basic concepts of security and vocabulary that will help to understand the basis on which other concepts that we will see later are supported. 3.1. Five conceptual pillars of security As regards threats and security issues, there are basically five key elements that should be understood. These serve as a basic model on which most tasks and objectives related to security management and threats to it are articulated. These concepts are not intended to be an absolute reference and are subject to interpretation, but they serve as a learning model to understand the causes and consequences of the different threats, as well as the motivations of the actors that create them or the typology of the victims. they are affected by them. 3.1.1. Prevention The first task that has a security manager (understood as a manager any professional who has different positions within the security sector of an organization chart, not only to operators and technicians, but to managers / executives) and one of the that more time and energy consumes is prevention. Threat probabilities The prevention of threats implies any task or process that must be done periodically and whose realization has as a consequence a decrease in the probabilities of threat . The threat probabilities try to provide quantitative references (that is, as concrete and measurable as possible), to measure the probabilities that certain threats will impact us or our company. Applying the traditional case of antivirus, which is a security tool known to all, the fact that we have an installed antivirus considerably reduces the chances that any of the malware threats that are already known by malware labs could impact our systems. In addition, every time that we are updating the antivirus with new malware definitions, we are keeping those probabilities as low as possible, since new threats constantly appear and the fact of remaining static would actually imply a loss of protection and an increase in the probabilities of that a threat impacts us. Vector Prevention also involves applying and enforcing certain policies or directives on the use and configuration of systems, so that users can not open the door (open new vectors ) to certain threats or they can not cause security problems. intentional or unintentional form. By "vectors" we mean each and every one of the elements that are exposed to threats and that increase the chances that an attack will succeed or a threat becomes effective. A possible vector can be a hardware element, software, configurations, or even the user himself and his level of safety awareness. The fact of having a dissatisfied employee within our own network, and this one using its privileges and access rights to systems to cause damages, could also be recognized as a vector. In the event that our website on the Internet was manipulated by third parties (what is known as "defacement") and a vulnerability was used in the control panel of our server that allowed us to enter and modify our files without asking for the password, we would say that the assault vector has been an unpatched vulnerability. In order for the computer systems (and our mobile terminals) to be useful and able to provide us with service, it is necessary that they have programs, services, personal data, etc., but each of them involves a contact surface with possible threats or vulnerabilities, which they can make use of this contact surface to start or progress correctly a malware attack, carry out a data theft by an assault with an "exploit", etc. A common example of input vector is the fact of not applying restriction policies to users when installing software on their mobile terminals. This increases the chances of attack, and any of these apps, if it hides malicious functions, would serve as an entry vector for the threat to become effective. Apply techniques of release restrictions to terminals, such as "jailbreak" to iOS terminals or "rooting" to Android terminals, increases the probabilities because it increases the possible input vectors, since there is specific malware for terminals in those conditions. For example, in the particular case of iOS, many times during the jailbreak process an SSH service is installed that remains open with a known username and password, thus creating a new vector with a high risk of being exploited by an external attacker. Also, since terminals have fewer restrictions when jailbroken, more damage could be done or more data could be stolen. In the case of mobile terminals in corporate environments, it is possible to use centralized remote management solutions, so that certain configuration parameters, policies and limits can be managed by system administrators or security administrators of companies , to improve the prevention of threats and above all avoid data theft in the event that a terminal is stolen. We will see more about this in the following teaching units. Valid vectors can also be recognized as certain circumstances or situations such as social engineering or phishing, which tries to trick users into getting private information directly, or passwords that allow access to data and private systems. In the case of phishing, an attacker manages to take the user to a website that pretends to be from a legitimate entity, such as a bank, etc., which they would then use to steal our money from the account. In this case we would say that the vector of the attack that has allowed this theft has been a phishing attempt that has succeeded in deceiving the user. 3.1.2. Detection The concept is self-explanatory. Threat detection is the next logical step in the tasks of a security manager. It can not be assumed that simple threat prevention will keep them away. It is appropriate to assume that at all times the prevention mechanisms have not been sufficient and some type of attack or contact with a threat could be taking place. In fact, in many vectors, which we can not control completely, it is important to have detection mechanisms. Again, we can resort to the traditional example of antivirus, or to more complex detection mechanisms that are used in the mobile terminals of employees of organizations and companies such as the analysis of real-time data traffic. In the particular case of mobile platforms, it is the norm of their manufacturers to have anti-malware mechanisms and manual reviews of third-party applications that are available in their application markets, commonly called "markets" or "stores". There are also complaint mechanisms on the part of users who believe they have experienced security / privacy problems to call the attention of the owners of the platforms with respect to a certain application, so that it can be revised in a more detailed way if necessary. 3.1.3. Mitigation If our routine procedures and / or tools detect a threat, or the analysis of the information that these provide us suggests it, comes into play the set of techniques, tools, or even the architectural design that has been made in order to mitigate a threat. Normally, this section also includes techniques for recovering lost data or damaged systems after the threat, although they do not apply immediately until they have been eradicated. Some mechanisms to mitigate the consequences of a threat can be as simple as having a correct backup policy that is carried out periodically and kept in a safe place. Changing passwords by identifying a threat could also be considered a mitigation mechanism. In some types of threats, such as the theft of passwords by phishing, it is essential to perform this type of task. In the case of computer networks in corporate environments, the security architecture plays an important role, since, if the different computers in a network are conveniently isolated from each other, a threat that impacts one of them is less likely to expand and expand. increase the damage. In the case of mobile terminals, a security mechanism that is constantly in operation and that is thought of as a contingency is the so-called sandboxing , a technology that keeps separate and supervised the different processes that run in the terminal, and that tries to prevent and limit any potentially malicious operation that attempts to make a software, based on the premise that it has already been installed in our systems and that, at the moment, we can not do anything else until its elimination is possible . 3.1.4. Elimination The elimination of threats is the logical step and the primary objective of a security manager at the moment in which it has been detected. The elimination would include actions such as giving the order to an antivirus to try to extract malware from our system, closing a service or uninstalling software that has vulnerabilities for which a solution is not yet known. 3.1.5. Anticipation Although this last point is not always included in the policies and information security strategies of a company or organization, it is increasingly interesting and necessary to pay attention to this point because, whether active or passive, it is present in security tools and solutions. There are companies and organizations dedicated to the research and development of new technologies for the fight against digital security threats, and for the active investigation of new threats, so that they can be identified, analyzed, understood and mitigated as soon as possible. Most are antivirus laboratories and security companies, but there are also institutions and technology centers dedicated to pure research. The knowledge generated by these organizations is what allows companies to have more and better means to fight against these threats, either by acquiring specific software or hardware solutions that are based on this knowledge, new and constant definitions in their antivirus systems , etc. In large corporations such as banks, it is common to find their own groups of security researchers dedicated exclusively to finding the threats of malware, phishing, etc., which could potentially cause damage to the banking business before they can affect them, or at least minimizing the response time and avoiding impact on large numbers of users. 3.2. Five fundamental tasks of security managers Now that we have identified five basic aspects in terms of security (prevention, detection, mitigation, elimination, anticipation) we propose a model also with five elements that help to understand what are the responsibilities and tasks of security personnel, not only the technician of field, but also in the executive / strategic field. Again, this model is only indicative and does not pretend to be an absolute reference. 1. Apply, plan and coordinate the deployment of the aforementioned mechanisms (especially prevention and detection). 2. Check the proper functioning and efficiency of all possible mechanisms, ensuring that they are available when they are needed, and that they perform their function correctly. 3. Constantly seek the reduction in response times and application of these mechanisms, to minimize the damage. 4. Analyze risks of the different decisions, operations and strategies that are adopted in the organization, as well as the new needs that these may generate. 5. Provide strategic knowledge in the decision making and establishment of priorities with respect to all the previous objectives, based on the analysis of point 4. 3.3. Demography and basic modeling of attackers and threats To understand exactly what type of threats we face, it is necessary to have a conceptual map that, roughly, represents all risk situations and the actors that cause them. This, in the panorama of mobile platforms, is of special interest, since the demography of the attackers depends a lot on the type of users that typically use one platform or another. 