Mobile Handsets: A Panoramic Overview

Mobile Handsets:
A Panoramic Overview
Adam C. Champion and Dong Xuan
Department of Computer Science & Engineering
The Ohio State University
Outline
•
•
•
•
•
•
Introduction
Mobile Handset Architecture
Mobile Handset Operating Systems
Networking
Applications
Mobile Handset Security
Mobile Handset Definition
• Mobile handsets
(mobiles): electronic
devices that provide
services to users:
– Internet
– Games
– Contacts
• Form factors: tablets,
smartphones, consoles
• Mobile: your next
computer system
Mobile Handsets: Business
• Meteoric sales and growth:
– Over 4 billion mobile phone users [1]
– Over 5 billion mobile phone subscriptions [2]
(some people have multiple phones)
– Mobile handsets & industries: $5 trillion [3]
• Mobile phones are replaced every 6
months in S. Korea (just phones) [4]
• We can’t ignore these numbers
• Note: mobiles are computer systems
What’s Inside a Mobile Handset?
Source: [5]
Handset Architecture (1)
• Handsets use several hardware components:
–
–
–
–
–
–
–
–
Microprocessor
ROM
RAM
Digital signal processor
Radio module
Microphone and speaker
Hardware interfaces
LCD display
Handset Architecture (2)
• Handsets store system data in
electronically-erasable programmable
read-only memory (EEPROM)
– Mobile operators can reprogram phones
without physical access to memory chips
• OS is stored in ROM (nonvolatile memory)
• Most handsets also include subscriber
identity module (SIM) cards
Handset Microprocessors
• Handsets use embedded processors
– Intel, ARM architectures dominate market.
Examples include:
• BlackBerry 8700, uses Intel PXA901 chip [6]
• iPhone 3G, uses Samsung ARM 1100 chip [7]
– Low power use and code size are crucial [5]
– Microprocessor vendors often package all the
chip’s functionality in a single chip (packageon-package (PoP)) for maximum flexibility
– Apple A4 uses a PoP design [10]
Example: iPhone 3G CPU
• The iPhone: a real-world
MH [7–9]
– Runs on Samsung
S3C6400 chip, supports
ARM architecture
– Highly modular
architecture
Source: [8]
Mobile Handset OSes (1)
• Key mobile OSes:
–
–
–
–
–
Symbian OS
BlackBerry OS
Google Android
Apple iOS
Windows Phone 7
(formerly Windows
Mobile)
• Others include:
– HP Palm webOS
– Samsung bada
Source: [11]
Mobile Handset OSes (2)
• Symbian (^n) OS (ARM only)
– Open-source (Nokia)
– Multitasking
– Programming: C++, Java ME,
Python, Qt/HTML5
• BlackBerry OS (ARM)
–
–
–
–
Proprietary (RIM)
Multitasking
Many enterprise features
Programming: Java ME,
Adobe AIR (tablet)
• iPhone OS (ARM only)
–
–
–
–
Proprietary (Apple)
Multitasking
Multi-touch interface
Programming: Objective-C
• Windows Phone 7 (ARM only)
– Proprietary (Microsoft)
– No multitasking
– Programming: Silverlight/XNA,
C#.NET/VB.NET
• Android (ARM, x86, …)
– Open-source
– Multitasking
– Programming: Java
(Apache Harmony), scripts
• Other OS features
– Most require app code signing
– Many support Adobe Flash/AIR,
multitasking
– ARM is predominant ISA
Mobile Handset Networking
• Handsets communicate with each other
and with service providers via many
networking technologies
• Two “classes” of these technologies:
– Cellular telephony
– Wireless networking
• Most handsets support both, some also
support physical connections such as USB
Cellular Telephony Basics (1)
• Many mobile handsets
support cellular services
• Cellular telephony is
radio-based technology,
radio waves propagated
by antennas
• Most cellular frequency
bands: 800, 850, 900,
1800, 1900, 2100 MHz
Source: [5]
Cellular Telephony Basics (2)
• Cells, base stations
– Space divided into cells,
each has base station
(tower, radio equipment)
– Base stations coordinate so
mobile users can access
network
– Move from one cell to
another: handoff
Cellular Telephony Basics (3)
• Statistical multiplexing
– Time Division Multiple Access (TDMA)
• Time & frequency band split into time slots
• Each conversation gets the radio a fraction of the time
– Frequency Division Multiple Access (FDMA) analogous
Wireless Networking (1)
• Bluetooth (BT)
– Frequency-hopping radio technology: hops among
frequencies in 2.4 GHz band
– Nearly ubiquitous on mobile handsets
– Personal area networking: master device associate
with ≤ 7 slave devices (piconet)
– Pull model, not push model:
• Master device publishes services
• BT devices inquire for nearby devices, discover
published services, connect to them
– Latest version: 4.0; latest mobiles support 3.0 [12]
Wireless Networking (2)
• WiFi (IEEE 802.11)
–
–
–
–
Variants: 802.11b, g, n, etc.
