보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

Smartphone, promising battlefield for hackers

Bo Li1) , Eul Gyu Im 2)

Abstract
As smartphnoe becomes popular and the processing power is catching up with PC, although it brings
much convenience to people’s daily life from fast access to latest information to efficient financial
activities, more potential security threatens needs to be solved. As the mobile operation systems in different
devices become common like Symbian and Windows Mobile, it is more possible for fast virus propagation
and large scale damage soon. There have been several attacks targeting smartphone till now and it is a
trend that hackers may move the battlefield from PCs to smartphones because of promising profit and
smartphones’ limitations for antivirus work. This paper will present several security issues, predict possible
attack forms and give some defense suggestions for smartphone security protection.
Keywords : Smartphone, virus, security issues, privacy, defense approaches

1. Introduction

Nowadays, mobile phone has already become part of people's daily life. While the powerful smartphone
gradually takes over portable computer's role and brings great convenience, some potential security issues
emerged recently as the smartphone becomes popular and more software is implemented on smartphone
operation systems. Hackers may migrate to this new platform as profit from smartphone gets rich as well as
private information of the users like accounts. The infected smartphone may automatically record phone calls;
delete data and spam phone call and short messages, etc. It will not only cause great security thread but also
bring economic loss to common users.
Take example of typical smartphones like Apple iPhone, RIM BlackBerry, Windows Mobile, Google
Android, Palm Pre and so on. The amount of usage grows rapidly in recent few years. Besides functions like
phone calls and messages, they can handle some office jobs like reading the emails and documents. Moreover
nowadays smart phone can surf the Internet and deal with some business activities such as bill payment. Based
the hand phone systems like Windows Mobile、SB、Linux、UIQ and MAC OS hackers can develop malwares
that can run on these systems. However these more powerful utilities bring potential security vulnerabilities to

Received(December 06, 2010), Review request(December 07, 2010), Review Result(1st:December 22, 2010, 2nd:January 07, 2010)
Accepted(February 28, 2011)
1
Department of Electrorics Computer Engineering, Hanyang University, 133-791
email: libo879@hanyang.ac.kr
2
(Corresponding author) Professor, Department of Computer Engineering, Hanyang University, 133-791
email: imeg@hanyang.ac.kr
89
Smartphone, promising battlefield for hackers

the smartphones. Therefore some malware's behavior can be migrated from computers like Trojan or Worms.
Besides, common operation systems make virus' fast propagation possible.
Although threats from mobile has not caused high impact historically, devices such as iPhone Google
Android may become a popular target because of huge amount of memory resource and sensitive data storage.
At the end of 2009, Websence has recorded four attacks on iPhone within just few weeks. This marks the
beginning of attacks like data stealing and bot malwares targeted iPhone. Smartphones like iPhone and Android
takes more important role in business activities just like a portal computer. Smartphones will soon face up with
the former attack forms that have been targeted at computers and network or even unexpected attack forms as
the smartphones' communication channel is different from traditional network. What's more, the vulnerable
security brings risk to the private and business information stored in smartphones. Some implementations
involving finical activities also attract hackers' attention because profit hides inside them. Although there are no
attacks like mass spam mails targeted at smartphones, but just as the propagation of worms and virus on
computers, the smartphone probability will be the next target.
This paper is ordered as the following sequence, firstly general introduction of smartphone's network feature
and operation system are presented in section 2. Section 3 gives some information about develop trend. Section
4 analyses some security issues. Section 5 gives analysis about security responsibility in view of user,
manufacture and operators. Moreover, section 6 and 7 gives smartphone virus attacks methods and some cases
in detail analysis. Then defense corresponding approaches are presented in section 8.

2. Smartphone

Smartphone is just like a PC which has independent operation system. By installing the service provider's
software, the function features can be extended. And smartphone's network feature is the combination of
Internet and telecom networks. Threat for attacks mainly comes from two forms, Internet like downloading,
telecom like SMS or phone calls. Also some attacks may rise from WLAN and Bluetooth.

[Fig. 1] Smartphone become end points of both the Internet and telecom networks[1]
90
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

2.1 Network

Although the traffic cannot work as fast as PCs’ network speed like Internet, but based on GPRS of GSM
network, CDMA, 3G network and small scale Bluetooth and Wi-Fi communication, the data transaction is
continent although more complex than PCs. So there is more challenge from intrusion detection from all these
communication channels.

2.2 Operation system

Operation system will decide the features and functions of the smartphone in some way, and it will decide
the robustness of the platform for software’s performance. And it is the fundamental target of launched attacks
as special attacks can only works in smartphones on certain operations systems. So firstly we’ll list some major
operations for today’s popular smartphones. Figure 2 listed the smartphone market share in year 2008 and 2009
from ars technica’s sales volume.