3.3.1. By motivation Imagine the landscape of security in mobile ecosystems as a coordinate axis. Observing the panorama from this first axis (the interests of the attackers, what they want to achieve from the victims or through them), we can observe: 3.3.1.1. Curiosity They are the attackers motivated by the maxim "because I was there". They want to experiment and try things driven by the curiosity of getting some fetish in the form of private alien data. Even if they commit crimes, there is no typically criminal motivation. They are not motivated by money and, therefore, even when they compromise a device of a company, they do not exploit the information with the purpose of industrial espionage or economic benefit of another type. 3.3.1.2. Personal fame They are criminals who aim to become famous by displaying trophies as personal data of systems they have committed, leaving marks for others to follow and take them as a reference. This type of attackers already begins to cause problems since, to exhibit the achievement of their feat, they will share the stolen data with others or publish them directly, thus compromising the security and privacy of systems, people and organizations. 3.3.1.3. Tangible personal benefit This type of attackers looks for a more tangible type of benefit. As far as mobile ecosystems are concerned, the attack vector that most attempts to exploit (although it is not the only one) consists in convincing us to install an application that promises from simple funny images or jokes to the possibility of spying on other users, and that in reality they are mere claims and covers (in many cases the claims are false) so that the attacker gets a hidden benefit through the installation of his application in the terminal of the victim. This is the case of applications such as "la torro molona" (more information can be read in this article by José C. Agudo and Miguel Ángel Cardenete published in the blog of Chema Alonso, recommended reading: http:// www.elladodelmal.com /2014/01/la-estafa-de-la-linternamolona-que.html ). 3.3.1.4. Revenge / Retaliation Personal vendettas and reprisals of all kinds, the revenge of employees, etc., would enter here. The most likely vectors to meet their objectives are the theft of terminals or entry into networks and systems of the company from within. As these are threats focused on a single objective, they do not usually use the public parts of the ecosystem to attack (that is, they typically do not publish an app in the corresponding "market" in the hope that it will reach its victim). The consequences of a successful attack of this type are usually the publication of all the stolen data, with the maximum possible diffusion to humiliate a private individual invading their privacy or to damage an institution by airing corporate data that damage its reputation or its value in the market. 3.3.1.5. Institutional benefit As we already know and demonstrate every day more clearly, governments and government agencies, handling large amounts of high-tech budget, develop their own threats to massively control users of all kinds and obtain large amounts of information applicable to intelligence and defense. A very possible vector for this type of threat are backdoors installed in the terminals by the manufacturers, coerced by the governments. In this sense we have discovered things like different models of Samsung terminals have a mechanism that allows access from the 3G connection directly to the data of the user's memory card (see more details in this article, recommended reading: http: / /muyseguridad.net/2014/03/15/samsunggalaxy-have-a-backdoor- door ). 3.3.2. By personal / professional sector Except in cases where there are motivations against a certain person or entity for the purpose of social protest, revenge, etc., an attacker or group of attackers can set goals according to the level of organization and resources they have. For example, by means of a massive campaign of distribution of a malware that would allow the attacker to perform some type of theft or espionage, if this campaign is carried out against the bulk of the general public, small benefits could be obtained from a user, but these would be repeated multiple times. times of massive handling. On the contrary, groups with greater organization and capacities may prefer to organize direct attacks on larger companies or institutions with the idea of making greater efforts and using more resources, but at the same time with the hope of obtaining greater benefits, such as, for example, case of Carbanak, considered the biggest cybernetic theft in history, and directed directly against the banking institutions of several Eastern countries (see this article for recommended reading: https://securelist.com/the-greatbank-robbery-the -carbanak-apt / 68732 ). Therefore, we could classify the attackers and their threats in corporate or personal. 3.3.3. By ecosystem At this point we are going to relate threats to the three main mobile ecosystems today. As always, this analysis is not intended to be an absolute reference and there may be cases completely outside of these trends, but they can be taken as guidance to understand the challenges and advantages that each mobile platform poses to its attackers. 3.3.3.1. Android Given that Android is by far the most widespread smartphone operating system, especially in the domestic sector, and since several studies report that the malware created against Android exceeds 95% of all known mobile malware, it is safe to say that the ecosystem Android concentrates the largest amount of digital criminal activity against mobile ecosystems (see https://securelist.com/analysis/publications/66978/ mobile-cyber-threats-a-joint-study-by-kaspersky-lab-andinterpol/ ). To a large extent, another cause is the ease with which you can publish a mobile app in the Android market, since it is enough to have a Google account, which does not check personal data and does not offer a real guarantee that there is a known and reliable identity behind the developer of the app. This lack of control over the quality and security of applications is being reviewed and improved by Google, applying new mechanisms such as "google play bouncer", although it does not yet have high reliability when it comes to detecting malicious applications, as exemplified by this article of recommended reading in hispasec: http:// unaaldia.hispasec.com/2012/07/malware-logra-eludir-denuevo-el.html . Security deficiencies In addition to the demographic and ecosystem issues of applications that favor the existence of security threats in the form of malware and the like, the internal design of Android has demonstrated numerous security deficiencies throughout its development that increase the risk even more. While this is normal in any platform and have been solving their problems in successive versions, there has been an extensive trace of terminals that, having a more modest technical specifications, can not properly handle newer versions of Android. These terminals are left with old versions of the operating system; they will never receive software updates and, therefore, they will not be able to see their vulnerabilities resolved. This phenomenon is what is known as "fragmentation" of the Android ecosystem. Android is not as accepted as other platforms at the corporate level, but it still has a significant market share, so it can not be ruled out that it is an objective of interest for attackers who seek to impact against companies. The most recent version of Android (Lollipop) introduces many changes and improvements both in terms of security and integration level with the needs of the company, so it is called to improve their situation regarding their problems mentioned in this section ( http : //www.zdnet.com/pictures/ android-5-0-lollipop-embraces-the-enterprise . 3.3.3.2. iOS While it is not the ecosystem with the largest market share, iOS is the second option (see the IDC report at: http:// www.idc.com/prodserv/smartphone-os-market-share.jsp ) and therefore It is of less general interest to the attackers, but still interesting enough from the point of view of the number of users that can be impacted by a threat. Even so, the fact that the iOS ecosystem has strict identity control policies for application developers, and that economic fees are paid to be able to develop, hinders the fact that any low level organizational attacker (solo people, small groups with few resources) dares to try to make any type of attack or threat through the ecosystem of applications, either against the home user or against the corporate user, so that the incidents, although they exist, are scarce comparatively speaking . By trend, iOS enjoys a good implementation at the business level (58% of companies according to McAffee report: http:// fortune.com/2013/04/14/android-gets-97-of-malware-appleios -58-of-enterprise / ), among other things because its architectural design is safer and because its portfolio of management tools and control designed for the company (such as a good integration with MDM servers, which we will see in other teaching units) It is broad, clear, concise and well thought out to cover those needs. In case of other security problems not so directly related to digital attackers, such as the theft or loss of the terminal, iOS also offers a cryptographic mechanism to protect all of the data that, while not perfect, is one of the more advanced in terms of mobile ecosystems (we will see later in the corresponding didactic unit). 3.3.3.3. Windows Phone Windows Phone is also a widely used option in corporate environments, although the possibility of installing applications from unknown sources increases the probabilities and possible vectors, but it would be somewhere between iOS and Android since it is not as popular. Its implementation is less and, therefore, less attractive to cybercriminals. As regards an Android system, if it has not been conveniently prepared for corporate use with the latest available technologies and robust configurations and policies, it also presents more probabilities of exploitation through malicious apps, extraction of data in case of theft, etc. although its tendency is to approach the security level of iOS through a process of continuous improvement. Although no absolute conclusions should be drawn at any time, the trend indicates that companies and organizations that bet on iOS enjoy a high level of reliability in terms of apps or physical security as potential vectors of threat, and that is why that the criminals with corporative objectives (in tendency, it is not possible to generalize) look for other points of entry, outside the mobile terminals. 3.4. Interrelation between physical security and digital security When it comes to terminals and mobile ecosystems, there are borders that blur with respect to traditional ideas that are customary to apply in networks of computers and servers; circumstance especially given by the fact that mobile terminals have absolute mobility, and are not physically tied to an office or similar. Therefore, the principles of physical security that are normally applied in a workplace and that by extension fell to the security of the devices that were inside it, now become insufficient. It is generally accepted that the most important asset that an individual or person owns in their devices is their information. With it, an attacker can take economic advantage or harm us in some other way. In the case of individuals, digital reprisals are increasingly common, stealing photos and other sensitive and committed information to publish on-line. In the case of corporations, traditional industrial espionage is exacerbated with new digital tools, and information gaps relating to customers' credit cards become a very serious risk that must be avoided (see cases of data theft). customer credit cards, such as the company Target, in this release from the same company, recommended reading:https://corporate.target.com/about/ shopping-experience/payment-card-issue-faq ). As we can suppose, the repercussions in the "real" world from a "digital" commitment are inevitable in cases like these. We can also observe the inverse case, where a commitment that begins being "physical", such as theft or loss (even if temporary) of terminals, can serve as an entry vector for a theft of digital data by a malicious actor. In the event that said data or the terminal is encrypted and said encryption is protected using mechanisms such as the PIN and personal keys (which we will see