Survey on Reverse-Engineering Tools for Android Mobile Devices

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

Download Full-text

A Taxonomy for Security Flaws in Event-Based Systems

Applied Sciences ◽

10.3390/app10207338 ◽

2020 ◽

Vol 10 (20) ◽

pp. 7338

Author(s):

Youn Kyu Lee ◽

Dohoon Kim

Keyword(s):

Mobile Applications ◽

Web Applications ◽

Communication Model ◽

Security Threats ◽

Security Attacks ◽

Security Vulnerabilities ◽

Physical Systems ◽

Security Issues ◽

Event Based ◽

The Relationship

Event-based system (EBS) is prevalent in various systems including mobile cyber physical systems (MCPSs), Internet of Things (IoT) applications, mobile applications, and web applications, because of its particular communication model that uses implicit invocation and concurrency between components. However, an EBS’s non-determinism in event processing can introduce inherent security vulnerabilities into the system. Multiple types of attacks can incapacitate and damage a target EBS by exploiting this event-based communication model. To minimize the risk of security threats in EBSs, security efforts are required by determining the types of security flaws in the system, the relationship between the flaws, and feasible techniques for dealing with each flaw. However, existing security flaw taxonomies do not appropriately reflect the security issues that originate from an EBS’s characteristics. In this paper, we introduce a new taxonomy that defines and classifies the particular types of inherent security flaws in an EBS, which can serve as a basis for resolving its specific security problems. We also correlate our taxonomy with security attacks that can exploit each flaw and identify existing solutions that can be applied to preventing such attacks. We demonstrate that our taxonomy handles particular aspects of EBSs not covered by existing taxonomies.

Download Full-text

Information Leakage Prevention Model using MultiAgent Architecture in a Distributed Environment

Volume 5 - 2020, Issue 9 - September - International Journal of Innovative Science and Research Technology ◽

10.38124/ijisrt20aug596 ◽

2020 ◽

Vol 5 (8) ◽

pp. 1226-1229

Author(s):

Alese Boniface Kayode ◽

Adewale Olumide Sunday ◽

Alowolodu Olufunso Dayo ◽

Adekunle Adewale Uthman

Keyword(s):

Mobile Devices ◽

Information Leakage ◽

Data Loss ◽

Multi Agent Systems ◽

Distributed Environment ◽

Control Data ◽

Agent Systems ◽

Security Issues ◽

Prevention Model ◽

Multi Agent

Various cases of leakage of sensitive files such as confidential report and privacy documents of customers and staff have been reported mistakenly sent via email, leaked through unprotected USB Sticks and mobile devices. Multi-agent systems have experienced growing acceptance and importance as distributed systems become more widespread. The most common issues of this system are security in term of vulnerability of documents. This research address the security issues of a multi-agent in a distributed environment providing a data leakage prevention model that effectively control data leakage, data loss and data theft from an insider.

Download Full-text

Mobile Security and Penetration Testing

International Journal of Advanced Research in Science, Communication and Technology ◽

10.48175/ijarsct-2215 ◽

2021 ◽

pp. 455-460

Author(s):

Harsh Makadia ◽

Jainish Kotadia

Keyword(s):

Mobile Devices ◽

Mobile Applications ◽

Mobile Security ◽

Assessment Model ◽

Sensitive Information ◽

Security Risk ◽

Daily Lives ◽

Penetration Testing ◽

Desktop Computers ◽

Security Risk Assessment

This document offers data involving mobile security exploitation penetration testing. Compared to desktop computers the expansion of mobile devices is tremendous in this years. Mobile de- vices are integrated into daily activities of people’s life. Mobile Applications became a part of our daily lives in order that virtually each internet or desktop application may be executed from a smartphone i.e. social networking, online banking, gaming applications and many others. This document also includes about different types of Mobile security threats, Types of penetration testing, Phases of penetrating testing, Principles of testing and Security risk assessment model. Due to the expansion of mobile devices now a days, it opens vast scope for attackers to steal sensitive information or to perform other kinds of attacks on these devices . The main purpose is to know the vulnerability and technics that ac- customed to find vulnerabilities in mobile applications. In the paper we have studied differing kinds of security risks concerned in mobile devices and mobile applications and regarding varied defensive mechanism to stop these security risk in mobile devices.