[Fig. 2] Worldwide smartphone market share by operation system [13]

2.2.1 Symbian

Symbian is majorly implemented in Nokia smartphones as well as some products of Samsung and Motorola.
Symbian OS provides PIM (Personal information management) functions and some third-party software. But
Symbian usually will be adapted to different devices according to hardware. Symbian OS can support document
reading for Word, excel and PowerPoint. But document editing may depend on the hardware. To email, it
supports POP3, IMAP4 and Webmail and many push-to-email schemas. Although scale of third-party software
is not so large as Palm and Windows Mobile, it can satisfy general user requirement.

91
Smartphone, promising battlefield for hackers

2.2.2 Linux

Nowadays, there are more and more smartphones works on Linux system, but almost each kind of device
needs system development, as there is no common standard for this platform. But the concept of GreenPhone
is raised which will provide a unified Linux software platform and each device may just add some features.
This platform is just similar as a complete smartphone operation system. But the limit lies in its high
requirement on hardware which makes the cost higher for software development. While the obvious advantage
lies in open source of Linux and free of patent fee. Implementation of Linux on smartphone just takes the
beginning.

2.2.3 BlackBerry

BlackBerry has the biggest smartphone market share in America. Developed by RIM(Research in Motion),
it’s typical feature is adaption to email system and regarded as business device with less multimedia processing
power. The perfect synchronization between BlackBerry and PC makes it outstandingly continent for email
handling. The received mail by Outlook can be retransmitted to Blackberry. The limit lies in its reliability on
email function.

2.2.4 iPhone OS

iPhone OS is the operation system specially for iPhone which is developed by Apple Inc. It is implemented
on iPhone and iPod touch. This operation is based on Darwin OS like Mac OS X. The architecture for iPhone
OS is divided into four layers, the Core OS layer, the Core Services layer, the Media layer and the Cocoa
Touch layer. And the memory consumption for OS needs 512MB. iPhone OS has its unique design about UI
by supporting multi-point touching including swiping, tapping, pinching and reverse pinching. And the inner
accelerator can change screen direction by changing the Y axis. To software supporting, as iPhone and iPod
Touch use CPU based on ARM Architecture which is different to Macintosh’s x86 architecture. So software
needs to be adjusted for iPhone and iPod Touch.

2.2.5 Windows Mobile

Once regarded as competitor of Palm OS, but now the implementation of WM (Windows Mobile) has
exceeded over Palm. Its extravagant processing performance of Word and Excel and direct mail handling
technology and data storage makes it popular nowadays.
Take advantage of technical support from Microsoft, WM shows great compatibility with PC and Office as
well as powerful multimedia processing techniques. But WM has defects for high requirement for hardware,
software complexity and unstable of operation systems.

92
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

[Table 1] Smartphone OS comparison

OS
Symbian Linux BlackBerry iPhone OS WM Android Palm
Feature

Standardized Y N Y Y Y Y Y

Multimedia
Y Y N Y Y Y N
performance
Third-party
Y Y Y Y Y Y Y
Application

Multi-task Y Y Y N Y Y N

Open source Y Y N N N Y Y

PC Synchronize Y Y Y Y Y Y Y

C++ C C/C++
Core language C C C/ C++ C/C++
JAVA ME JAVA

2.2.6 Android

Android is an open source handset operation system based on Linux platform. It is composed by operation
system, middleware, user interface and application software. It is mainly divided into three layers using
Software Stack architecture. The fundamental layer is developed by C based on Linux kernel which only
supports some basic functions. The middleware contains function library and virtual machine using C++
language. And the upper layer of application software is developed by different companies based on JAVA.
Software such as phone call and message handling are developed in this layer. Android’s objective is fully
opened and complete mobile software. Companies like Motorola, Samsung, LG and China Mobile has joined
this program for Smartphone software development.

2.2.7 Palm

Palm is still the most stable operation system although lack of multimedia processing power. The simplicity
of operation is typical characteristic for arrangement and fast memo. Palm OS operates with single thread,
which seems almost free from memory overflow. Palm OS also provide two methods for synchronization with
PC, Outlook and Palm Desktop. Although Palm OS cannot support Office documents, but almost all the
devices is installed software for support of Microsoft Office and synchronization of Word, excel and
PowerPoint documents with PC. Also it supports PDF documents. With VersaMail it can supports email
handling similar to WM.

93
Smartphone, promising battlefield for hackers

2.3 Evolution Trend

Where will today’s smartphone go? Is there more security issues related to these development targets? Here
we listed some possible directions for tomorrows’ samrtphones’ feature enhancement.
GPS (Global Position System) functions become common now as many new devices support GPS functions.
Besides traditional positioning GPS providers now promotes more kinds of services like compass and speed
measurement.Open source can gather more developer’s ideas and efforts, it provides chances for creative
implementations on smartphone. Google has start open source on Android platform. Battery’s performance is an
important indicator for smartphone, because implementations like Wi-Fi, Bluetooth and multimedia processing
take high power consumption. Efficient energy saving schema and operation system are essential to user
experience. For its high power consumption ratio, chipset for Wi-Fi still have room to upgrade for energy
saving, processing speed and more stable connection. Taking advantage of Hotspot@Home tech by T-Mobile,
user can call VOIP with Wi-Fi supported smartphones. RIM have developed BlackBerry Pearl 8120，
BlackBerry Pearl 8120 which can support this function. Smartphone’s security threads go along with its
processing power. Many security issues emerged recently such as device locking, function locking, encryption,
accessing verify, data stealing, firewall, VPN and so on. Smartphone need to balance business features and
personal implementations like multimedia entertainment. Now the major feature is email handling, but as the
network environment getting better, there are lots potential functions ready to be developed such as the support
of Web 2.0, ID-verify based financial activities. Develop potential functions for camera which may be just
regarded as decoration in some way. Femtocell will broader the coverage square for family or office and the
network performance will be upgraded obviously.