below), the probabilities are minimized. And hence the importance of analyzing how security mechanisms are implemented, which we will review later. IV. Passcodes Few things are so critical nowadays that the information that users keep on their mobile devices (personal data, passwords, bank details, digital certificates, etc.) is compromised. In case of loss or theft of a smartphone or tablet, the owner does not want for anything that the information stored in it ends up in the hands of another person. And one of the first barriers to avoid it is the activation of the screen lock of the device using a passcode . As of today, the main mobile platforms implement three different types of passcodes: PIN It is the typical personal code of four numerical digits also used to unblock the SIM cards or allow the payment by means of a credit card. They are very easy to remember, but nevertheless, in the case of mobile devices, the PIN should be disused, since it is a four-digit number (0000-9999) very vulnerable to attacks by brute force. As we will see later, if the device falls into the hands of a person with certain computer skills will have no problem in hacking. Obviously that will depend on the device model. Password another type of passcode is the password; more secure than the PIN, but being of variable length and selected by the user may have similar weaknesses. It is an alphanumeric passcode that can also contain special characters. To guarantee an optimal level of protection, every password should have a minimum length of between 8 and 10 characters, contain uppercase and lowercase letters, numbers and some special character. For this reason many platforms, applications, services, etc., require that the passwords chosen by users comply with certain patterns (length and type of characters). Sliding pattern The third type of passcodes is relatively modern, since it appeared with the use of capacitive touch screens, although it is not as safe as a good password. It is about defining a sliding pattern on the screen of the device in order to join some (minimum four) of the nine points shown (3x3). At the code level each of the points is numbered from left to right and top to bottom (0-8), so the pattern is coded indicating the points by which the finger is passed. A pattern can pass over one of the nine points more than once, but only the first step will be considered. Two example patterns The first would be coded as 104358 and the second as 104257368. Keep in mind that the shorter the pattern used (in most cases at least four points have to be added), the weaker the protection. Therefore you must use patterns that pass through almost all the points of the mesh, and thus have a passcode of between 7 and 9 numeric digits. Obviously, the longer and more complex the pattern the safer it is. [1]: https://possiblywrong.wordpress.com/2012/07/28/ security-of-the-android-pattern-lock 4.1. Expiration and reuse history A security measure sometimes adopted by mobile platforms and usually do many services that authenticate users through passcodes, is to provide the passcodes selected by users with a useful life time. In this way, after said time, the user is obliged to change his passcode. Oddly enough, this measure can provide many advantages, since it prevents users from using the same password for most of their accounts, devices, etc .; and as a consequence, in case of spoliation of the passcodes of the database of another service, an attacker does not obtain access to your device, to another application or service, etc. Following this same line, sometimes a security measure is added, forcing users to not be able to repeat a previously used passcode when making a change. In this case the operating system, the application, etc., keep a record with the last n passcodes used by the user and before making a change, check if it is a reused passcode. Obviously, from the user's point of view, these measures will be making life a bit more complicated, but you have to think that they are introduced for your safety. 4.2. Maximum attempts of use With the intention of preventing an attacker from guessing a passcode based on performing n authentication attempts (brute force attack), mobile platforms usually limit the number of failed attempts that can be made. In this way, reaching that maximum number of unsuccessful attempts, the device will normally be blocked; although nowadays there are also cases in which you can configure a total autodeletion of the device's memory as an advanced security measure. 4.3. Attacks The simplest attack, and that a priori may seem a bit silly, is based on studying the physical marks that are on the screen of the device to attack. It is called Smudge Attack , and is usually carried out by taking a picture of the screen of the device and playing with the colors, brightness, and the negative of it. Although it may not seem like it, you can get very good results. Unfortunately, apart from the stains that users leave on the screens of their devices, there are also many known bugs that mobile platforms have and that allow an attacker to skip passcode verification. Not all bugs allow the same level of access, and practically none of the total access; but likewise, some allow access to the user's contacts, others to the call history, to the photos stored in memory or to the calling application. So once again, we see that it is convenient to keep our devices updated and protected from most of these bugs. Many versions of mobile platforms have been and are vulnerable to brute force attacks due to other vulnerabilities. Some Apple devices allow you to perform a brute force attack by using a physical keyboard connected to the device (or software that emulates it). After several failed attempts the iOS operating system disables the virtual keyboard of the device, but not the physical keyboard connected to it. Having the delete option enabled after 10 failed attempts could make the attack difficult. However, vulnerability CVE-2014-4451makes this security measure useless. This video https://www.youtube.com/watch? v=meEyYFlSahk It shows how an attacker can unlock an iPhone in about 30 seconds using the IP BOX tool based on the vulnerabilities just discussed. 4.4. Biometric alternative One of the safest alternatives to passcodes, and which we have already started to see frequently in the market, is the use of biometrics; face recognition, fingerprint, iris, voice, etc. Although for now, the most used in mobile devices to unequivocally identify the user are the fingerprint sensors. The two pioneers in this field were the Apple Touch ID and the Samsung Finger Scanner , in that order. Two capacitive readers that provide a high level of security and usability. Being capacitive can not be deceived by the use of photographs, and they are also able to distinguish fingerprints even when the finger is dirty, painted or stained (always up to a certain point, of course). In terms of security, it is very important that the implementation of a system of this type is carried out taking into account the sensitivity of the data handled. It is not the same to store a password that unlocks a Smartphone that stores the data that identifies the fingerprint of a person, which could be used to perform very critical operations. For this reason, the user's biometric data must be stored in secure memory areas. Obviously, the ideal would be to save some information related to the biometric data, allowing the user to be authenticated, but ensuring that the inverse operation can not be performed and obtain the fingerprint from the stored data. In the case of the Touch ID, Apple does not save the fingerprint image, but keeps a mathematical representation of it. In addition, as we will see later (Teaching Unit 5), this data is stored in the secure enclave ( Secure Enclave ) inside the chip A7 and later, which are only consulted by the chip itself and not by the operating system (iOS) or the applications. In the case of the Finger Scanner, Samsung also keeps a partial pattern of the fingerprint, so that a fingerprint can be recognized unequivocally. As we will see in Unit 3, this information is stored in the Trusted Execution Environment (TEE) and in no case does it leave it. The TEE is the hardware-based security mechanism that uses the Android platform. 4.4.1. Applications The fact of unlocking a smartphone or tablet using your fingerprint allows the device to automatically identify you as a person, since a biometric feature is unique to each user and a passcode can be shared with more people. Therefore, from this moment a wide range of possibilities opens up when it comes to providing security to certain operations, or improving the usability of the system. In the case of Samsung, the first utility that was given to the fingerprint scanning system, apart from unlocking the devices, was to authenticate the user in his Samsung account. From that moment, many other services followed the example, which provides security and usability. LastPass (online password manager) is a concrete case of using the Finger Scanner to authenticate the user in a third party application / service. In contrast, FingerSecurity is the first application that allows you to use the Finger Scanner to protect the installed applications that you choose. Finally, and in all safety, the star use case is the ability to pay for your purchases with PayPal only by passing your fingerprint through the reader of your device. V. Blocking, deletion and progressive disabling In case of loss or theft of a device, and depending on the information it contains, a good security measure would be to block and / or remotely delete it. Both iOS and Android, such as Windows Phone, implement the possibility of performing a remote erasure of the devices that run these operating systems. In this way, once the decision is made, the data that was saved in the device will not be compromised. However, the moment in which the user realizes that he does not have his mobile device and makes sure that it has been lost or stolen, perhaps it is too late and the attacker has extracted the data from the device. For this reason, an additional security measure would be necessary. This measure consists in having a policy from which the device is blocked and / or deleted locally in case the platform detects a certain number of failed attempts when entering the passcode. In the case of the iOS platform, in most of its versions you can configure this measure; and this is applied once the operating system detects 10 consecutive and failed attempts to introduce the passcode. In Android there is also the measure, but it is usually applied after 20 failed attempts. Even so, it seems that these security measures are not sufficient, so in some cases the following intermediate security measure also applies. This measure consists of, before blocking or deleting the device entirely, perform a series of temporary blocks based on the number of failed attempts made by the user. For example, in iOS, after a user makes six failed attempts the device is blocked for 1 minute. In case of making a seventh fault it will be 5 minutes, after the eighth 15 minutes, and after nine unsuccessful attempts it will be blocked for 1 hour. Finally, if a tenth failure is made, the device will be blocked or deleted, depending on how it is configured. This last measure (the progressive disabling of the device) is a good way to prevent, or rather hinder, attacks by brute force. But it will never be as effective as applying the blocking mechanism. The case of the erase mechanism is different, since we do not prevent access to the device by an attacker, but leave the device configured as it comes from the factory. This means that our data will not be compromised, but our device can be used. In this case, we must bear in mind that, in case of recovering the device, or not having really lost it, it would be advisable to have a backup to restore the system as we had before. SAW. Application stores The appearance of mobile platforms iOs, Android and Windows Phone, among others, brought us the appearance of what we know today as Stores of applications. The official place of each of the mobile platforms to be able to download (free or paying) applications compatible with your operating system. These applications can be developed either by the manufacturer itself or by other companies, or even by independent developers. This opened a gateway to the system that was soon taken advantage of by the attackers. In this way, we have moved from an approach based on the use of remote exploits to another based on the escalation of privileges within the devices. Each of the stores has its own policies and security measures, but what is common to all is that if they want to keep the platforms safe, their owners must be able to identify the developers of the applications and check the integrity of the same, as well as analyze the applications that are trying to publish. For this we must distinguish between two different control mechanisms: the use of digital signatures and the use of application approval mechanisms. From now on, we will use the cases of the most popular stores to describe their behaviors. 