Study into the Implications of Smartphone Operating System Security

Recommendations

Info

Study into the implications of Smartphone operating system security 3. App revocation (aka kill-switch): Smartphone platforms should support remote removal of installed apps by app stores. 4. Device security: Includes supporting sandboxes to install and run apps “to reduce the impact of malware”. 5. Jails (or walled gardens): This is closing the sideloading feature. ENISA recommends that “the Smartphone should either be blocked from using untrusted app stores or , for expert users, present clear warnings about installing from untrusted sources”. An investigation and security analysis into ‘sideloading’ mobile apps Key Findings The “sideloading” of mobile apps is defined as a user installing an app without using the official platform app store or app market. The ability to install mobile apps from outside of the ‘official’ platform app stores is only officially supported on one Smartphone operating system, Google’s Android. By allowing a user to install an app from any source you break this model and as a result greatly increase security risk. Most Android devices will be delivered ‘out-of-the-box’ with the option to sideload turned off. Recommendations Educate consumers as to the risks of sideloading mobile apps onto their devices This is also related to Jailbreaking Apple iOS devices and consumers should be persuaded not to jailbreak their Apple Smartphones as this removes most of the inbuilt security protection that iOS offers Working with UK MNOs to ensure that sideloading, by default, is switched off Liaising with Google to determine whether there are other workable ways to support thirdparty Android app stores that improves security and doesn’t impact their app distribution business model Goode Intelligence © 2013 P a g e | 27 www.goodeintelligence.com
Study into the implications of Smartphone operating system security 1. THE EMERGING THREAT TO CONSUMERS Overview Smartphones have become the remote controls for our ever-important digital lives. We rarely let them out of our sight, even when we are asleep, and perform much of our daily activities on them. Smartphones access and store much of our digital lives, both personal and business. Smartphones and tablet computers have become the dominant digital device and we now preform much of our social networking, shopping, messaging (iOS has become the number one client for email replacing Microsoft Outlook), banking and business activities on them. There is also a question whether consumers have changed their risk behaviour to adapt to how we are using Smartphones. Tony Neate, CEO, Get Safe Online, believes it has taken many years for consumers to change their behaviour to adapt to using desktop-based electronic services but “with mobile we have a whole new mountain to climb”. Neate feels that “there is a different behaviour when we use our Smartphones to that of desktop computers” and a “new behavioural change is required”. 11 With this increasing reliance on Smartphones comes the possibility of increasing threats and security risk. These threats will replicate what has already been experienced with other forms of information technology (as Smartphone operating systems have commonality with other systems, e.g. Linux Kernel and WebKit) but we shall also see other, mobile-specific, threats that will probe for weaknesses in unique characteristics that Smartphones support. For instance: Accurate location based services, using a combination of GPS and GSM location data to accurately pinpoint where a device and its owner are Faster network access through 4G (LTE) and future fast radio-based networks Using a Smartphone as a payment source either at the physical Point-of-sale (POS) using Near Field Communications (NFC) or using other mobile payment solutions for in-app payment/billing and peer-to-peer (P2P) payment between one device and another Capturing biometric data via embedded sensors such as fingerprint readers, conventional and bespoke cameras for facial, iris and retinal scanning, in-built microphones for capture of voiceprints (some of which can be captured by an in-built voice sensor) and sensors to capture and record other biometrics such as pulse, blood pressure and electrocardiogram (ECG) Goode Intelligence believes that the threats to Smartphone consumers can be broken down into these main areas: Lost and stolen Smartphones 11 Tony Neate interview with Goode Intelligence, 15 th March 2013. Goode Intelligence © 2013 P a g e | 28 www.goodeintelligence.com
Page 1 and 2: www.goodeintelligence.com £ Study
Page 3 and 4: Study into the implications of Smar
Page 27: Study into the implications of Smar
Page 79 and 80:
Study into the implications of Smar
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
show all

Study into the Implications of Smartphone Operating System Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?