3. Security issues

Exposed to Internet and telecom network, it opens enough channels for virus, backdoors or spy malwares’
spread. And even if you lost the phone, the issue is how to your private information stored in the phone.
What we’ve already known about mobile security issues are spam messages, telephone harassment, virus, spy
malwares, but when encounter with the age of 3G, trend of smartphone powerful as PC and mobilization of
network, more security threads target to today’s smartphones and PDAs, and who should take the responsibility
for smartphone security, the device manufacturers or the service providers? All these need an answer. Here
some common security issues are listed below.

3.1 Spam SMS

94
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

As the cost of SMS is relatively low and the majority of mobile devices does not have any filtering tools,
spam SMS is effective method to spread advertisement, even for some illegal activities. When comes to profit,
these spam SMSs can become fishing means. To block these spam SMS, monitoring system needs to be setup,
but it may cause contradict to privacy information protection. Figure 3 presented a mobile message spamming
survey from McAfee mobile security report [17]fromUK,USAandJapan.

3.2 Spam mail

Although spam mail in smartphone just takes the initial stage, as limitation for filtering it will be target of
mail spammer soon. Advertising, network fishing all the security issues that appeared on PCs will be duplicated
on smartphone, like virus propagation by fishing links or malware attachment.

3.3 WAP attack

WAP (wireless application protocol) attack mainly refers to the attack on WAP servers, so that WAP-enabled
mobile phones cannot receive normal service information. The current WAP wireless network security
mechanism is not so complete, more and more hackers will encroach on this field. If the hackers have found a
WAP server's security vulnerabilities, they may write special virus to launch attacks to these WAP servers that
has the security vulnerability. Thus it will affect the normal operation of the WAP server, so that to the
normal WAP phone cannot receive the network information.

[Fig. 3] Frequency of mobile message spamming[17]

3.4 Phone tapping

The current technology can not only spy on mobile phone's theft voice or image information, but also
95
Smartphone, promising battlefield for hackers

determine the location of the owner. General phone owner can be an eavesdropper locked in within the range
of 100 meters, if it is installed GPS technology, cell phones, attackers can detect the main scope of activities
is accurate to within 5 meters. To smartphones any security vulnerability may provide chance for hackers to
take over your smartphone and send sound record or other information to them.

3.5 Virus

Since 2004, the virus has invaded the mobile phones such as making cell phone cannot use SMS or accept
costly mobile phone charges, as well as anonymous phone bills to make more charge. McAfee research shows
that, either directly or indirectly, one-seventh of the global mobile phone users have been subjected to cell
phone viruses. Since the virus first appeared in 2004, different types of viruses, worms, Trojan horses have
appeared in particular the number of Trojan horses shows slight increase.
Mobile phone viruses are major causes of private information leaking of smartphone users. If the phone is
infected, not only the phone calls are unsafe but also the stored personal data is also not safe. Now the
gradual standardization of phone operating system makes it easier for hackers to find vulnerabilities. These
defects make the accessible smartphone exposed to attacks via network. And thus all the information stored is
possible to leak. The common anti-virus schema is strict limitation of software and data downloading from the
Internet and abnormal behavior monitoring.

3.6 Bluetooth info leaking

Information theft via Bluetooth only happens in the case of no message encryption and Bluetooth
transmission distance is relatively close. As long as there is good encryption, using Bluetooth to transfer data
security is guaranteed. Bluetooth has involved some vulnerability which caused some serious attack forms such
as bluejacking, bluebugging and bluesnarfing which can even get total remote control of devices.
Bluejacking refers to the use of anonymous business card sending. Bluejacking will not remove or modify
any data from the device. These cards usually include a number of teasing or flirtatious messages rather than
commonly referred to or displayed as the name and telephone number. Bluejacker usually look for ping-pass
cell phones or the users that may react to the ping requests, and then they will send more information to the
device. Possibly some malwares may be spread in this way.
Bluebugging [14] tools have allowed Bluebugging to "take control" of the victim's phone via the usage of
the victim's Bluetooth phone headset. It does this by pretending to be the users' bluetooth headset and therefore
"tricking" the phone to obey its call commands. This flaw could allow an attacker to make calls, send
messages, read phonebooks, examine calendars, connect to the Internet, etc.