6.1. Signature of applications All applications available in the Apple Store must be signed by its developers using digital certificates issued by Apple. In this way, Apple verifies the identity of the developers and guarantees the integrity of the applications that are to be published. In this case the security lies in the verification of the certificates. In the case of Microsoft ( Windows Phone Marketplace ), this also requires that all the binaries of the applications to be distributed are signed, but with a particularity, and that is the same who signs the applications that the developers have previously sent him. Google requires that all applications that are published on Google Play must be signed by its developers using digital certificates, as it uses the certificates of the developers to identify them. However, these certificates are not verified at any time. In fact every developer self-signs his certificate. Obviously, this way of working does not provide the security measures that are expected of a system that uses digital certificates. In fact, it does not provide any security. Certificates are only used to relate applications of the same developers and their updates. 6.2. Approval mechanisms In iOS and Windows Phone, closed stores are used, totally controlled by Apple and Microsoft respectively. In these cases the developers must send their applications to validate by the owners of the stores and wait for them to be approved for distribution. Applications are not published if they do not exceed exhaustive controls at the level of security, usability, performance, etc. In Android we have an open store, so practically any application can be published for download. As we have said before, Google only requires developers to use a digital certificate, which is self-signed, and thus perform a first level of control by comparing certificates. Therefore, taking into account the inefficiency of its security measures, Google Play may have malicious applications available for download. However, this situation is being fixed by the application of other a posteriori security measures, such as Bouncer . 6.2.1. Bouncer Bouncer is a software scanner, created by Google, to search for potentially malicious applications within Google Play. This scanner can analyze new applications, existing applications in the store, updates of the same and even accounts of the developers. Once Bouncer starts an analysis, first of all it looks for malware , spyware and Trojans known. Then it analyzes the behavior of the applications in search of suspicious behaviors, and compares them with other applications previously analyzed to detect possible hot spots. All applications run on the Google infrastructure simulating their execution on an Android device. In this way, malicious behavior is sought. As we have also commented, Bouncer analyzes new developer accounts to help prevent developers that previously generated malicious or offensive applications from returning to Google Play. VII. Encryption algorithms and security protocols Mobile devices, like any other device connected to the Internet, must protect the information stored inside them, as well as the information they transmit to other devices, servers, etc. For this, hundreds of encryption algorithms have been defined, which provide confidentiality of the data, and hundreds of other security protocols, which provide, using encryption algorithms among others, secure communication channels. However, all that glitters is not gold, since these algorithms and protocols must be implemented for their use using different programming languages, which, in many cases, causes vulnerabilities that on paper did not exist. So it is very important to always use libraries that have been tested and used by a considerable community of experts in the field, and make use of them properly; since unfortunately there are too many cases where this has not been done well. As for the cryptographic libraries available in the different mobile platforms, these vary in each case: Windows Phone Windows Phone provides its own cryptographic library, with a great variety of encryption algorithms, signature, etc. and security protocols such as SSLv3 or TLSv1.2. They even implement cryptography based on elliptical curves. The name of the library is "Cryptography" and here https:// msdn.microsoft.com/en-us/library/windows/apps/xaml/ windows.security.cryptography.core.aspx can see each and every one of the algorithms and protocols implemented. Apple Apple also provides its own cryptographic library, the CommonCrypto library. In this way, Apple controls the implementations of the protocols and algorithms used by the applications on its platform, in the same way it tries to do in all fields. Android The case of Android is totally different, where we have several cryptographic libraries available, and some optimized to work on the Google operating system. Some of the most used are Android OpenSSL, Bouncy Castle, Spongy Castle (a version of Bouncy Castle optimized for use on Android) and Crypto. 7.1. Internal data encryption Nowadays, practically all platforms for mobile devices support the complete encryption of the memory of the device, which provides an extra level of security before the loss or theft of the same, since, if a thief / attacker manages to access the data of the device through forensic techniques, will not be able to understand them. In this case, the security lies in the encryption algorithm and the length of the key used. For example, in the case of iOS, the AES encryption algorithm is used and the length of the keys is 256 bits, which provides a high level of security. In the case of Android, the same algorithm is also used, but the length of the keys is 128 bits; combination that is also safe today [6]. On the other hand, it is also important to note that both platforms keep encryption keys safe thanks to the use of protected areas of the device through hardware. These secure environments store the keys and also perform the cryptographic operations, so that the keys do not have to be extracted at any time. Only the operating system can order its use and as long as the screen of the device is unlocked. As for the security copies made by a device, in most platforms it can also be done using data encryption. In this way, if the copy is stored in the cloud, and for some reason is compromised, no one who does not have the password of the user that generated it will be able to read the data. Finally, to say that the security of the data is always subject to an attacker not knowing the passcode used. In this case it could be passed as the user and the data encryption would not be worth anything. 7.2. Secure Sockets Layer (SSL) / Transport Layer Security (TLS) The SSL protocol , and its more modern version TLS , are probably the most widely used secure general-purpose protocols on the Internet today. These two protocols, and some others ( PCT , S-HTTP , etc.), were designed to provide security to TCP connections that use HTTP , FTP , IMAP , LDAP , etc. protocols . However, unfortunately, there are too many applications that misuse the implementations of these protocols, or the libraries that poorly implement their operation, leaving security holes. SSL / TLS creates a secure channel (session) between two remote devices (client and server), independently of the platform that is being used below, and in a transparent way for the user. An SSL / TLS session can be composed of multiple connections, and a single device can establish multiple SSL / TLS sessions simultaneously. Summary By way of summary, SSL / TLS operates in the following way: • It negotiates the use of a certain encryption algorithm and safely exchanges a session key. • Establish a secure channel using the negotiated encryption algorithm and the exchanged key. • Generates an authentication code [ Message Authentication Code (MAC) ] for each fragment of the data to be transmitted. • Transmit fragments and concatenated and encrypted MACs. Note that the MAC algorithm is used to provide data integrity. Digital certificate Normally the SSL / TLS server is configured with a digital certificate (pair of asymmetric keys). In this way the client can verify that the server is using said certificate during the negotiation protocol. But keep in mind that anyone can generate a certificate with an associated key pair, and the fact that the server is using the key pair associated with the presented certificate does not guarantee anything. For this reason, the servers must use certificates issued (signed) by trusted certifying entities (CA), in which the clients trust (they are configured with a list of the CAs they trust). Man In The Middle (MITM) Therefore, the security of SSL / TLS connections to an active attacker depends on the correct validation of the certificates used by the servers in the establishment of these connections. But unfortunately this has not been taken into account in many cases. In article [7] you can see how the validation of SSL / TLS certificates has been hacked / mocked in many security-critical applications and libraries. Therefore, in those cases, an active attacker will be able to intercept the data transmitted through the network by either of the two parties involved in the communication [ Man In The Middle attack (MITM) ]. The main cause of these vulnerabilities is the bad design of the APIs of the SSL / TLS implementations (such as OpenSSL or GnuTLS) and the data transport libraries (such as cURL), since in many cases they provide a set confusing of configurations and options that have to be used by developers. 7.2.1. Attacks in SSL / TLS 7.2.1.1. MITM (Man In The Middle) In an MITM attack , the attacker intercepts the traffic generated by the device towards the server and from the server to the device, and from there can adopt three different attitudes: be a passive attacker and only "listen" to the communication between the two parties, Intercept data from the server to modify or replace it with malicious data to be injected into the application, or redirect traffic to a destination controlled by it. 7.2.1.2. POODLE (Padding Oracle On Downgraded Legacy Encryption) Assuming that version 3.0 of the SSL protocol is vulnerable and communications can be decrypted ( CVE-2014-3566 ). The POODLE attack [8] takes advantage of two situations. The first is that many superior implementations of SSL, or TLS, are still compatible with that version of SSL. And the other is that when a secure connection attempt fails, the connection is established using an older version of the protocol. Therefore, if an attacker is capable of causing a connection failure, it can also end up forcing the use of SSL 3.0 and performing the relevant attack. Unfortunately, in this article https://www.imperialviolet.org/ 2014/12/08/poodleagain.html theyreport that some TLS implementations are also vulnerable to the POODLE attack. Therefore, it is important to note that any version of the SSL / TLS protocol smaller than TLS 1.2 [9] can be cryptographically broken. 