Radio technology for WLANs: 2.4, 3.6, 5 GHz
Some mobile handsets support WiFi, esp. premium
Two modes: infrastructure and ad hoc
• Infrastructure: mobile stations communicate with
deployed base stations, e.g., OSU Wireless
• Ad hoc: mobile stations communicate with each other
without infrastructure
– Most mobiles support infrastructure mode
Mobile Handset Applications
• Mobile apps span many categories, e.g.:
– Games: Angry Birds, Assassin’s Creed, etc.
– Multimedia: Pandora, Guitar Hero, etc.
– Utilities: e-readers, password storage, etc.
• Many apps are natively developed for one mobile
OS, e.g., iOS, Android
– Cross-platform native mobile apps can be developed
via middleware, e.g., Rhodes [13], Titanium [14]
– Can also build (HTML5) Web apps, e.g., Ibis Reader
[15], Orbium [16]
• We’ll discuss mobile app development next
Native Mobile App Development
• Mobile apps can be developed natively for
particular mobile handset OSes
– iOS: Dashcode, Xcode; Mac only
– Android: Eclipse; Win/Mac/Linux
– Windows Phone: Visual Studio, XNA;
Windows only
– Symbian: Eclipse, NetBeans, Qt;
Win/Mac/Linux
– BlackBerry: Eclipse, Visual Studio; Win/Mac
Other Mobile App Development
• Middleware
– Rhodes: Ruby/HTML compiled for all mobile OSes
– Titanium: HTML/JS + APIs compiled for iOS,
Android
– Still dependent on native SDK restrictions
• Web development: HTML5, CSS, JS
– Works on most mobile browsers
– Can develop on many IDEs, Win/Mac/Linux
• Biz: SMS/MMS/mobile network operators key
Business Opportunities
• Virtually every mobile OS supports app sales via stores, e.g.,
iOS App Store, Android Market, Windows Marketplace
• Devs sign up for accounts, download SDKs
– Costs: $99/yr (iOS, Win), $25 once (Android)
– http://developer.apple.com, http://market.android.com,
http://create.msdn.com
Mobile Handset Security Issues
• People store much info on their mobiles
• “Smartphones are the new computers.…2
billion…will be deployed by 2013” – M.A.D.
Partners [18]
• Handsets are targets for miscreants:
–
–
–
–
–
–
–
Calls
SMS/MMS messages
E-mail
Multimedia
Calendars
Contacts
Phone billing system [18]
Handset Malware History (1)
• Hackers are already attacking handsets
– Most well-known case: a 17-year-old broke
into Paris Hilton’s Sidekick handset [19]
– Less well-known: worms, viruses, and Trojans
have targeted handsets since 2004
• 2004: [20]
– Cabir worm released by “29A,” targets Symbian phones
via Bluetooth
– Duts virus targets Windows Mobile phones
– Brador Trojan opens backdoor on Windows Mobile [24]
Handset Malware History (2)
• 2005: [21]
– CommWarrior worm released; replicates via Bluetooth, MMS to all contacts
– Doomboot Trojan released; claims to be “Doom 2” video game, installs Cabir
and CommWarrior
• 2006: [20, 21]
– RedBrowser Trojan released; claims to be a Java program, secretly sends
premium-rate SMS messages to a Russian phone number
– FlexiSpy spyware released; sends log of phone calls, copies of SMS/MMS
messages to Internet server for third party to view
• 2008: [22]
– First iPhone Trojan released
• 2009–2010: iPhone “Rickrolling”, Android SMS malware, etc.
• “The single biggest thing threatening any enterprise today on a
security basis is mobile. Furthermore, mobile phone application
stores are the greatest malware delivery system ever invented by
man” – Robert Smith, CTO, M.A.D. Partners [18]
Key Handset Threats, Attacks
• Info theft [23]
– Transient info: user location
– Static info: bluesnarfing attacks, WEP & WPA cracks [24]
• Service/$ theft, e.g., premium-rate calls/SMS [23]
• Denial-of-service attacks [23]
– Flooding attacks overload handset radio with garbage
– Power-draining attacks attempt to drain battery
• Botnets and DoS attacks against networks [22, 25]
• Exploiting the human factor
• We’ll discuss risk management strategies
Risk Management Strategies
• Organizations must:
– Understand rapidly-evolving threatspace [18]
– Understand applicable laws & regulations
– Understand employee demand for handsets and
balance this against the risk they pose
– Institute CSO policies to achieve compliance
(and get top management on board!)