Download Full-text

The Dangers of Rooting: Data Leakage Detection in Android Applications

Mobile Information Systems ◽

10.1155/2018/6020461 ◽

2018 ◽

Vol 2018 ◽

pp. 1-9 ◽

Cited By ~ 2

Author(s):

Luca Casati ◽

Andrea Visconti

Keyword(s):

Mobile Devices ◽

Sensitive Information ◽

Leakage Detection ◽

Improve Performance ◽

Security Issues ◽

Man In The Middle ◽

The World ◽

Unrestricted Access ◽

User Access ◽

Android Applications

Mobile devices are widely spread all over the world, and Android is the most popular operative system in use. According to Kaspersky Lab’s threat statistic (June 2017), many users are tempted to root their mobile devices to get an unrestricted access to the file system, to install different versions of the operating system, to improve performance, and so on. The result is that unintended data leakage flaws may exist. In this paper, we (i) analyze the security issues of several applications considered relevant in terms of handling user sensitive information, for example, financial, social, and communication applications, showing that 51.6% of the tested applications suffer at least of an issue and (ii) show how an attacker might retrieve a user access token stored inside the device thus exposing users to a possible identity violation. Notice that such a token, and a number of other sensitive information, can be stolen by malicious users through a man-in-the-middle (MITM) attack.

Download Full-text

Security and Cost-Aware Computation Offloading via Deep Reinforcement Learning in Mobile Edge Computing

Wireless Communications and Mobile Computing ◽

10.1155/2019/3816237 ◽

2019 ◽

Vol 2019 ◽

pp. 1-20 ◽

Cited By ~ 6

Author(s):

Binbin Huang ◽

Yangyang Li ◽

Zhongjin Li ◽

Linxuan Pan ◽

Shangguang Wang ◽

...

Keyword(s):

Reinforcement Learning ◽

Mobile Devices ◽

Mobile Applications ◽

Mobile User ◽

Edge Computing ◽

Computation Offloading ◽

Security Threats ◽

Mobile Edge Computing ◽

Computing Environment ◽

Markov Decision

With the explosive growth of mobile applications, mobile devices need to be equipped with abundant resources to process massive and complex mobile applications. However, mobile devices are usually resource-constrained due to their physical size. Fortunately, mobile edge computing, which enables mobile devices to offload computation tasks to edge servers with abundant computing resources, can significantly meet the ever-increasing computation demands from mobile applications. Nevertheless, offloading tasks to the edge servers are liable to suffer from external security threats (e.g., snooping and alteration). Aiming at this problem, we propose a security and cost-aware computation offloading (SCACO) strategy for mobile users in mobile edge computing environment, the goal of which is to minimize the overall cost (including mobile device’s energy consumption, processing delay, and task loss probability) under the risk probability constraints. Specifically, we first formulate the computation offloading problem as a Markov decision process (MDP). Then, based on the popular deep reinforcement learning approach, deep Q-network (DQN), the optimal offloading policy for the proposed problem is derived. Finally, extensive experimental results demonstrate that SCACO can achieve the security and cost efficiency for the mobile user in the mobile edge computing environment.

Download Full-text

AI-empowered IoT Security for Smart Cities

ACM Transactions on Internet Technology ◽

10.1145/3406115 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1-21

Author(s):

Zhihan Lv ◽

Liang Qiao ◽

Amit Kumar Singh ◽

Qingjun Wang

Keyword(s):