7.2.2. Countermeasures Because the vulnerabilities found in the SSL / TLS protocols have not been few, many have been the techniques or mechanisms proposed to avoid security problems. A specific example is that of Google, who has implemented a mechanism to control updates of its own components, more specifically the Security Provider. As of Android version 5.0, Google Play services check whether the device's Security Provider is updated before establishing an SSL / TLS connection. In this way, known problems of previous versions of these protocols are avoided. 7.2.2.1. Nogotofail Nogotofail is an open source tool developed by Google, which is used to verify the level of security of applications and devices against the known vulnerabilities of SSL / TLS protocols. It is an automatic, powerful and scalable tool, which is available to be used in multiple platforms, such as Android, Windows, Windows Phone, Linux, Chrome OS, OS X or iOS. Nogotofail is useful for three purposes mainly: • Find bugs and vulnerabilities • Check corrections and detect backward steps. • Understand what applications or devices are generating. For more information you can access the project page https://github.com/google/nogotofail 7.2.2.2. Pinning Because the weakest point of the SSL / TLS protocols is the certification chain, the pinning technique has emerged in order to prevent an application from being tricked by the use of a fraudulent certificate. This technique simply consists of saving the pins of the valid certificates of certain servers. These pins are usually hardcoded in applications and are nothing more than a cryptographic summary (hash) of the public key (and algorithm information used) included in the certificates. The time that the certificates are remembered is determined by the updates of the application. This technique is not a problem in itself, but because in the first implementations an application must have hardcoded all the certificates that it trusts, in the long term it will be unsustainable and will provide very little flexibility and p o w e r. F o r t h i s r e a s o n t h e n e e d t o i m p l e m e n t a dynamic pinning , that is, to add and remove certificates without having to update the applications, has arisen . 7.2.2.3. HSTS (Strict Transport Security) HSTS [10] is a security mechanism that allows web servers to declare themselves accessible only and exclusively through secure connections. Once a web server is configured with HSTS, it will use a special field in the HTTP response header called "Strict-Transport-Security" to inform clients. 7.3. VPN (Virtual Private Networks) A VPN network allows to establish a secure connection through the Internet between two private networks, which could be thousands of kilometers away, so that they look like one. In one of the networks is the client and in the other a VPN server, and between them an encrypted tunnel is created through which the data travels. This technology is widely used to connect two or more branches of a company, or simply so that the workers of the company can work from anywhere in the world as if they were physically in it. Another purpose for which this technology is also being widely used is to avoid regional blockades on the Internet. There are applications (for example, Hello Free VPN) that allow you to connect a device to your VPN servers for free, and thus navigate as if we were in any of the countries where they have servers. However, one must take into account a characteristic of VPN networks, and that is that by default they filter all the traffic generated by the device. So if you enter a service such as Netflix or YouTube nothing happens, but if you enter your bank account or use any other service that handles sensitive information you may not want those applications handle such data. Today there are a variety of VPN protocols, however not all are equally safe or provide the same characteristics. For example, the PTPP protocol is insecure, since its encryption algorithm has been broken and an attacker can access our data traffic. Regarding the most used and safe VPN protocols, we must highlight two, the IPsec and OpenVPN protocols, the latter based on the SSL / TLS protocol, which are supported by most mobile platforms. In fact IPsec is natively compatible with Windows Phone, Android and iOS. In terms of security, both protocols authenticate the two parties of the communication (client and VPN server) by user and password, or digital certificates, depending on how the server is configured. VIII. Summary Nowadays, mobile platforms are oriented to the use of applications and not so much to the use of web platforms. Therefore, other security problems have arisen / increased. The main problem that has existed for a long time on the Internet is the existence of malware, viruses and Trojans; software that is installed on our devices and performs malicious and / or fraudulent actions behind our backs. Before, this software came to our devices via Web platforms, which was not easy for the attackers; but nowadays, with the use of so many applications they have it much easier. The applications themselves can be the malware, virus or Trojan of turn. For this reason the stores of applications have had to put strong measures to limit the existence of this type of applications. Some have been stricter, Regarding the security of the information stored in a device in case of loss or theft, there are two levels of vulnerability. First of all, the passcode used to unlock the screen of the device can be hacked, although the use of a strong alphanumeric password can make a brute force attack need a lot of time to succeed. However, regardless of whether the attacker can get the passcode used or not, the data is still stored on the device, so an attacker with the right forensic equipment and enough patience can get it removed unless it has disk encryption. full activated. On the other hand, we have a wide variety of cryptographic algorithms and security protocols to develop and protect applications and devices. However, all these tools have a weak point, and that is that on paper can be safe but when implemented is easy to make mistakes. And that is exactly what, unfortunately, is happening quite generally. IX. Referencias • Aviv AJ, Gibson K, Mossop E, Blaze M, Smith JM. Smudge • Attacks on Smartphone Touch Screens. 4th USENIX Conference on Offensive Technologies; 2010. Apple. Use Touch ID on iPhone and iPad. Disponible en: https://support.apple.com/en-us/HT201371. • Apple. About Touch ID security on iPhone and iPad. • • • • • • • • Disponible en: https://support.apple.com/en-us/ HT204587. PayPal. Pague de forma sencilla y más segura. Disponible en: https://www.paypal-pages.com/samsunggalaxys5/es/ index.html. MSec. Apple iOS Hardware Assisted Screenlock Bruteforce. Disponible en: http://blog.mdsec.co.uk/2015/03/ bruteforcing-ios-screenlock.html. Rouse M. Advanced Encryption Standard (AES); 2014. Disponible en: http://searchsecurity.techtarget.com/ definition/Advanced-Encryption-Standard. Georgiev M, Iyengar S, Jana S, Anubhai R, Boneh D, Shmatikov V. The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software. ACM Conference on Computer and Communications Security; 2012. Disponible en: https://docs.google.com/document/ pub? id=1roBIeSJsYq3Ntpf6N0PIeeAAvu4ddn7mGo6Qb7aL7ew. Möller B, Duong T, Kotowicz K. This POODLE Bites: Exploiting The SSL 3.0 Fallback; 2014. Disponible en: https://www.openssl.org/~bodo/ssl-poodle.pdf. Dierks T, Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.2.Request for Comments (RFC) 5246; 2008. Disponible en: https://tools.ietf.org/html/rfc5246. Hodges J, Jackson C, Barth A. HTTP Strict Transport Security (HSTS). Request for Comments (RFC) 6797; 2012. Disponible en: https://tools.ietf.org/html/rfc6797. Egele M, Brumley D, Fratantonio Y, Kruegel C. An Empirical Study of Cryptographic Misuse in Android Applications. ACM SIGSAC Conference on Computer & Communications Security; 2013. Security in wireless networks introduction Mobile devices and wireless networks form a unique ecosystem, with characteristics and peculiarities that can hardly be given in other cases. As its name suggests, wireless networks do not use cables to transmit data, they use air, a means of free access. Only this already leaves us a somewhat special situation, and not easy to control. In this unit we will see how some of the most widely used and widely used wireless technologies nowadays in mobile devices are protected against possible attacks and illegitimate uses of them. Specifically, we will talk about Wi-Fi networks, the most widely used wireless technology in the world to provide Internet connectivity, and that has presented many security problems in recent years, allowing neighbors to connect to the Wi-Fi network you had at home or others made you believe that you were connected to the airport network when it was not like that. We will also talk about the third and fourth generation mobile phone networks (3G / 4G), which provide both voice and data connectivity, and that fortunately have greatly improved their security compared to the second generation (GSM). Another technology widely used and implemented is Bluetooth, which allows wireless devices to connect to each other, such as headphones or hands-free with smartphones. Unfortunately, these networks are not without problems, and we will see them in due course. And, finally, the NFC networks (Near Field Communication ), a relatively new and short-range technology in wireless devices such as smartphones. These networks have their particularities, but, undoubtedly, they share one thing, and that is that in all of them there are vulnerabilities and every day there are thousands of attackers trying to take advantage of them. II. goals In this unit we will study the security in the most used wireless networks in mobile devices nowadays: wifi, 3G / 4G, Bluetooth and NFC. But, particularly, we will analyze which security measures are implemented by each of the four technologies and how they have evolved or changed over the years. Also, we will try to identify the most known vulnerabilities, both in previous versions and in the current protocols, if any are known. And, finally, we will give some details of how they can be attacked by exploiting some of the mentioned vulnerabilities and also how, from the user's point of view, we can avoid certain attacks. III. Wifi The IEEE 802.11 specification (ISO / IEC 8802-11) is an international standard that defines the characteristics of a wireless local area network (WLAN). Wifi (which means "Wireless fidelity") is the name of the certification granted by the Wi-Fi Alliance, previously WECA ( Wireless Ethernet Compatibility Alliance ), a group that guarantees compatibility between devices that use the 802.11 standard. Due to the misuse of the terms (and for marketing reasons ) the name of the standard is confused with the name of the certification. A Wi-Fi network is actually a network that complies with the 802.11 standard. Devices certified by the Wi-Fi Alliance are allowed to use this logo: Since this technology allows connection to local networks and the Internet without the use of cables, by extension it becomes the means of data transmission par excellence in all modern mobile devices, so it is convenient to analyze this chapter in depth. 