96
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

Bluesnarfing [15] is the unauthorized access of information from a wireless device through a Bluetooth
connection. Attackers can get access to calendar, contact list, emails and text messages and even copy private
pictures and videos. Some programs can break into the phones without allowance. Bluesnarfing is much more
serious than Bluejacking, but both can exploit others' Bluetooth connections without user's awareness.
Manufactures has solved these problems by software updating, but still possible vulnerability may cause
reappearance of these attack forms.

3.7 Phone losing

Smartphone's lost for individuals would take disastrous outcome because not only their contact information is
lost; what's more important is that the private information is exposed. And later there may be possible
information fraud.

3.8 Web surfing

In a 2009 Trend Micro smartphone survey, over 50% of smartphone users already surf the Web from their
device for over 30 minutes per week. Of these, more than 12% are spending more than 120 minutes per week
surfing the Web, and the numbers are still growing. [10] As web browsers installed on smartphones are
relatively simpler than those runs on the PC with less security concerns. Security threads may comes from
some automatically downloading or fishing website.

4. Who take the responsibility for smartphone security

Devices like iPhone's popularity attract hanckers' attention. Although only ATT network supported, still not
likely to set foot in Blackberry, Treo and other core mobile office equipment, promisingly they will soon
become daily assistants for us. Security companies like McAfee raised the concept that as business activities
become more reliable to these smartphones, and finally who should guard information security, the manufactures
or the service providers, it remains a question.
Although compared with the threads that the PCs are faced with, smartphones are relatively safe territory.
But malwares targeted at handsets grows faster than non-mobile devices. Malwares can propagate though
appended emails or messages, software downloading, Bluetooth and so on. Besides fishing fraud, spam mail
and messages, spy malwares appeared on handsets. Even taking advantage of Internet communities users are
enticed to download malware. We need to raise awareness about potential threads behind its convenience.
Figure 4 is a market survey from Macfee [17] which indicates users are expecting operators and manufactures

97
Smartphone, promising battlefield for hackers

to take the responsibility.

Operator: Mobile operators always seek higher market shares by bettering service quality and wining
consumer confidence. Common measures are promotion of fast Internet access, stable email service, GPS and
mobile check with less concern about the potential security threads, but in long term period taking security into
consideration may be better choice. To the combination of stable and mobile networks, the quality should take
the priority. Fortunately, many major operators now have set up special security teams focus on those
smartphone security issues that customers concerned about.
Manufacture: It is the same to device manufactures in some way. Nowadays as the hardware's processing
power develops rapidly, smartphone features and applications are major elements that different companies
fiercely compete with each other as obviously better features attracts more customers. Usually security issues
like vulnerabilities are made up after appearance. To pursue better risk management performance, it is required
to delve into selection of operator based on security approaches for the network and devices.
User: As there has been no secured protection schema for smartphones, users need to be aware of potential
risks to be hooked up and take care of the various security tracks. Besides knowledge of detailed security
protection approaches, users should take care of certain applications like Bluetooth and surfing the Internet
which may possibly expose access to your private information.
Vision: Companies with clear awareness of security requirement can find proper solutions according to them.
While customers expects operators to provide more secure services and even financial activities like mobile
payment and service localization. But an important thing which is different from PC is that some anti-virus
applications are hardware and operation reliable and they cannot support common phones. And this is
promoting deeper cooperation between manufactures, operators and certain security companies.

[Fig. 4] Responsibility for delivering mobile security [17]

98
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

5. Virus Intrusion

Viruses' intrusion behavior only takes few channels for propagation. It's important to be aware of them and
take proper make-up methods. Here some common infection and attack behaviors are listed.

5.1 Trick download

Take CARDBLK as an example, CARDBLK is a Trojan horse-type mobile phone virus once popular in
Europe. Worked on Nokia Symbian S60 operation system, CARDBLK is able to disguise as an application
called InstantSis2.1 which is a popular program packaging tool for program transmit between mobiles. After
installation it will damage the data stored in MMC.
Defense approaches: Do not receive the applications from unknown resources, especially some abnormal ones.
Only download applications from trusted website. Take care of web surfing and link clicking. And install
anti-virus software.

5.2 Infected messages and phone call

This is the major cell phone virus intrusion forms. Virus will issue a string of abnormal characters as short
messages. Or the phone call may display abnormal IDs. Once you take the call or open the messages, it is
infected and the data and setting may be disturbed or changed.
Defense approaches: Do not open or send forward strangers' messages and delete promptly. If keyboard is
locked and dead, take off battery and delete it after reopening phone. If it not works try to delete on another
phone. If the caller's ID is abnormally displayed, do not answer and just turn off the phone.

