Mobile Handsets A Panoramic Overview.ppt by tongxiamy

VIEWS: 33 PAGES: 31

									        Mobile Handsets:
      A Panoramic Overview
     Adam C. Champion and Dong Xuan
Department of Computer Science & Engineering
         The Ohio State University
               January 6, 2011
                 Outline
•   Introduction
•   Mobile Handset Architecture
•   Mobile Handset Operating Systems
•   Networking
•   Applications
•   Mobile Handset Security
     Mobile Handset Definition
• Mobile handsets
  (mobiles): electronic
  devices that provide
  services to users:
   – Internet
   – Games
   – Contacts
• Form factors: tablets,
  smartphones, consoles
• Mobile: your next
  computer system
   Mobile Handsets: Business
• Meteoric sales and growth:
  – Over 4 billion mobile phone users [1]
  – Over 5 billion mobile phone subscriptions [2]
    (some people have multiple phones)
  – Mobile handsets & industries: $5 trillion [3]
• Mobile phones are replaced every 6
  months in S. Korea (just phones) [4]
• We can’t ignore these numbers
• Note: mobiles are computer systems
What’s Inside a Mobile Handset?




             Source: [5]
       Handset Architecture (1)
• Handsets use several hardware components:
  –   Microprocessor
  –   ROM
  –   RAM
  –   Digital signal processor
  –   Radio module
  –   Microphone and speaker
  –   Hardware interfaces
  –   LCD display
    Handset Architecture (2)
• Handsets store system data in
  electronically-erasable programmable
  read-only memory (EEPROM)
  – Mobile operators can reprogram phones
    without physical access to memory chips
• OS is stored in ROM (nonvolatile memory)
• Most handsets also include subscriber
  identity module (SIM) cards
    Handset Microprocessors
• Handsets use embedded processors
  – Intel, ARM architectures dominate market.
    Examples include:
     • BlackBerry 8700, uses Intel PXA901 chip [6]
     • iPhone 3G, uses Samsung ARM 1100 chip [7]
  – Low power use and code size are crucial [5]
  – Microprocessor vendors often package all the
    chip’s functionality in a single chip (package-
    on-package (PoP)) for maximum flexibility
  – Apple A4 uses a PoP design [10]
      Example: iPhone 3G CPU
• The iPhone: a real-world
  MH [7–9]
   – Runs on Samsung
     S3C6400 chip, supports
     ARM architecture
   – Highly modular
     architecture




                              Source: [8]
       Mobile Handset OSes (1)
• Key mobile OSes:
  –   Symbian OS
  –   BlackBerry OS
  –   Google Android
  –   Apple iOS
  –   Windows Phone 7
      (formerly Windows
      Mobile)
• Others include:
  – HP Palm webOS
  – Samsung bada
                          Source: [11]
        Mobile Handset OSes (2)
• Symbian (^n) OS (ARM only)      • Windows Phone 7 (ARM only)
   – Open-source (Nokia)             – Proprietary (Microsoft)
   – Multitasking                    – No multitasking
   – Programming: C++, Java ME,      – Programming: Silverlight/XNA,
     Python, Qt/HTML5                  C#.NET/VB.NET
• BlackBerry OS (ARM)             • Android (ARM, x86, …)
   –   Proprietary (RIM)             – Open-source
   –   Multitasking                  – Multitasking
   –   Many enterprise features      – Programming: Java
   –   Programming: Java ME,           (Apache Harmony), scripts
       Adobe AIR (tablet)         • Other OS features
• iPhone OS (ARM only)               – Most require app code signing
   –   Proprietary (Apple)           – Many support Adobe Flash/AIR,
   –   Multitasking                    multitasking
   –   Multi-touch interface         – ARM is predominant ISA
   –   Programming: Objective-C
  Mobile Handset Networking
• Handsets communicate with each other
  and with service providers via many
  networking technologies
• Two “classes” of these technologies:
  – Cellular telephony
  – Wireless networking
• Most handsets support both, some also
  support physical connections such as USB
   Cellular Telephony Basics (1)
• Many mobile handsets
  support cellular services
• Cellular telephony is
  radio-based technology,
  radio waves propagated
  by antennas
• Most cellular frequency
  bands: 800, 850, 900,
  1800, 1900, 2100 MHz