3.1.Terminology To correctly advance the contents of this teaching unit, it is necessary to previously explain some terms related to Wi-Fi technology. It is said that a Wi-Fi network is ad hoc when two or more devices send the data packets in a decentralized manner, expecting them to reach each and every one of the recipients without an intermediate access point being in charge of managing all the traffic. It is the typical case of two PCs that connect to each other, as if they were connected by a cable between them. This type of wifi networks is not what we would see in domestic installations (where there are routers with Internet access that centralize traffic and control access, among other things) or in companies (where there may be more complex networks of Wi-Fi hotspots connecting wireless parts and wired parts). An ad hoc network works when all the terminals involved have previously agreed on a channel, a network name, a security type and a valid security key. Infrastructure mode, in contrast to ad hoc mode , is typically found in wifi networks of homes and businesses. It corresponds to a device that is responsible for "building" and, optionally, announcing the existence of the Wi-Fi network with certain given parameters of speed, type of security, etc. The device that is responsible for raising the infrastructure in a home or small installations is the router, which in its current versions already integrates Wi-Fi technologies. For the purposes of this course, all the time of networks in infrastructure mode will be talked about, since they are the most common and those that allow to exploit 100% the possibilities of wifi technologies and security mechanisms used in them. 3.2. MAC In the Wi-Fi networks, although there is no "physical" link in the strict sense, as in its predecessors, the conventional ethernet cable networks, there is a control of each and every one of the terminals involved, so that each package of data is marked by a recipient that allows each of the terminals connected to the Wi-Fi network to know if a certain data package is for him. For this, the concept of "MAC address", inherited from ethernet networks, is still used to identify each and every one of the devices that are connected to the Wi-Fi network univocally. BSSID The BSSID, acronym for Basic Service Set Identifier , is the name that receives the unique identifier of a device that has created a Wireless network in infrastructure mode. In reality, it is the "MAC address" of the device that is creating such a network, so in the case of a router or a wireless access point, it is common to exchange both words to express the same meaning. ESSID The ESSID ( Extended Service Set Identifier ) is a friendly name assigned to a Wi-Fi network so that users can identify it easily and so that two networks in infrastructure mode can not be confused when they coexist in the same radioelectric space. Like the BSSID, this data must be included in all the packets that are sent through the radioelectric spectrum to identify them as part of that network. The code consists of a maximum of 32 characters, which most of the time are alphanumeric (although the standard does not specify it, so it can consist of any character). All wireless devices that try to communicate with each other must know and share the same SSID, much easier to access and consult than other more technical data, such as the BSSID. Beacon frames The Beacon frames contain all the information about the wireless network and (unless expressly indicated by the administrator of the network) are transmitted periodically to announce the presence of the Wi-Fi network, as well as its characteristics. Beacon signal A beacon signal consists of various data such as: • A MAC address header. • Timestamp or time with which the stations are synchronized. • Beacon Interval or interval between transmissions. • SSID. • Network capabilities, such as ranges of speeds and types of security supported. Given that these beacon signals, constantly broadcast, expose the existence of a Wi-Fi network, as well as its basic characteristics, it is considered a small increase in security risk, since a malicious actor can search for targets using a Wi-Fi network scanner and Find such a network as a possible victim. That is why, on certain occasions, network administrators disable the sending of the network name within the beacon signals for security reasons, leaving the network partially invisible to a simple network polling, since its name can not be guessed, it can only be detected (using a Wi-Fi network scanner) that a network exists and that it has data traffic. Probe request It is called probe request to the attempts of a Wi-Fi terminal (PC, smartphone, etc.) to find out if a certain Wi-Fi network with a name and characteristics that are known is available at a certain moment. This is used for a terminal to find a Wi-Fi network for which it already knows the key (normally, the Wi-Fi network of the user's router when it comes to their home, or of their company network when it comes to the workplace). 3.3. Wifi network scanner A wifi network scanner is a software that allows you to capture all the existing information in the wireless radio space, listing detected networks, their characteristics, whether they are ad hoc or infrastructure, if there are connected clients, how many are and what MAC address each has , etc. It is the basic tool for obtaining information and auditing to know the status of a network or networks in an area. While security auditors use Wi-Fi network scanners to identify and correct risks, recognize the terrain to be audited, etc., a malicious actor could use this tool to capture information traveling through the network without proper encryption, enumerate and identify Authorized users of a network, choose possible victims, etc. In Windows there are Wi-Fi network scanners like NetStumbler , and in GNU / Linux the reference tools are Kismet , or the Airodump-ng tool of the wifi security application suite known as Aircrack-ng. Screenshot of Netstumbler in operation Screenshot of Kismet in operation 3.4. Non-efficient security mechanisms The following security mechanisms can be considered nonefficient, in the sense that they can not successfully prevent data theft or unauthorized access to the network. 3.4.1. Hiding the network As we have said before, it is possible to disable the sending of the name of the Wi-Fi network in the beacon signals, making that no terminal can really connect to said network if it did not previously know its name and is able to demonstrate it by means of a probe request . If a Wi-Fi network has disabled the sending of beacon signals, it will still respond to a probe request that clearly refers to it by name (ESSID), delivering at that moment a visible response that could be detected by any other device within reach and leaving it exposed during the process. This happens in the same instant that a wifi device tries to connect to a network that it already knows, and it is in range at that moment; if a malicious actor was capturing network traffic at that moment, he will have found out the name of the network and can uncover it, or prepare complex attacks against the network that require knowing his name in order to be directed. Tools like Kismet do this automatically, and if an exchange attempt of connection of a client device happens, and then the recognition and response by the router or access point, Kismet informs the attacker through messages on the screen. The network, which until now was marked as , automatically goes to show the name that the client's probe requests have revealed when connecting to the network. Another problem that exists with this mechanism is that a malicious actor can crawl the network looking for probe requests and get names of known networks in which our terminal has been connected in the past, regardless of whether these networks are available or not at a given moment, since as a rule the terminals try to ask about the ava i l a b i l i ty o f a l l t h e W i - F i n e t w o r k s t h e y k n o w, launching probe requests that show a kind of history with all the names of the known networks where we were in the past. 3.4.2. Access control through MAC addresses As we mentioned earlier, Wi-Fi devices share many features of compatibility with ethernet networks, and the lower layers of their design are, in effect, the same as in traditional ethernet networks. That's why wifi devices also have a MAC address, which in theory should serve to uniquely identify each manufactured Wi-Fi device. White or black list The control of linking to a Wi-Fi network by checking its MAC address with respect to a white or black list is inefficient and relatively easy to circumvent. Wi-Fi devices have a unique MAC address recorded in their internal memory, but this MAC address is temporarily modifiable in a large number of hardware combinations (chip that implements Wi-Fi technology), software (driver that controls the communication of the operating system with said hardware) ) and auxiliary tools. In the case of blacklists where the MAC of our device has been introduced, we only have to change to any other MAC address. In the case of whitelists where there is a delimited list of MAC addresses that can enter the network, while the rest can not, the procedure to circumvent the control requires to previously find out a permitted MAC address of the whitelist, which could be do in a previous phase of listening to the network using a wifi network scanner. Malicious actor Once obtained one of the MAC addresses of one of the legitimate clients that connect to the Wi-Fi network usually, a malicious actor could alter the MAC address of his device to c o p y t h a t o f t h e l e g i t i m a t e u s e r, t h u s b e c o m i n g indistinguishable from the original for the systems of control of the link layer, so it would be identified as allowed. For more information, you can visit this article about the MACCHANGER software for GNU / Linux: https:// iloo.wordpress.com/2009/11/28/macchanger-manipular-ladireccion-mac/ And, finally, like all the security mechanisms that work at the link level, this alone does not prevent an attacker from stealing data by listening to the transmissions between the terminals connected to the network, even if said malicious actor is not connected to the network. For this, more robust additional security mechanisms are required, based on the encryption of the data. 3.4.3. WEP WEP, acronym for Wired Equivalent Privacy or " Wired Equivalent Privacy " (sometimes misinterpreted as Wireless Encryption Protocol), is the encryption system included in the IEEE 802.11 standard as a protocol for wireless networks that allows encrypting the information that is transmitted. Presented in 1999, the WEP system was designed to provide confidentiality comparable to that of a traditional wired network and hence its name comes from, although, from 2001, it was discovered that its security was very fragile, several serious weaknesses were identified by cryptographic analysts and nowadays a WEP protection can be violated with easily accessible software in a few minutes; therefore, it only serves as a mere deterrent to unauthorized access to non-technical users. WEP was disapproved as a wireless privacy mechanism in 2004, but is still documented in the current standard. We review in detail its operation and the reason for its vulnerability. The secret key WEP incorporates two levels of protection: a secret key and another of encryption. The secret key is simply 5 or 13 characters that are shared between the access point and all users of the wireless network. This key is of utmost importance for WEP, since it is used to generate different encryption keys from it, which are the ones that really encrypt in a unique way each packet of information sent to the network. The derivation of the encryption keys from the secret key sought to ensure that, if a packet of data could be deciphered in some way and find out the key with which it was encrypted, the information of other packages could not be deciphered or seen. WEP defines a method to create a unique encryption key for each packet using the 5 or 13 characters of the secret key (previously shared), plus a pseudorandom prefix that is changing for each packet. For example, let's assume that our pre-shared WEP key is "abcde". Therefore, this "word" will be concatenated with the pseudo-random value calculated for each occasion, for example, "123" in the first case, to create the encryption key "123abcde", which will be used to encrypt the package. For the next package, the pre-shared key "abcde" will still be used, but we will have another "prefix", for example, "456", and the encryption key "456abcde" will be created. This process will continue repeating during the transmission of all the data, changing the prefix for each package. Encryption algorithm Internally, the WEP security algorithm uses