5.3 Bluetooth

Take Cabir as an example. Cabir is a kind of network worm, and it can infect smartphones with Symbian
operation system. The infected cell phones will scan with Bluetooth to find vulnerable phones within the
territory. It will send the copied one to the found phones. Lasco.A takes the same mechanism for propagation.
It will be initialized when clicked.
Defense approaches: Users With a Bluetooth-supported smartphone can set Bluetooth status attribute to "hide"
to prevent the virus scanning. Pay attention to choose safe and reliable transmission objects when use wireless
transmission features such as Bluetooth, infrared receiver. And do not accept unknown devices' apply for
connection.
99
Smartphone, promising battlefield for hackers

5.4 Data transmission from computer

Win32.SIS.Velasco can works on WIN9X/NT/2000/XP and Symbian operation systems. It is the first virus
that can infect SIS data files on OS Symbian. It contains two parts, one is executable file which can run on
Windows OS, and the other is in SIS format on Symbian OS. On PCs, it will search for SIS files and inert
malware code in SIS files, and when these infected files are transmitted to smartphones and infection happens
when these files opened on phones.
Defense approaches: Before file transmission to phones, scanning the files. Do not open suspicious emails
and websites. Close or delete unnecessary applications as many viruses spread via vulnerabilities.

5.5 Via MMS

Commwarrior.A is the first virus that propagates with MMS （Multimedia Messaging Service） service
which makes it possible to spread worldwide in short time. Once Commwarrior.A is installed, it will make
several copies and send them out according to contact list of the user with MMS service. Besides it can also
scan over Bluetooth like Cabir. And when it is transmitted with MMS, it will show some attractive title such
as "Norton AntiVirus Released now for mobile, install it!"
Defense approaches: When open MMS messages, do not execute the SIS attachment. Delete suspicious
messages soon after received.

6. Case study

In Mobile World Congress 2009, Security Company McAfee presents a report that over half of the mobile
manufactures have met with security events such as malware infections, message spam, etc. and over seventy
percent manufactures thought security is one of the key points for further development. With a more open and
mobile network environment, more complex and disguised security issues may emerge. Mobile version of
malicious programs started to fight to get the gray benefit of handsets from the PC terminals such as money
transfer from account. Already-known SMS.Python.Flocker can transfer about 0.45 to 0.90 dollars to attackers'
account. Financial fraud seems trend of smartphone related attacks. When users are not aware of infection of
phones, tinny financial loss in smartphone supported payment may course direct economic loss.

6.1 Botnet

Botnet is a network combined with infected PCs which is call zombies. With botnet, malware activities like
100
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

mail spamming, DDoS attacks and mail spamming can be launched by botnet.
At the year of 2009, two distinct handset-based botnets merged which indicates smartphones' processing
power is enough for hacker to setup botnet by smartphones' network.
One is based on Symbian operation system which is propagated by Short Messaging Service, and the target
is International Mobile Equipment Identity (IMEI) details for the devices. IMEI is identity of each manufactured
devices, for example, each iPhone has its own IMEI as ID, if most of sailed iPhones' IMEIs are collected, the
sales volume can easily deduced. So this is a kind of business secret leak.
Another one is originated from Australia which can only affect jail-broken iPhones. And later it is adapted
and aimed at the banking customers in the Netherlands. Affected devices send stealed details to a command
and control server in Lithuania.

[Fig. 5] illustration of virus “Sexy Space”

Recently, SMS thread called "Sexy Space" is reported by Symantec in China. This security thread is
generated by SymbOS.Exy.C, varient of "link". It takes enducing spam messages as propagation channel with
titles like "Sexy View", "Sexy Girl" and "Sexy Space" to fishing for click of the link it contains. It is found
in China in Chinese, later English edition appears in the Middle East. One character for botnet is that there is
command and control center. It has estimates that over million users are infected by this virus.

[Fig. 6] Centralized Smartphone Botnet architecture

101
Smartphone, promising battlefield for hackers

[Fig. 7] P2P Smartphone Botnet architecture

All these indicate the high possibility for botnet implementation on power smartphones in the future. Here
we give two prediction frameworks for smartphone botnet, centralized architect and P2P architecture. Figure 6
gives an illustration of possible centralized Smartphone botnet architecture. Communication channel is through
both the Internet and telecom networks. And figure 7 presents a simple P2P Smartphone botnet architecture. In
the real implementation, it may be loosely coupled as the peer list may take advantage of the contact book
within the smartphone.

6.2 DoS

There has been DoS attack experiment achieved in lab by Bluetooth. Because Bluetooth's communication
scale is too small, large scale damage is not possible. But based on security vulnerability DoS attacks can be
raised in other forms. In Chaos Communication Congress 2008, Tobias Engel unveiled the vulnerability [30] on
Nokia S60 devices running versions 2.6, 2.8, 3.0 or 3.1 to stop receiving SMS and MMS messages. If it
received an SMS that begins with an email address more than 32 characters long, these attacked devices will
not receive any SMS or MMS messages. S602.6 and 3.0 was locked after receiving the first message, while
2.8 and 3.0 was locked after receiving 11 messages. And this is later announced as vulnerability from Symbian
operation system. DoS attack to smartphone may through other ways like this other than traditional traffic jams.

