Revealing the Nuts and Bolts of the Security of Mobile Devices• Internet society to a mobile society.

• many articles aboutsmartphone security were published

•Many researchers and practitioners are expecting a major security incident with mobile phones

•In March 2010, Iozzo and Weinmann demonstrated a drive of I iPhone 3GS

As a first approach, the investigation subject of this paper

•Any mobile device that is controlled by MNO•Any kind of phones that can only be used for phone functionality•USB sticks that enable laptops to use the mobile network are also not covered.

Specifics of Mobile Devices

•Creation of costs: Billed events,payment systems•Network environment:strongconnection,Firmware Update Process•Limited Device Resources:Resource Limitations,battery•Double Expensive Wireless Link:Expensive Computation Costs, High Monetary Communication Costs•Reputation

ATTACK VECTOR CLASSES AND ATTACK MODELS

•Hardware-centric attacks belong to mobile device security only from a broader point of view.•In the context of this paper, the most important class of technical vulnerabilities for mobile devices are software-centric attacks.•User layer attacks contain every exploit that is notof technical nature.•Eavesdropping:A passive attacker tries to intercept theconversation between mobile phone and base station•Availability Attacks: One possible example is an activeattacker blocking the signal of the mobile phone orbase station•Privacy Attacks: A passive attacker might use thesmartphone’s ID to locate its owner.• Impersonation Attacks: In a nutshell, one mobile phoneimpersonates as another in such an attack. For example,a mobile phone uses the service of a base stationwithout billing facility for the base station, i.e., theservice is used in a fraudulent way.

HARDWARE-CENTRIC SECURITY ASPECTS

A. Intercepting MNO Smartcard Communication

B. Attacking the Device:JTAG Attacks, Forensic Analysis

DEVICE-INDEPENDENT SECURITY ASPECTS

A.GSM: Cryptography for Protecting the Air Link

B.Initial Connection and Encryption