MOBILE PHONE SECURITY

CAPSTONE THESIS RESEARCH PROPOSAL

Mobile Phone Security

By

Imran Usmani

Submitted to

MSIA Capstone Committee

For Final Requirements of the Masters of Information Assurance Degree

From

Davenport University

Submission Date

Date:October 30, 2011

ACKNOWLEDGEMENT

I certify that the work presented in the dissertation is my own unless referenced

Signature: IMRAN USMANI

Date: 30 October 2011

First of all, it would give me great pleasure to show my gratitude to my professor, for his propositions, remarks, understanding and patience. It would also be an honour to express gratitude to my parents, my mother, my father, my sister and my brother for their endless support in my life and allowing me to make all my decisions. I would also like to take the opportunity to show appreciation to my co-workers for their expert cooperation on every occasion. I would also like to be grateful to the Department, managers of the university, instructors and students who have supported me throughout this research.

ABSTRACT

The revolution of mobile phone industry has been altering our life and business practices over the past few decades. Driven by user demands and technological advancement, we now experience rich mobile phone applications and sophisticated cellular services ranging from mobile payment, trading stock, to social networking, vehicle tracking to in-car control. As more players joining the community, this mobile phone environment has transformed into a complex network of interacting companies, known as mobile ecosystem. Unfortunately, this opening and converging mobile ecosystem has brought in more opportunities for more attacks on mobile phones. This dissertation aims to achieve mobile phone security. I will reveal two main challenges that I need to overcome, namely developing a clear definition of secure phones, and building security infrastructure that imposes such definition on the phones. With the advent of smart-phones in today's world with high-end processing and memory expansion capabilities, developers and content providers are deploying multimedia rich applications on a variety of mobile platforms. As the world becomes more dependent on technology and interconnected networks it changes the dynamic of how the world works. The advanced mobile communication devices such as smart phones are changing the way in which we communicate process and store data from any place. They evolved from simple mobile phones into sophisticated and yet compact mini computers. As these devices can allow third party software's to run on them they are vulnerable to various risks like viruses, mal ware, worms and Trojan horses. Also a mobile device can initiate communication on anyone of its communication interfaces and also can connect to wide variety of wireless networks. In this research, I will discuss the inherent and fairly universal weaknesses and security threats of wireless mobile devices.

TABLE OF CONTENT

ACKNOWLEDGEMENTII

ABSTRACTIII

CHAPTER 1: INTRODUCTION1

1.1Background of the Study1

1.2Research Aims and Objectives4

1.3Research Question5

1.4Scope of the Research5

1.5Thesis Structure6

CHAPTER 2: LITERATURE REVIEW8

2.1Mobile Telephony8

2.1.1Basic Mobile Phone Operations9

2.1.1.1Short Messaging Service (SMS)10

2.1.1.2Multimedia Messaging Service (MMS)10

2.1.1.3Internet Connection11

2.1.1.4WAP (Wireless Application Protocol)11

2.1.1.5Hypertext Transfer Protocol (HTTP)12

2.2Java for mobile phones13

2.3Security mechanisms for Mobile Java14

2.4Mobile Ecosystem15

2.2.1History of the Mobile Phones16

2.2.2Future of Mobile Phone17

2.5Attacks on Mobile Phones20

2.3.1Cellular Network Vulnerabilities22

2.3.2Mobile Phone Vulnerabilities23

2.6Categories of Mal ware26

2.7Attack Mitigations29

CHAPTER 3: METHODOLOGY35

CHAPTER 4: FINDINGS38

4.1Threats to Hand-held Devices39

4.1.1Disposal, theft and/or ...