Mobile Information Warfare: A Countermeasure to Privacy Leaks Based on SecureMyDroid
Mobile device privacy is becoming increasingly important, as business information and personal information moves from personal computer to laptop and handheld devices. These data, enhanced with the raising computational and storage power of current mobile devices, lead to prefigure an enlarged scenario, where people will use massively smartphones for daily activities, regardless they are personal affairs or work. Hence, mobile devices represent an attractive target for attacks to the privacy of their owners. In particular, SpyPhone applications represent a big concern for confidential activities, acting as a bug and menacing both voice calls and data exchanged/stored mainly in form of text and multimedia messages and electronic mails. This paper proposes a new methodological approach to protect mobile devices from threats related to the privacy of mobile device owner. In particular, we suggest the cooperation of SecureMyDroid, a customized release of the Android OS, and the open source forensic tool Mobile Internal Acquisition Tool, to prevent privacy leaks related to SpyPhone applications attacks. Experimental results show the suitability of the proposed strategy in order to support the detection of SpyPhone application installed on the mobile device.
KeywordsMobile Device File System Text Message Privacy Leak Privacy Threat
- 1.Gartner, Inc. “Gartner Says Worldwide Mobile Phone Sales Grew 17 Per Cent in First Quarter 2010”, Press Releases, May 19, 2010 http://www.gartner.com/it/page.jsp?id=1372013.
- 2.J. Mottl, My Cellphone, My Everything…, internetnews.com, Jupitermedia Corporation, March 14, 2008, http://www.internetnews.com/mobility/article.php/3734366
- 3.S. Perelsonl and R. Botha, “An investigation into access control for mobile devices,” in Proceedings of the 4th annual ISSA Information Security Conference, June 2004.Google Scholar
- 4.Distefano, G. Me, An overall assessment of Mobile Internal Acquisition Tool, Proc. of 2008 Digital Forensic Research Workshop (DFRWS), Elsevier Journal of Digital Investigation 2008, vol. 5, pp. 121–127.Google Scholar
- 5.A. Distefano, A. Grillo, A. Lentini and G. F. Italiano. “SecureMyDroid: Enforcing Security in the Mobile Devices Lifecycle”, 6th Annual Cyber Security and Information Intelligence Research Workshop, CSIIRW, April 21 - 23, 2010, Oak Ridge, TN, USA.Google Scholar
- 6.M. Breeuwsma, Forensic Imaging of Embedded Systems Using JTAG (Boundary-Scan), Digital Investigation, Volume 3, Issue 1, 2006, pp. 32–42.Google Scholar
- 7.S. Willassen, Forensic Analysis of Mobile Phone Internal Memory, IFIP WG 11.9 International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, February 13-16, 2005, in Advances in Digital Forensics, Vol. 194, Pollitt, M.; Shenoi, S. (Eds.), XVIII, 313 p., 2006.Google Scholar
- 8.Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt, Addison-Wesley Professional, 2007.Google Scholar
- 9.Sir P. Kennedy, Report of the Interception of Communications Commissioner for 2008, July 21, 2009.Google Scholar
- 10.Italian Parliamentary Committee for the Security of the Republic (COPASIR), Annual Report, July 29, 2009 available on line in Italian.Google Scholar
- 11.R. Bertè, F. Dellutri, A. Grillo, A. Lentini, G. Me, V. Ottaviani, “Fast smartphones forensic analysis results through MIAT and Forensic Farm”, International Journal of Electronic Security and Digital Forensics, IJESDF, Inderscience, Vol. 2, No. 1, 2009, PP. 18–28.Google Scholar
- 12.A. Distefano, A. Grillo, A. Lentini, G. Me, and D. Tulimiero, “Mobile Forensics Data Integrity Assessment by Event Monitoring”, Small Scale Digital Device Forensic Journal (SSDDFJ) http://www.ssddfj.org.