                              Source: [5]
  Cellular Telephony Basics (2)
• Cells, base stations
   – Space divided into cells,
     each has base station
     (tower, radio equipment)
   – Base stations coordinate so
     mobile users can access
     network
   – Move from one cell to
     another: handoff
   Cellular Telephony Basics (3)
• Statistical multiplexing
  – Time Division Multiple Access (TDMA)
     • Time & frequency band split into time slots
     • Each conversation gets the radio a fraction of the time
  – Frequency Division Multiple Access (FDMA) analogous
      Wireless Networking (1)
• Bluetooth (BT)
  – Frequency-hopping radio technology: hops among
    frequencies in 2.4 GHz band
  – Nearly ubiquitous on mobile handsets
  – Personal area networking: master device associate
    with ≤ 7 slave devices (piconet)
  – Pull model, not push model:
     • Master device publishes services
     • BT devices inquire for nearby devices, discover
       published services, connect to them
  – Latest version: 4.0; latest mobiles support 3.0 [12]
       Wireless Networking (2)
• WiFi (IEEE 802.11)
  –   Variants: 802.11b, g, n, etc.
  –   Radio technology for WLANs: 2.4, 3.6, 5 GHz
  –   Some mobile handsets support WiFi, esp. premium
  –   Two modes: infrastructure and ad hoc
       • Infrastructure: mobile stations communicate with
         deployed base stations, e.g., OSU Wireless
       • Ad hoc: mobile stations communicate with each other
         without infrastructure
  – Most mobiles support infrastructure mode
  Mobile Handset Applications
• Mobile apps span many categories, e.g.:
  – Games: Angry Birds, Assassin’s Creed, etc.
  – Multimedia: Pandora, Guitar Hero, etc.
  – Utilities: e-readers, password storage, etc.
• Many apps are natively developed for one mobile
  OS, e.g., iOS, Android
  – Cross-platform native mobile apps can be developed
    via middleware, e.g., Rhodes [13], Titanium [14]
  – Can also build (HTML5) Web apps, e.g., Ibis Reader
    [15], Orbium [16]
• We’ll discuss mobile app development next
 Native Mobile App Development
• Mobile apps can be developed natively for
  particular mobile handset OSes
  – iOS: Dashcode, Xcode; Mac only
  – Android: Eclipse; Win/Mac/Linux
  – Windows Phone: Visual Studio, XNA;
    Windows only
  – Symbian: Eclipse, NetBeans, Qt;
    Win/Mac/Linux
  – BlackBerry: Eclipse, Visual Studio; Win/Mac
Other Mobile App Development
• Middleware
  – Rhodes: Ruby/HTML compiled for all mobile OSes
  – Titanium: HTML/JS + APIs compiled for iOS,
    Android
  – Still dependent on native SDK restrictions
• Web development: HTML5, CSS, JS
  – Works on most mobile browsers
  – Can develop on many IDEs, Win/Mac/Linux
• Biz: SMS/MMS/mobile network operators key
         Business Opportunities
• Virtually every mobile OS supports app sales via stores, e.g.,
  iOS App Store, Android Market, Windows Marketplace
• Devs sign up for accounts, download SDKs
   – Costs: $99/yr (iOS, Win), $25 once (Android)
   – http://developer.apple.com, http://market.android.com,
     http://create.msdn.com
  Mobile Handset Security Issues
• People store much info on their mobiles
• “Smartphones are the new computers.…2
  billion…will be deployed by 2013” – M.A.D.
  Partners [18]
• Handsets are targets for miscreants:
  –   Calls
  –   SMS/MMS messages
  –   E-mail
  –   Multimedia
  –   Calendars
  –   Contacts
  –   Phone billing system [18]
  Handset Malware History (1)
• Hackers are already attacking handsets
  – Most well-known case: a 17-year-old broke
    into Paris Hilton’s Sidekick handset [19]
  – Less well-known: worms, viruses, and Trojans
    have targeted handsets since 2004
    • 2004: [20]
       – Cabir worm released by “29A,” targets Symbian phones
         via Bluetooth
       – Duts virus targets Windows Mobile phones
       – Brador Trojan opens backdoor on Windows Mobile [24]
   Handset Malware History (2)
        • 2005: [21]
            – CommWarrior worm released; replicates via Bluetooth, MMS to all contacts
            – Doomboot Trojan released; claims to be “Doom 2” video game, installs Cabir
              and CommWarrior
        • 2006: [20, 21]
            – RedBrowser Trojan released; claims to be a Java program, secretly sends
              premium-rate SMS messages to a Russian phone number
            – FlexiSpy spyware released; sends log of phone calls, copies of SMS/MMS
              messages to Internet server for third party to view
        • 2008: [22]
            – First iPhone Trojan released
        • 2009–2010: iPhone “Rickrolling”, Android SMS malware, etc.
• “The single biggest thing threatening any enterprise today on a
  security basis is mobile. Furthermore, mobile phone application
  stores are the greatest malware delivery system ever invented by
  man” – Robert Smith, CTO, M.A.D. Partners [18]
    Key Handset Threats, Attacks
• Info theft [23]
   – Transient info: user location
   – Static info: bluesnarfing attacks, WEP & WPA cracks [24]
• Service/$ theft, e.g., premium-rate calls/SMS [23]
• Denial-of-service attacks [23]
   – Flooding attacks overload handset radio with garbage
   – Power-draining attacks attempt to drain battery
• Botnets and DoS attacks against networks [22, 25]
• Exploiting the human factor
• We’ll discuss risk management strategies
   Risk Management Strategies
• Organizations must:
  – Understand rapidly-evolving threatspace [18]
  – Understand applicable laws & regulations
  – Understand employee demand for handsets and
    balance this against the risk they pose
  – Institute CSO policies to achieve compliance
    (and get top management on board!)
  – Inform employees about policies (change mgmt)
  – Implement the policies with tech and people
     Risk Management Tactics
• To implement strategies, organizations must:
  – Decide whether to distribute handsets to employees
    for business purposes, allow use
  – Encrypt device data
  – Remote data wipe as needed
  – Procure, install anti-malware, firewall products
  – Require VPN use, strong passwords, inventory mgmt.
  – Monitor employee handset use to detect attacks
  – Educate employees about the threatspace, train them
    to treat handsets as any other computer system
  – Prevent, detect, and respond appropriately
Discussion and Questions