Smart City ◽

Information Exchange ◽

Smart Cities ◽

Signal Transmission ◽

Security Threats ◽

Security Issues ◽

Backoff Algorithm ◽

Wireless Communication Protocol ◽

User Data ◽

New Generation

Smart cities fully utilize the new generation of Internet of Things (IoT) technology in the process of urban informatization to optimize the urban management and service. However, in the IoT system, while information exchange and communication, wireless sensor network devices may not be able to resist all forms of attacks, which may lead to security issues such as user data disclosure. Aiming at the information security risks in smart city, the typical technologies in IoT is analyzed from the perspective of IoT perception layer and provides corresponding security solutions for the existing security threats. Regarding the communication security, the emerging wireless technology, long range (LoRa), is discussed, and the performance of wireless communication protocol is analyzed through simulation experiments, to verify that the IoT technology based on LoRa communication technology can improve the security of the system in the construction of smart city. The results show that REBEB, a new backoff algorithm, is similar to the binary exponential backoff algorithm in terms of throughput performance. REBEB focuses more on fairness, which is up to 0.985, and to a certain extent, its security is significantly improved. The fairness of REBEB algorithm is more than 0.4 in different nodes and competing windows, and the fairness of the system is better when the number of nodes is small. To sum up, the IoT system based on LoRa communication can effectively improve the security performance of the system in the construction of smart city and avoid the security threats in the IoT signal transmission.

Download Full-text

Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2018-0036 ◽

2018 ◽

Vol 2018 (4) ◽

pp. 141-158 ◽

Cited By ~ 3

Author(s):

Pavel Lifshits ◽

Roni Forte ◽

Yedid Hoshen ◽

Matt Halpern ◽

Manuel Philipose ◽

...

Keyword(s):

Mobile Devices ◽

Sampling Rate ◽

Information Leakage ◽

Primary Sources ◽

Covert Channel ◽

Sensitive Information ◽

Web Browser ◽

Open World ◽

Fine Grain ◽

Remote Server

Abstract Mobile devices are equipped with increasingly smart batteries designed to provide responsiveness and extended lifetime. However, such smart batteries may present a threat to users’ privacy. We demonstrate that the phone’s power trace sampled from the battery at 1KHz holds enough information to recover a variety of sensitive information. We show techniques to infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique that establishes a covert channel from the battery to a remote server via a web browser, these attacks turn the malicious battery into a stealthy surveillance device. We deconstruct the attack by analyzing its robustness to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU or DRAM power traces alone are sufficient to distinguish between different websites. However, the CPU and power-hungry peripherals such as a touchscreen are the primary sources of fine-grain information leakage. We consider and evaluate possible mitigation mechanisms, highlighting the challenges to defend against the attacks. In summary, our work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this emerging threat.

Download Full-text

Models of Privacy and Security Issues on Mobile Applications

Mobile Platforms, Design, and Apps for Social Commerce - Advances in E-Business Research ◽

10.4018/978-1-5225-2469-4.ch006 ◽

2017 ◽

pp. 84-105

Author(s):

Lili Nemec Zlatolas ◽

Tatjana Welzer-Druzovec ◽

Marjan Heričko ◽

Marko Hölbl

Keyword(s):

Mobile Applications ◽

Research Topic ◽

Smart Phones ◽

Smart Devices ◽

Important Research ◽

Privacy And Security ◽

Security Issues ◽

The Past ◽

Important Research Topic ◽

User Data

The development of smart phones and other smart devices has led to the development of mobile applications, which are in use frequently by the users. It is also anticipated that the number of mobile applications will grow rapidly in the next years. This topic has, therefore, been researched highly in the past years. Mobile applications gather user data and that is why privacy and security in mobile applications is a very important research topic. In this chapter we give an overview of the current research on privacy and security issues of mobile applications.

Download Full-text

Application Security for Mobile Devices

Handbook of Research on Innovations in Systems and Software Engineering - Advances in Systems Analysis, Software Engineering, and High Performance Computing ◽

10.4018/978-1-4666-6359-6.ch022 ◽

2015 ◽

pp. 562-588

Author(s):

Gabriele Costa ◽

Aliaksandr Lazouski ◽

Fabio Martinelli ◽

Paolo Mori

Keyword(s):

Social Network ◽

Mobile Devices ◽

Mobile Phones ◽

Mobile Applications ◽

Scientific Literature ◽

Personal Data ◽

Application Security ◽

E Mail

In these last years, mobile devices, such as mobile phones and tablets, have become very popular. Moreover, mobile devices have become very powerful and commonly run fairly complex applications such as 3D games, Internet browsers, e-mail clients, social network clients, and many others. Hence, an adequate security support is required on these devices to avoid malicious application damage or unauthorized accesses to personal data (such as personal contacts or business email). This chapter describes the security support of the current commercial mobile devices along with a set of approaches that have been proposed in the scientific literature to enhance the security of mobile applications.

Download Full-text