Cryptography Reference
In-Depth Information
However, users may not be aware of the flow of sensitive information. It may be
written to locations where the user does not suspect them to be stored. As a
consequence, a user may voluntarily distribute data items which contain sensitive
information, e.g. GPS tags to images. Even worse, recent attacks also exploit
information flow similar to side-channel attacks: [Schleg11] describes a Trojan
horse program that, among other attack principles, uses speech analysis to leak
credit card numbers spoken by Smartphone users while making a phone call.
Current security solutions do not recognize such implicit flows of information.
Thus, existing security architectures are not able to protect against such informa-
tion disclosure.
10.3.3 Phishing Attacks
Other attacks which require unintentional user interaction are newly engineered
phishing attacks [FS10a]. Servers are able to recognize different hardware devices
and commercial sites use this to improve their usability and to address different
user groups. At the same time, however, this removes the familiar user interface
and opens new attack vectors for phishing. This situation is aggravated by the
actual form factor of Smartphones: Smaller displays and different human machine
interfaces will alleviate phishing attacks. Counter measures mainly include
increasing user awareness and distinctive features which provide suitable authen-
tication of the web interfaces for Smartphones.
Further attack vectors are commercial applications: Any business application
which conducts some type of transaction is vulnerable to imitation. User may
simply download applications offered for free because they expect appropriate
support conducting their business using this application. This attack is even harder
to mitigate as it involves new types of interaction and user interfaces.
10.3.4 Spy- or Adware Attacks
The threat involving the highest, specific risks to Smartphone users seems
currently applications collecting private data to generate user profiles, recognise
user activities, or even to influence the owner of a Smartphone [LYL+10, Smith10].
The number of applications submitted to online application markets is increasing
rapidly. At the same time, the interest in the number of users participating in this
market, and their corresponding market share is also increasing. In parallel,
methods of application providers for obtaining data from consumers are
increasingly harsh and often borderline to illegal activities.
Almost all of the security models presented in Section 2 rely on the analysis and
manual approval of applications submitted to online application markets. A lot of
Search WWH ::
Custom Search