        Thank you
                        References [1]
1.   Wireless Intelligence, “Snapshot: Global mobile connections surpass 5 billion
     milestone,” 8 Jul. 2010, https://www.wirelessintelligence.com/print/snapshot/
     100708.pdf
2.   T. T. Ahonen, “5 - 4 - 3 - 2 - 1, as in Billions. What do these gigantic numbers
     mean?,” 6 Aug. 2010, http://communities-dominate.blogs.com
3.   T. T. Ahonen, 29 Sep. 2010, http://untether.tv/ellb/?p=2227
4.   T. T. Ahonen, “When there is a mobile phone for half the planet: Understanding the
     biggest technology”, 16 Jan. 2008, http://communities-dominate.blogs.com/
     brands/2008/01/when-there-is-a.html
5.   J. L. Hennessy and D. A. Patterson, Computer Architecture: A Quantitative
     Approach, 4th ed., Elsevier, 2007
6.   Research in Motion, “BlackBerry 8700c Technical Specifications”,
     http://www.blackberry.com/products/pdfs/blackberry8700c_ent.pdf
7.   R. Block, “iPhone processor found: 620MHz ARM CPU”, Engadget, 1 Jul. 2007,
     http://www.engadget.com/2007/07/01/iphone-processor-found-620mhz-arm/
8.   Samsung Semiconductor, “Product Technical Brief: S3C6400, Jun. 2007”,
     http://www.samsung.com/global/system/business/semiconductor/product/2007/
     8/21/661267ptb_s3c6400_rev15.pdf
                       References [2]
9.    Wikipedia, “iPhone”, updated 15 Nov. 2008, http://en.wikipedia.org/wiki/Iphone
10.    Wikipedia, “Apple A4”, updated 21 Oct. 2010, http://en.wikipedia.org/wiki/
      Apple_A4
11.    Gartner (12 August 2010). "Gartner Says Worldwide Mobile Device Sales Grew
      13.8 Percent in Second Quarter of 2010, But Competition Drove Prices Down".
      Press release. http://www.gartner.com/it/page.jsp?id=1421013
12.   Wikipedia, “Samsung Galaxy S”, updated 21 Oct. 2010, http://en.wikipedia.org/
      wiki/Samsung_Galaxy_S
13.   Rhomobile Inc., http://rhomobile.com/
14.   Appcelerator Inc., http://www.appcelerator.com/
15.   Ibis Reader LLC, http://ibisreader.com
16.   Björn Nilsson, Orbium, http://jsway.se/m/
17.   Ericsson.Global mobile data traffic nearly triples in 1 year, 12 August 2010.
      http://www.ericsson.com/thecompany/press/releases/2010/08/1437680.
18.   Georgia Tech Information Security Center, “Emerging Cyber Threat Reports 2011,”
      http://www.gtisc.gatech.edu/pdf/cyberThreatReport2011.pdf
                        References [3]
19. B. Krebs, “Teen Pleads Guilty to Hacking Paris Hilton’s Phone”, Washington Post, 13
    Sep. 2005, http://www.washingtonpost.com/wp-dyn/content/article/2005/09/
    13/AR2005091301423_pf.html
20. D. Emm, “Mobile malware – new avenues”, Network Security, 2006:11, Nov. 2006,
    pp. 4–6
21. M. Hypponen, “Malware Goes Mobile”, Scientific American, Nov. 2006, pp. 70–77,
    http://www.cs.virginia.edu/~robins/Malware_Goes_Mobile.pdf
22. PandaLabs, “PandaLabs Quarterly Report: January–March 2008”,
    http://pandalabs.pandasecurity.com/blogs/images/PandaLabs/2008/04/01/Quarte
    rly_Report_PandaLabs_Q1_2008.pdf
23. D. Dagon et al., “Mobile Phones as Computing Devices: The Viruses are Coming!”,
    IEEE Pervasive Computing, Oct. – Dec. 2004, pp. 11–15
24. G. Fleishman, “Battered, but not broken: understanding the WPA crack”, Ars
    Technica, 6 Nov. 2008, http://arstechnica.com/articles/paedia/wpa-cracked.ars
25. http://blog.mylookout.com/2010/12/geinimi_trojan/

								
To top