an encryption algorithm called RC4 as a basis, as well as other operations and previous calculations. The encryption algorithm RC4, in turn, is supported by a mathematical operation at the binary level called XOR. The XOR operation is a simple binary comparison between two bits that results in another bit, which takes the value 1 if the two bits are different, and 0 in case both bits are equal, such that: WEP is manipulable From this example, it should also be taken into account that, and this is where a serious problem derived from the use of XOR would later be discovered to encrypt data, in the same way that the result of the operation can be deduced by comparing the first two columns A and B, the same can be said of any of the original bits A or B . If we know the value of one of the two original bits and the resulting bit of the operation, we can deduce the other original bit . For example: This is an important part of how and why WEP is manipulable. RC4 is the encryption algorithm used to encrypt the data sent through the waves. RC4 is a very simple and fast encryption method that encodes each and every one of the bytes of data sent in a packet. It does this through a series of equations that have variables based on the encryption key. RC4 actually consists of two parts: the key planning algorithm and the pseudorandom generation algorithm. Each party is responsible for one step of the encryption process. Key planning algorithm The key planning algorithm, Key Setup Algorythm , is the first part of the encryption process. From the first byte of the key (including the initialization vector of the package, which is three bytes), what the KSA does is to distribute and place derived pseudo-random values in a matrix of values, thus preparing the raw material with which then the PRGA will generate a definitive flow key. It is not an excessively complex process, simply some mathematical operations are carried out, based on the preshared key, to obtain as a result a list of pseudorandom values between 0 and 255. These values are going to be used by the next RC4 element (the PRGA ) to obtain a bit stream that will serve for the final encryption of the data. It is important to remember that the KSA takes the bytes of the key in order, one by one, to do its preparation operations. The pseudo-random generation algorithm or PRGA (for its acronym in English Pseudo Random Generation Algorithm ) is the part of the process of RC4 that generates a flow key for each packet that is sent, based on the values that the KSA has prepared to use them as a pseudo-random seed. This bitstream will be the one used to encrypt the data of a given packet, applying the XOR binary operation that we have already seen. As we have already mentioned, XOR only requires that we know any of the two values involved in the operation to know the third . In other words, if the clear text was known, and since the encrypted data can be obtained with a simple wifi network scanner, a malicious actor could deduce the value that the PRGA has generated for that package. It may seem that the assumption raised is not possible to happen (an attacker will not know the data without encrypting, precisely, that is why he is an attacker); however, this helps break the cipher by statistical analysis. Summary In short, to encrypt a data packet: Packet encryption process The following graphic describes the process including the systems for checking the integrity of the data: Breaking WEP with its design weaknesses Now that we understand the basic concepts of how WEP works, let's review what are the main weaknesses that we can unite to get information to break the encryption. The initialization vector (IV) is sent as plain text with the encrypted packet , because if not, the receiver has no way of knowing what it is, and without it it could not know with what final key of flow it must decipher a certain package that receives . Therefore, anyone can easily discover this information by capturing traffic with a Wi-Fi network scanner and thus learn the first three bytes of the key used to encrypt a packet. Both the KSA and the PRGA have data leaks that can be known and that take place in the first iterations of their operation. In the case of the KSA, we know what the loops of its algorithm will do in the first three iterations; its algorithm takes value by value the elements of the wifi key, to which the three bytes of IV of the package that is being encrypted have been put forward, to make the encryption key vary in each packet. For the wifi key "abcde", and given a package that has the IV "123", the wifi key for the packet will derive from the expression "123abcde". We can not know what values the KSA will take in the blue zone, but we can know those of the red zone, since the IV is sent in clear, without encrypting. In the case of the PRGA algorithm, it always starts the first iteration of its loop taking the values of the first element from the list of pseudo-random values that the KSA has prepared for it as a key. We do not know what value it is, but it is the first one in the list of values and that its value will be constant for the first iteration of the PRGA in each data packet. XOR allows knowing any third missing data when you have any combination of two known data. As we know, KSA aims to return an array of pseudorandom values from the Wi-Fi password of the package, and this is done through a "shuffling" process. As the KSA was designed, it has been found that there is a statistical probability of 5% that the values of said matrix that are in the positions S [0] S [1] S [2] S [3] do not change at all after shuffling four times. In other words, a malicious actor can predict the result of the KSA algorithm for those three values with 5% of probabilities. Although the data package is encrypted, we know that it always contains internal headers of lower layers of transport and communications, which are known and, although they do not necessarily have to see WEP, accidentally introduce a weakness in it. The first data value encrypted in a WEP wifi packet is what is called the SNAP ( Subnetwork Access Protocol ) header , which belongs to the IEEE 802.2 standard. Its value is always "AA" in hexadecimal, or 170 in decimal. This means, essentially, that once the first byte of encrypted text is obtained by capturing packets with Wi-Fi network scanners, it will be sufficient to do an XOR against the value 170, and it will result in the first byte of the flow key that has generated the PRGA. In the WEP encryption process, it has been statistically proven that, when an IV has a certain aspect, some information can be deduced from it. It is what, in terminology of wifi network cracking, is known as a weak initialization vector and is recognized by a certain value in the first two bytes that compose it (the third byte can be any value): B + 3, 255 Where B is the byte of the Wi-Fi key that can be reached with that package, due to the design weaknesses of KSA and PRGA. Since we already know the first three bytes S [0] S [1] S [2] because they are provided by the same IV, we would begin to be interested in the bytes starting from the position S [3], since it is from there where we would start to find the wifi key configured by the network administrator. A value of B = 3 would indicate a useful package to obtain the first byte of the wifi key, a value of B = 4 would be useful for the second byte, etc. The value 255 of the second byte indicates that the KSA is at a vulnerable point in the algorithm, so that package will meet certain conditions that make it reveal useful information to break the encryption. Steps to follow 1. Now that these points are available, we are going to unite them in the same way that a malicious actor would do to crack the WEP security of the network. 2. Imagine that we are an attacker trying to enter our network, and that we have a working Wi-Fi network scanner with which we have captured an encrypted data packet from our network. We obtain a package with an IV that we identify as weak (3,255.7). 3. This IV indicates that the packet filters information about the first byte of the Wi-Fi key. 4. With the bytes of the IV, you can perform the calculation equations of the KSA until you reach the third iteration, which is where the bytes of the IV end and the bytes of the wifi key begin. 5. For the fourth loop of the KSA, where we do not have everything necessary to follow the equations, we have to resort to another weakness of the algorithms to obtain more information to help us deduce what we lack: the known data in the encrypted package. 6. Recall that the final step of the RC4 algorithm is to make an XOR of the original data against the data generated by the PRGA. 7. The first data byte always contains what is called the "SNAP header", whose value is known and constant (170 in hexadecimal). Therefore, and given that XOR is a bidirectional operation, we can take an encrypted packet and deduct the first byte of the specific encryption key of that package by simply doing an XOR against the value 170 in decimal. 8. Using a Wi-Fi network scanner to see what the value of the first encrypted byte of the packet is, and doing XOR against 170, we can get the value of PRGA against which the original data was encrypted. As a result of knowing the PRGA, we can do the PRGA equations backwards to know the values that were fed from KSA, which will reveal a variable of the KSA equation that was not apparently visible, and that, once obtained , allows us to isolate the only unknown left in KSA, which is the byte of the key for that position; undoing the operations of the algorithm in the opposite direction, we get to obtain the byte of the desired key, and, once this step is done, we can capture another data packet encrypted with weak IV and repeat the process until all the bytes of the key have been completed . 9. This mathematical condition, by which the data of the wifi key is accessible behind equations with enough known values to be solved, can only happen 5% of times, specifically, when the first four elements of the matrix S [] ( which is used by KSA to shuffle the key data in a pseudo-random way) have not been affected after the first shuffling operations performed by the algorithm. Breaking WEP with advanced attacks The design decisions that were made about the RC4 algorithm have made it a very vulnerable element in any security mechanism that uses it. Much of other advanced attacks that have subsequently been investigated, confirmed and implemented by researchers are based on RC4 weaknesses. Replay attack ARP Replay attack ARP. Capture a valid encrypted packet that arrives from the router, and that by its length it is clearly known that it is an ARP-type packet, which can be perfectly forwarded by the attacker as it arrives, although he can not decipher it yet. Being a 100% valid package, the network receives and interprets the same as another valid ARP request. This, in turn, causes the access point or router to respond to said ARP request once more, with the difference that in each packet sent the router changes the IVs with which it is encrypting the packet, thus creating a new packet with possibly useful information for the assailant. The idea is to force the router to transmit large numbers of weak IV packets by injecting legitimate looking traffic to which the router must respond, speeding up the process of collecting packets with weak IVs. With these attacks, it is possible to obtain enough data to break a WEP network with maximum encryption strength in minutes. Attack ChopChop Attack ChopChop. This attack uses the responses of some routers against malformed packets. It uses the information of said answers to obtain information of complete PRGA, and in this way to decipher, without knowing the Wi-Fi key, an encrypted data package that was previously captured. For more information, visit this article with the detailed theory: http://www.aircrack-ng.org/doku.php?id=chopchoptheory 3.4.4. WPA (version 1) Changes and improvements regarding WEP WPA emerged to correct the limitations of WEP. Its most normal variant is the WPA-PSK. Use