...continued from Part 1
The threat model
Malicious mobile device hackers have a variety of goals. Foremost is monetary gain, but retribution, anarchy, curiosity and perceived public good can all be part of the motivation. The attackers can be grouped by resource levels and goals, as illustrated in table 1.
Table 1: An example of how mobile security attackers can be categorised by resources and goals.
Understanding the motivation of a hacker highlights that a good mobile security strategy must not only defend both against specific mobile threats, but also more generic threats such as reputational or ethical attacks. These could have an increased prevalence on the dynamic mobile market as end users must 'trust' that their mobile services will operate securely and without risk, personal corruption / financial loss or impact on civil rights and privacy.
By identifying potential threats, it is clear that attacks involving direct physical contact - the theft and borrowing of a mobile device - are limited due to lack of scalability and ease of 'blocking' the phone.
With iOS and Android releasing updates roughly every six and 12 weeks respectively, it is important to appreciate the drivers and rate of software and hardware platform changes within the smartphone industry.
Given this natural rate of flux and unpredictability, it is perfectly reasonable to expect app security updates several times a year. Mobile phone app stores ensure that users are sufficiently reminded and motivated to install updates by promoting new features and fixing issues related to new OS versions.
Detecting and managing attacks
Once an app service is launched, the appropriate measurement techniques need to be implemented to ensure a malware attack is detectable, as illustrated in figure 1.
Figure 1: Techniques for monitoring mobile app attacks.
A key benefit of this industry is the digital records that are automatically created. This means that if a malicious app is downloaded that uses privilege escalation from an app store, the store provider can share a list of all users who have downloaded both the authentic app and the malicious app. This enables a targeted security warning to be issued.
Malware infecting an OS via a browser drive-by attack (where the user is infected automatically upon visiting a website due to a browser vulnerability) will not be as easy to contain, but should be less frequent as it requires two exploits together: one to seize control through the web browser, and a second to exploit root privileges. A root exploit is a process that allows an attacker to attain full administrative control of an OS subsystem by circumventing the security policies set by the OS manufacturer. Root exploits require countermeasures to be deployed to limit the ability of the malware to steal credentials until the OS vendor can amend the vulnerability and affected users can recover their phones.
The mobile and app developer community is investing resources to advance new hardware-backed security features. For example, the Trusted Platform Modules (TMP) developed by the Trusted Computing Group, or GlobalPlatform's TEE architecture, which may also comprise the use of secure elements (SEs), a tamper-resistant platform capable of securely hosting apps and their confidential and cryptographic data (e.g. key management). There are also proprietary crypto processors, such as those found in the iPhone.
While security measures take advantage of these emerging technologies, it is important to recognise two caveats.
So, how can app security be effectively managed today and in the future?
All developers need to ensure that an app offers a sufficient level of protection against malware, borrowed phones and reputational attacks on all supported platforms including, but not limited to, iOS and Android, which are very different in design.
To achieve this they need to:
Based on the above points, Cryptomathic assists its clients in developing evolutionary mobile security strategies and provides tailored solutions to enhance app security and support future technologies, without the need to invest time and costs redeveloping apps to support changing requirements. This ensures that mobile apps and their security framework remains future-proofed and requires fewer resources to manage long-term.