Practical Unix and Internet security (2nd ed.)
Practical Unix and Internet security (2nd ed.)
Object-oriented software construction (2nd ed.)
Object-oriented software construction (2nd ed.)
Securing Java: getting down to business with mobile code
Securing Java: getting down to business with mobile code
Specification of the Javacard API in JML
Proceedings of the fourth working conference on smart card research and advanced applications on Smart card research and advanced applications
Software Security: Building Security In
Software Security: Building Security In
On attack causality in internet-connected cellular networks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Secure programming with static analysis
Secure programming with static analysis
Understanding Android Security
IEEE Security and Privacy
Bauhaus: a tool suite for program analysis and reverse engineering
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
Hi-index | 0.00 |
More and more functionality is provided by mobile phones today; this trend will continue over the next years. However, with the increasing functionality new risks go along. This not only applies to security-critical mobile applications such as m-banking or m-commerce applications. The end user's privacy may also be in danger or the operator may be the target of an attack. In this paper, we discuss security risks introduced by mobile phones considering the perspectives of the different parties involved in telecommunications systems. Specifically, we demonstrate those risks by means of a security hole discovered in a large number of mobile phones. The security hole can be exploited to obtain manufacturer or even operator permissions. In particular, we implemented a Java-based Trojan horse. This way, the compromised mobile phone can be used as an eavesdropping device by an attacker. All in all, this demonstrates that the risks are not only theoretical, but also real. We also sketch a methodology for the security analysis of mobile phone software.