6.3 Security Vulnerability

In 2009 Black Hat security conference, security vulnerability on iPhone was unveiled taking advantage of
SMS messaging overflow by two security researchers, Charlie Miller and Collin Mulliner. This flaw can make
attackers take complete control of infected iPhone including the ability to make phone calls, send SMSs, start
recording and steal users' information. Hackers can send messages containing special text characters which will

102
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

cause corruption of memory handling [11] to the operation system. This security vulnerability makes it possible
for iPhones to become controlled bots.
Actually there has been patched vulnerability found in iPhone from version 1.0.0 to version 1.0.1, the web
browser Safari has buffer overflow handling JavaScript and PCRE library. So this patch enhanced HTTP
injection, character font of displayed URL of web pages and application crash when visit malicious web site.
This year PayPal has announced blocking from some web browsers such as some old-version Internet
Explorer, Firefox and Safari for Mac. Safari is browser for iPod and iPhone. As PayPal explained that there
are two requirements for safe web browsers, one is whether it can block known or suspicious fishing website,
and the other is whether it can support Extended Validation (EV) certification. Only those companies reaching
strict global identity validations standards can get EV. So for user of iPhones, they still faced with security
threads from fishing websites because Safari does not support these two protection techniques.

6.4 Financial activity

There are indications that smartphone-based financial activities is increasing, and service providers are seeking
to implement some handset banking applications. Few years ago, there was still low standardization ratio as
various operation systems and application developments did not have standards. It is difficult for hackers to
write virus that can run on many different devices running on different operations systems. With promotion of
various standards like 3G, there are more clear targets for hackers to launch attacks. Although now handset
supported payment and other financial activities only limit to small transactions, with large population the total
amount is attractive enough. Nowadays most payments by handsets use NFC technology which is used to send
data to reader by wireless communication. If this activity gradually takes the position of cards, with no security
protection it raises great security vulnerability. From McAfee's risk report [17], over 79% users still use cell
phone payment with awareness that there's no protection. As to most people now, smartphones are just
regarded as normal communication tool but not as high security needed device.

6.5 Apple iPhone & Google Android

To iPhone and Android platforms, this year will be a tough one. As last year malwares targeted at iPhone
and Android has become more. Although Apple has integrated anti-virus module in the latest operations, the
first worm called Ike was developed and there has been spy malware for Android OS and others for Symbian.
And now the open source development of Androids provides more information for virus development.
Apple iPhone: with larger market share, it may bring intense attacks for pursue of profit from these devices.
Although there has been some simple malwares, it has not become a clear target. And there has been security

103
Smartphone, promising battlefield for hackers

vulnerabilities found on mobile email application and Safari web browser. Users should take care that these
applications are more likely to be fish attacked. Because users need to input the URL by touch-screen, so users
usually more prefer clicking the links in the email. And the Safari used in iPhone cannot automatically display
the inserted URLs in email unless users click them. So it's more difficult for users to know the direction of
the links such as whether it is a false bank website. Safari can only display part of the URL in the address
bar which makes website disguise more easily. Compared with other smartphones, iPhone users are more
possible to be attacked as smooth web surfing experience really attracts more customers for surfing the Internet
and visiting some video or media sharing websites, shopping malls, blogs and some web communalities. Other
functions like music downloading and GPS and some online web games disguise more potential threads.
Google Android: Take -Mobile G1 for example, its web browser was also found security vulnerabilities [24].
Another concern is that Google is more open to various applications, and this may provide channel for
malware applications' spread. At the beginning of release, pursue of the targeted malware is not profit. But as
the user population grows large, it may goes like attack on Mac OS X, which may thread the applications on
Macbook and iPhone [25]. If there is loose management of third-party applications, the device is exposed to
more threaten. Recently Spanish network Security Company S21Sec has found virus in HTC Magic based on
Google Android operation system. And at the same month Panda has detected autorun.inf, autorun.exe, worm
Conficker, and Tryon Lineage spy malware on smartphone HTC Magic. These all indicates there may be tough
anti-virus war on Android platform.

7. Defense Approaches

Common protection solution is anti-virus programs. Similar like anti-virus programs on PCs it can monitor
suspicious applications and files modifying. But compared with PC's operation system, smartphones' operation
systems are more complex and the anti-virus program needs to adjust to different operations.
The concept of the cloud security is recently raised by several anti-virus companies, and this concept has
already been implemented in computer's anti-virus programs. It will provide better service with fast reaction
when new virus emerges and more complete virus signature library for virus scanning segment. Also this
concept can be implemented on smartphone antivirus programs with fast speed networks.
To a company the information security they concerned is usually about the connection local VLAN and
Internet and data security of desktops and notebooks. Because smartphones now also works as business tools
and some secret business information is also stored in these devices, security sector need to take smartphone
into consideration.