the PSK system, or pre-shared key. In it, all users of the wireless network have the same Wi-Fi password that the user defines, in the same way that it happened with WEP networks. There is also a corporate WPA version known as WPAEnterprise. It offers additional security by requiring identification with a name and password in special authentication systems, such as RADIUS or 802.1X. WPA introduced security improvements such as the fact that passwords can be between 8 and 63 characters long, unlike WEP, whose password was only 5 or 13 characters. TKIP But, undoubtedly, the biggest change was the introduction of the TKIP ( Temporal Key Integrity Protocol ), which varies the keys used in the Wi-Fi connection (not to be confused with the Wi-Fi password) every so often. Although TKIP uses the same algorithm internally as WEP (RC4), it constructs the keys differently and more securely with respect to WEP, that's why TKIP characterizes WPA1; basically, it is the new way to build the unique packet encryption keys derived from the wifi key. TKIP solves the problem of reuse of the initialization vectors of the WEP encryption that we have previously seen. WEP periodically uses the same IV to encrypt the data. TKIP is based on less repetitive patterns and longer vectors. TKIP also seeks to recover security in lower layers, controlling cryptographically the link layer (MAC addresses) whose security had not been implemented in WEP. Enabling WEP encryption and MAC address control separately did not work: ordinary MAC access control does not implement cryptography of any kind, it simply checks the MAC of the packets and allows or denies access based on it. Anyone can know the list of allowed MACs by scanning the network traffic, even before breaking the WEP encryption, making this measure not very robust. Therefore, WPA needed to do better control. The TKIP process begins with a 128-bit temporary key that is shared between the clients and the access points. It combines the temporary key with the MAC address of the client, thus achieving control of the link layer mentioned above. Then, add a relatively long initialization vector of 16 octets (unlike the 3 octets of WEP) to produce the key that will encrypt the data. This procedure ensures that each station uses different encryption keys for data flows. To avoid the use of weak IVs, a hashing of the cryptographic parameters used in each packet is made, and sequential numerical control of the packets sent, so that the IV can not be used for many types of attacks that were possible in WEP . IEEE 802.3 SNAP header Still vulnerable WPA continues to use the RC4 algorithm to perform the encryption, as it was used in WEP encryption. However, a big difference with the WEP is that it changes the temporary keys per 10,000 packages. This provides a dynamic distribution method, which significantly improves the security of the network and covers to a large extent the known vulnerabilities of the RC4 algorithm, since it makes it very difficult to obtain useful statistical information to try to complete the encryption equations. As already mentioned, WPA continues to use the RC4 encryption system. We have already seen in the WEP section that RC4 has a fragile design, in the sense that it allows to find the keys through statistical analysis. Although WPA tries to compensate for these vulnerabilities, security problems of a cryptographic origin appear again. With enough traffic captured, the encryption can be analyzed and broken, because, although not as much as in WEP, useful information continues to leak to complete the decryption equations and deduce the values used to build the PRGA, configure the intermediate keys in the KSA, deduce the algorithm of temporary key change and finally arrive with all this to the wifi key. After monitoring an access point for about a day and capturing all traffic, a malicious actor can, using specialized software, break the WPA1 encryption, similar to how you would with WEP, but simply needing more time. WPA1 is safer and much more dissuasive, since the technical level required is even higher, but it is still vulnerable . 3.4.5. WPA2 WPA2 arose to definitively correct the weaknesses of the ciphers used in WPA, so that the use of RC4 was finally eradicated to prevent the accumulation of information by capturing traffic to deduct anything. Like WPA1, it maintains the two variants depending on who and how the master password of the WPA2 network-Preshared key personnel fits with all the stations that connect and WPA2-Enterprise, which offers additional security by forcing identification with a name and password on special authentication systems, such as RADIUS or 802.1X. Changes and improvements regarding WPA version 1 The key point is that the backwards compatibility with the old hardware is not maintained, thus allowing for more complex algorithms that are close to the most advanced encryption, integrity and authenticity control standards of the moment. Although the length between 8 and 63 characters is maintained for the wifi password, the AES 128-bit encryption replaces the insecure RC4 encryption, solving all the problems derived from RC4, which allows to guess certain cryptographic parameters through statistical analysis. Increase the robustness of packet integrity control The robustness of the packet integrity control is increased by adding ( cipher block chaining message authentication code ), replacing other simpler or more predictable mechanisms of integrity checking such as the Michael algorithm in WPA. The Michael algorithm was the strongest that the WPA designers could create, under the premise that it should work on the older wireless network cards; however, it is susceptible to attacks, and WPA2 did not seek hardware compatibility, so it was able to implement CBC-MAC. With regard to the possibility of breaking the encryption, at this time there is no known method that achieves it, for this reason AES is considered the most robust and suitable encryption for this type of networks [1] . There is only the possibility of capturing the "4-way handshake", which is exchanged between the device and the access point as an authentication mechanism in a WPA2 network. In the case of WPA2-PSK ( Pre Shared Key ), this 4-way handshake should be understood as a copy of the original lock on which a malicious actor could make checks of different "keys" (passwords) to find the correct one. If a valid handshake is captured with a Wi-Fi network scanner, we do not obtain the password of the same, but the basic information against which to check a possible password to check or discard it, thus allowing brute-force attacks through password dictionaries. The choice and use of a robust password remains crucial There are software tools that use the powerful graphic processor of modern graphics cards as a mathematical coprocessor to perform brute force attacks hundreds of times faster than with ordinary PC, so the selection and use of a robust password is still crucial. WPA2-Enterprise enterprise Wi-Fi networks are not vulnerable to dictionary attacks, since the RADIUS server will ra n d o m l y g e n e ra t e t h e s e k e y s a n d c h a n g e t h e m regularly. Legitimately connected devices must first be authenticated by an individual username and password and before receiving the password by a secure channel derived from prior authentication (that is, although the authentication server informs the device of the key in at that moment, said key is encrypted so that only the device that has been authenticated can decrypt it). The use of WPA2-Personal means having the most robust Wi-Fi security technology available today, mitigating all the vulnerabilities and weaknesses described in this section for WEP and WPA in any of its versions, as well as WPA2 in its WPA2-Personal version. [1] http://www.islabit.com/51272/seguridad-wi-fideberiamos-usar-wpa2-tkip-wpa2-aes-o-ambos.html . IV. 3G / 4G networks Most of the mobile devices that run the Android, iOS and Windows Phone platforms connect to 3G / 4G networks to have voice and data connections when they do not have a Wi-Fi network within reach, which provides them with greater security in the communications. However, everything has weak points, and as the years go by they grow in number and importance. Although the first thing that must be highlighted is that, a priori and without further deepening, the fourth generation (4G) mobile network, by design, is more secure at the link level, but more insecure at the network trunk level (the network of the operator) than its predecessor, the third generation (3G) network and other previous mobile networks. How could this happen? Well, very simple. The main problem is given because the trunk of the 4G network is totally based on the use of the IP protocol (Internet Protocol ). In contrast, in the 3G network, and its predecessors, despite having other problems, its core is based on the combined use of the IP protocol and the SS7 protocol ( Signaling System 7 ). Unfortunately, this design can lead to problems for both the mobile operator and the user indirectly, especially at the level of privacy and data protection. IP Protocol The IP protocol is much more open and known than the mobile protocols used in the past, and has been exploited successfully by hackers for many years; In this way, the use of IP opens the door to a series of potential threats in the 4G mobile network. The IP protocol alone does not provide any security measure, so even though the 4G architecture provides security, mobile network operators have an essential role in managing the security of these networks through their design, implementation and operations. Mobile network operators can not be complacent about security in the 4G network and the need to actively protect multiple points of entry into the network. The 4G network brings with it an increase in the complexity of security management for operators. However, by taking the necessary measures, they can minimize the impacts of many of the security threats hitherto known in this type of network. KASUMI The previous networks present other problems at the link level due to the passage of years (outdated or insufficient measures to date), to the greater knowledge we have of these technologies, and to the power of the devices used today. For example, in terms of cryptography, 3G networks use KASUMI block encryption, which is implemented to provide confidentiality in the UEA1 encryption algorithm and integrity in the UIA1 algorithm (algorithm based on message authentication codes). This encryption was already being used in GSM and GPRS networks to provide confidentiality in the encryption algorithms A5 / 4, A5 / 3, GEA4 and GEA3. KASUMI uses a block size of 64 ...
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello i can assure you that the solution and the report will be fine. For the better part of the assigned time i have used it to configure the testing environment that is drozer and establishing the session with my android phone.After a lengthy research i was finally able to install drozer as my analysis tool, this is a big milestone, furthermore i was ablle to get all that is required to have a good report. Below include the screenshot of a well set environment for testing the apps. Am requesting for additional 12hrs only to complete the report , Again much of my time i used to configure the tool which is now ready
Hello check the report , remember to deliver the app file that i used (the one you sent the links for)In case of a comment inform

Running head: Analysis of smartphone security

1

USING DROZER TO ANALYSIS ANDROID APPLICATION SECURITY
STUDENT’S NAME
INSTITUTION’S AFFILIATE
COURSE NAME
DATE: March 3, 2018

Android smartphone security

2

Abstract
As mobile devices are increasingly encroaching in more persons’ live same is the security concern
of the mobile app and the device themselves. Mobile and especially android smartphone
application poses several security threats in relation to user data and information as outlined by
OWASP.In their discussion, they noted how the smartphones are...

Similar Content

Related Tags