– Inform employees about policies (change mgmt)
– Implement the policies with tech and people
Risk Management Tactics
• To implement strategies, organizations must:
– Decide whether to distribute handsets to employees
for business purposes, allow use
– Encrypt device data
– Remote data wipe as needed
– Procure, install anti-malware, firewall products
– Require VPN use, strong passwords, inventory mgmt.
– Monitor employee handset use to detect attacks
– Educate employees about the threatspace, train them
to treat handsets as any other computer system
– Prevent, detect, and respond appropriately
Discussion and Questions
Thank you
References [1]
1.
2.
3.
4.
5.
6.
7.
8.
Wireless Intelligence, “Snapshot: Global mobile connections surpass 5 billion
milestone,” 8 Jul. 2010, https://www.wirelessintelligence.com/print/snapshot/
100708.pdf
T. T. Ahonen, “5 - 4 - 3 - 2 - 1, as in Billions. What do these gigantic numbers
mean?,” 6 Aug. 2010, http://communities-dominate.blogs.com
T. T. Ahonen, 29 Sep. 2010, http://untether.tv/ellb/?p=2227
T. T. Ahonen, “When there is a mobile phone for half the planet: Understanding
the biggest technology”, 16 Jan. 2008, http://communities-dominate.blogs.com/
brands/2008/01/when-there-is-a.html
J. L. Hennessy and D. A. Patterson, Computer Architecture: A Quantitative
Approach, 4th ed., Elsevier, 2007
Research in Motion, “BlackBerry 8700c Technical Specifications”,
http://www.blackberry.com/products/pdfs/blackberry8700c_ent.pdf
R. Block, “iPhone processor found: 620MHz ARM CPU”, Engadget, 1 Jul. 2007,
http://www.engadget.com/2007/07/01/iphone-processor-found-620mhz-arm/
Samsung Semiconductor, “Product Technical Brief: S3C6400, Jun. 2007”,
http://www.samsung.com/global/system/business/semiconductor/product/2007
/8/21/661267ptb_s3c6400_rev15.pdf
References [2]
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
Wikipedia, “iPhone”, updated 15 Nov. 2008, http://en.wikipedia.org/wiki/Iphone
Wikipedia, “Apple A4”, updated 21 Oct. 2010, http://en.wikipedia.org/wiki/
Apple_A4
Gartner (12 August 2010). "Gartner Says Worldwide Mobile Device Sales Grew 13.8
Percent in Second Quarter of 2010, But Competition Drove Prices Down". Press
release. http://www.gartner.com/it/page.jsp?id=1421013
Wikipedia, “Samsung Galaxy S”, updated 21 Oct. 2010, http://en.wikipedia.org/
wiki/Samsung_Galaxy_S
Rhomobile Inc., http://rhomobile.com/
Appcelerator Inc., http://www.appcelerator.com/
Ibis Reader LLC, http://ibisreader.com
Björn Nilsson, Orbium, http://jsway.se/m/
Ericsson.Global mobile data traffic nearly triples in 1 year, 12 August 2010.
http://www.ericsson.com/thecompany/press/releases/2010/08/1437680.
Georgia Tech Information Security Center, “Emerging Cyber Threat Reports 2011,”
http://www.gtisc.gatech.edu/pdf/cyberThreatReport2011.pdf
References [3]
19. B. Krebs, “Teen Pleads Guilty to Hacking Paris Hilton’s Phone”, Washington Post, 13
Sep. 2005, http://www.washingtonpost.com/wp-dyn/content/article/2005/09/
13/AR2005091301423_pf.html
20. D. Emm, “Mobile malware – new avenues”, Network Security, 2006:11, Nov. 2006,
pp. 4–6
21. M. Hypponen, “Malware Goes Mobile”, Scientific American, Nov. 2006, pp. 70–77,
http://www.cs.virginia.edu/~robins/Malware_Goes_Mobile.pdf
22. PandaLabs, “PandaLabs Quarterly Report: January–March 2008”,
http://pandalabs.pandasecurity.com/blogs/images/PandaLabs/2008/04/01/Quarte
rly_Report_PandaLabs_Q1_2008.pdf
23. D. Dagon et al., “Mobile Phones as Computing Devices: The Viruses are Coming!”,
IEEE Pervasive Computing, Oct. – Dec. 2004, pp. 11–15
24. G. Fleishman, “Battered, but not broken: understanding the WPA crack”, Ars
Technica, 6 Nov. 2008, http://arstechnica.com/articles/paedia/wpa-cracked.ars
25. http://blog.mylookout.com/2010/12/geinimi_trojan/