7.1 Antivirus programs on Smartphone

104
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

o Virus scanning technique

The main technique for virus scanning is signature abstraction and matching. With the limits of computation
power, memory and the battery power, efficiency of the scanning engine is very important because users cannot
stand too long scanning time or too much battery consumption. Another key problem is to solve extension to
adapt the growing virus sample library. Library scale grows as more virus samples are added to the library.
One extension feature is that scanning time may not increase with library expansion.

o Real time monitor

Real time monitor will secure the smartphones' safe model with instant action when viruses try to intrude
the system. Just like fire walls running on PCs, it's a Daemon program with no contradiction with other
applications. And it works only when devices receive messages or local files update. This monitor program will
guard against virus intrusion from various channels such as Bluetooth, infrared, SMS, GPRS, etc.

o Data Restore after infection

Some private or important data may be stored in smartphones, when these data is infected by virus. Deletion
is not what users expect. Some infected application may need restoration. So it is meaningful feature that the
virus sector can be recognized and deleted to restore the former data.

o Online update

Online updating is composed by two features, virus sample library and system updating through wireless
communication such as GPRS, SMS and MMS.
The virus category's completeness will decide the effectiveness and security level of an anti-virus program.
So convenience and fast updating platform for virus sample library is basic requirement to catch up with latest
viruses.
On the other hand, updating of software is essential too, including the scanning engine and other
components. When there is higher version, notice and fast updating provide better user experience and more
secure protection.

105
Smartphone, promising battlefield for hackers

[Fig. 8] Cloud Security Architecture

7.2 Cloud Security

Anti-virus programs runs on Smartphone are more complex than on PCs, and there are more limitations
about processing performance. The prime objective is efficiency with lower overhead because the hardware
cannot support too complex anti-virus engine.
Based on combinations of signature, behavior analysis, and community thread reporting applications running
with cloud, cloud security mechanism is better than scanning techniques only based on virus signature library.
When user receives a suspicious file like a encrypted file or package, while the local database do not have
the signature, so it may send the file's signature to a security service center, and with more powerful
computation, the testing of this suspicious file's signature will be finished almost instantaneous. If it is a
malware, then feedback of warning will send back to user for blocking this malware.
iPhone has implement application named Trend ? Smart Surfing For iPhone which will help to defense
against web thread and crime for iPhone and iPod touch. This application is component of Cloud Security of
Trend Micro. Taking advantage of web reputation assessment techniques it can block suspicious website that
contains malware pages so it can prevent private information leaking or data stealing. Actually this is part of
the concept implementation about cloud computing which make the damage minimized.

7.3 Info- sec management within company

With more powerful handsets, companies are faced with more challenges about info-sec management.
Different smartphones will have different data assessing policies including Apple iPhone, RIM BlackBerry, WM,
106
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

Google Android and Palm Pre, etc. Their security level will be decide according to clear information security
requirement as smartphones may work as substitute or assistant device of notebooks. So they also need
protection and management just like desktops or notebooks. In most companies there has been IT security
management concerned about notebooks, and these management techniques can be the basics of the smartphone
security management. And the information stored in the smartphone is an important factor for security
evaluation. And another aspect is who should take the responsibility for security, the user who takes the
contract or the company may implement centralized management for the private business data. So if a company
takes the responsibility, it should control all aspects from purchasing to service and security policies.
The smartphones that may access business data have different protection mechanisms according to data
contents. There are several choices such as power-on password and data deletion after continuous failure of
login, essential data encryption and remote control system for data management. Besides, there should be tight
control for installed applications such as white list or black list to block some applications that contains
security vulnerabilities. But this is still not enough to provide complete protection against some dangerous
applications. More strict evaluations for these applications need certifications as the applications can get the
certifications after strict evaluation of companies or the device manufactures. So those third-party applications
that contain viruses cannot get the certification. This will provide more secure protection as applications are
properly evaluated and controlled. Also data access rights management system can work in smartphone
management, in this way it can block unauthenticated users' data access. And this authentication mechanism can
cancel or reset certain user's rights.
Email and Internet access are still the headache for intrusion from third-party applications and virus. So
access control between local network and Internet is necessary. Website filters will access the agents by VLAN
and this control model can work within the company's network.
These private VLAN can access to inner network and business software. Another choice is localized filtering
applications with less centralized management.
Actually the feature of data synchronization with Desktop system also brings security thread as this is a
possible channel for info leak and remote control. When more computerized smartphone entry a company
all-fledged security management is a fundamental requirement as it not only brings continence but also potential
thread.

8. Summary

Besides basic functions like voice communication and message service, Smartphone today is more like
portable PCs with support of hardware such as processor and data storage techniques. It's a trend of future
with combination of business assistant feature and multimedia entertainment applications. And operation systems

107
Smartphone, promising battlefield for hackers

become standardized and user population grows rapidly across the world. With faster access to Internet and
other communication channels, more vulnerability is exposed to this open network environment. While as its
functions become broader except of communication such as identification and digital bank's connection, these
potential profits stored in these handsets are far beyond user's imagination. Open network, easy access,
standardized platforms and open source development also bring security threads such as virus, fishing, spam
mail and message, data stealing, even attacks like botnet. All the attacks that have appeared on PCs are
migrating to this young and vibrant communication platform.

9. Acknowledgement

This work was supported by the IT R&D program of MKE/KEIT.[KI001862, Development of

Security-Quality Guarantee Technology in Resilient Networks]

Reference

[1] Chuanxiong Guo, Helen J. Wang, Wenwu Zhu, (2004) Smart-Phone Attacks and Defenses

[2] Jerry Cheng, Starsky H.Y. Wong, Hao Yang and Songwu Lu Dept. of Computer Science, UCLA (2007)
SmartSiren: virus detection and alert for smartphones

[3] Sandra Kay Miller, Facing the Challenge of Wireless Security, Technology news.

[4] R Ballagas, J Borchers, M Rohs, JG Sheridan - IEEE Pervasive Computing, (2006) The smartphone: a
ubiquitous input device

[5] Neal Leavitt, "Mobile Phones: The Next Frontier for Hackers?" Computer, vol. 38, no. 4, pp. 20-23, Apr. 2005

[6] Dalian, Liaoning, 2009 Eighth International Conference on Mobile Business, Towards Understanding Dynamics
of Mobile Phone Worm Propagation Using Social Network Analysis

[7] http://msdn.microsoft.com/zh-cn/windowsmobile/default.aspx

[8] The Future of Threats and Threat Technologies How the Landscape Is Changing A Trend Micro Report,
December 2009

[9] http://www.netqin.com

[10] 2009 Smartphone Consumer Market Research Report

(http://trendmicro.mediaroom.com/index.php?s=23&item=503)

[11] http://www.tuaw.com/2009/07/30/security-researchers-to-unveil-iphone-sms-vulnerability -later-to/

[12] About the security content of iPhone OS 3.1 and iPhone OS 3.1.1 for iPod touch
http://support.apple.com/kb/HT3860[13]
http://arstechnica.com/gadgets/news/2010/02/iphone-and-android-biggest-winners-in-mobile-market -in-2009.ars

108
 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 1호 2011년 2월

[14] http://en.wikipedia.org/wiki/Bluebugging

[15] http://en.wikipedia.org/wiki/Bluesnarfing

[16] Gary Legg (2005-08-04). The Bluejacking, Bluesnarfing, Bluebugging Blues: Bluetooth Faces Perception of
Vulnerability

[16] Microsoft Corporation. Windows Mobile-based Smartphones

http://www.microsoft.com/windowsmobile/smartphone/default.mspx.

[17] McAfee mobile security report 2008 http://www.mcafee.com/

[18] C. Guo, H. J. Wang, and W. Zhu. Smart-phone attacks and defenses. In HotNets III, 2004.

[19] P. Traynor, W. Enck, P. McDaniel, and T. L. Porta. Mitigating attacks on open functionality in sms-
capable cellular networks. In ACM MobiCom '06.

[20] A. Bose and K. G. Shin. On mobile viruses exploiting messaging and bluetooth services. In SecureComm 06.

[21] S.J. Vaughan-Nichols. OSs battle in the smart-phone market. IEEE Computer, 36(6), 2003.

[22] Harri Honkasalo, Kari Pehkonen, Markku T. NieMi, and Anne T. Leino. WCDMA and WLAN for 3G and
Beyond. IEEE Wireless Communication Magazine, April 2002.

[23] Kaspersky Labs. Viruses move to mobile phones, 2004. http://www.kaspersky.com/news?id=149499226.

[24] http://www.nytimes.com/2008/10/25/technology/internet/25phone.html?_r=1

[25] http://www.sophos.com/blogs/gc/g/2008/11/03/guest-blog-will-hackers-make-the-iphone-an-iph0wn/

[26] P. Traynor, W. Enck, P. McDaniel, and T. L. Porta. Mitigating attacks on open functionality in sms-
capable cellular networks. In ACM MobiCom '06.

[27] P. Zheng and L.M. Ni, Smart Phone and Next Generation Mobile Computing, Morgan Kaufmann, 2005

[28] D. Dagon, T. Martin and T. Starner, "Mobile Phones as Computing Devices: The Viruses are Coming!"
http://doi.ieeecomputersociety.org/10.1109/MPRV.2004.21, IEEE Pervasive Computing, vol. 3, no. 4, 2004,
pp. 11-15.

[29] Toninelli, A. ; Montanari, R. ; Lassila, O. ; Khushraj, D. ; What's on Users' Minds? Toward a Usable
Smart Phone Security Model Pervasive Computing, IEEE April-June 2009

[30] "Curse of Silence" exploit prevents Nokia S60 phones from receiving SMS/MMS
http://www.unwiredview.com/2008/12/30/curse-of-silence-exploit-prevents-nokia-s60-phones-from-receiving-smsmms/

109
Smartphone, promising battlefield for hackers

Authors

Bo Li
2009 : Shanghai Jiao Tong University, China. BS
2009.7~Now : Hanyang University, South Korea. MS
Research interests : malware binary analysis, smartphone security, antivirus
techniques

Eul-Gyu Im
1992 : Seoul National University. BS
1994 : Seoul National University. MS
2002 : University of Southern California. PHD
2010.8~Now : Hanyang University, Assistant Professor
Research interests : malware traffic analysis, malware binary analysis, RFID
security, and SCADA security

110