Microsoft released its latest incarnation of its mobile platform. However I hope this is the last iteration of the aging WinMobile 6 platform. The latest version gives end-users access to mobile applications like Facebook and Netflix through the Windows Marketplace.It will be interesting to see how Microsoft can control the security of its app store. It is not clear whether the vetting process will be as rigid as Apple or relatively lose like the Android app store.
On the enterprise front. the platform is tightly coupled with its enterprise software brethren like Exchange (with pushmail and calendaring) policy enforcement and remote wipe). Additionally it offers the ability to view (eventually edit) office apps including PDF. I was expecting better integration with the popular Sharepoint platform however that is not the case. A useful freebie is the ability to backup the mobile device using the MyPhone wireless backup utility, something Apple charges $99 using the MobileMe functionality.
Disappointingly there was no announcement regarding improvements to mobile search. You would assume that a company with access to resources like Bing, would implement a half decent search functionality on their phone …. Google has just released Android 1.6 (‘Donut’) that makes vast improvements to the search experience both on and off the phone. Even the Apple iPhone is also streets ahead when it comes to universal search using Spotlight.
All in all, Microsoft needs to follow this up with a more robust offering if it needs to stay relevant in marketplace. It will seriously need to revamp this with a more competitive architecture or risk losing out to the iPhone and Android, which are at least 1 generation ahead of it.
Context awareness is intricately coupled with location awareness to some extent. The security and access considerations mainly apply at the network layer as this is the only aspect of the device that crosses a trust boundary. All access control frameworks are built around the concept of “Trust” between various entities and agents participating in the network. According to the ISO 10181,
Trust is a relationship between 2 elements, a set of operations and a security policy, P where element X trusts element Y only if X has confidence that Y behaves in a well-defined way that does not violate the P.
Most hierarchical trust models incorporate his central concept. In such models, one or more superior (i.e. more trusted) entities grants credentials to the participating peers. One example of this model is the public key infrastructure (PKI) built around X.509 digital certificates which forms the backbone of all internet security. However modern network access control frameworks, especially those designed for fixed/mobile LANs are adopting a distributed intelligence approach where the NAC environment is dynamically structured to fit the users and data that is accessed. The Juniper Networks UAC solution is one such instance. This system allows administrators to encode users and data on-the fly through a rich and granular policy management framework. The decision engine then defines the policy (contract) after evaluating the user (permissions, clearance), the network (access-method, resource properties) and the endpoint properties (OS, patch version, anti-virus programs etc.).
Let us now look at the mechanism by which a mobile device ‘attaches’ to the network. To begin with recall the behavior of a Windows PC when it first connects to a new network. The user is required to choose whether it is a private, business or public network. Based on the option selected Windows firewall will apply the appropriate firewall profile. Subsequent visits to the same network will automatically apply the same policy without manual intervention. Context awareness takes this concept to the next level. Now applications and services can also become “aware” of the network and tailor their behaviors accordingly. The ultimate goal here is to identify and authenticate the network location. At the protocol level the application or service authorizes the network access provider (usually a DHCP server), which is a form of entity authentication. From the standpoint of privacy we have to ensure that the client remains sufficiently anonymous in order to protect the mobile user before and during the network access. In the standard Wifi access operation the client and the network use 802.1X protocol that is backed up by public key certificates. 802.1X allows piggy-backing of new authentication methods e.g. EAP-TLS for authenticating with TLS/SSL or EAP-SIM for authenticating against GSM-SIM or EAP-JUAC, for Juniper’s custom UAC method. In all these methods the client’s privacy is protected by authenticating the server and then performing the client authentication inside the secure channel.
Context Aware Computing is next big thing on the horizon. It is alternatively known by the much more cooler moniker “Ambient Computing“. From an architectural standpoint context aware services (CAS) usually have a component-based design with basic constructs like components, connectors, contracts and interfaces. Components provide the core functionality of the application and use connectors to communicate with other components in the system. Contracts and interfaces ensure a specific behavior in a given situation. “Awareness” is programmed into the system by rewiring the interfaces and contracts when the context changes. The context could be changed by changing one or more of the following parameters – userID, activity, geospatial information (location, direction, speed etc.), Temporal Information (timeOfday, date), ServiceVicinity (presence of other devices or services) etc. A simple manifestation of this is the popular app “Locale“.
Major universities are furiously researching and developing technologies to incorporate context awareness in SOA environments. Such applications benefit from technology that connects everyday objects and provides opportunities to collect and use context specific information from various sources and present them on increasingly sophisticated mobile platforms. Enterprises have only recently started looking into how CAS applications can provide real-time benefits. In fact Cisco has recently announced mobile context aware framework running on the 3300 MSE (Mobility Services Edge) that enterprises can incorporate into their existing SOA framework.
That’s it for a high level overview of context aware mobility. In the next article I will talk about some of the unique security constraints that have to be addressed in CAS environments.
Recently security journals all over the world splashed the news that GSM security was compromised by using a Rainbow table. However the approach was deemed impractical by GSMA as requiring 2TB of data and enormous amount of number crunching to invert the one way hash function. The approach to do this is called the Shor’s algorithm named after its inventor Peter Shor. Shor’s algorithm takes a long time to execute on a classical (Von Neumann) computer but can be done a lot faster on a quantum computer. In fact Shor’s Algorithm is designed specifically for a quantum computer.
Quantum computers are no longer theoretical constructs, we now have word of a working prototype that actually runs on a single silicon chip.
Kaspersky has announced what is by far the most promising security suite for Symbian and Windows Mobile phones. Besides providing a regulation firewall and anti-virus it offers unique features like anti-theft and SIM-Watch modules. Remote Device wipe is nothing new, Blackberry and Windows Mobile devices (via ActiveSync) have had this feature for years. However this is the first time we are having a device wiping solution for a mobile device that is not tethered to the enterprise. The device wipe in this case happens by sending an SMS message to the lost/stolen phone causing it to digitally self-destruct. The unique anti-theft module locks your data if a new SIM card is inserted into the device. Additionally it sneaks an email back to you with the telephone number of the new SIM card!! Truly ingenious. Enough data about the performance/battery-life implications of running this suite is not available as yet but if Kaspersky engineers it similar to their desktop solution, that should not be too much of a performance hog.
A recent article in eWeek claimed that 1 in 63 smartphones are infected with some form of malware – viruses, worms or Trojans. For the most part the users are unaware of the infections. A bulk of this malware enters the device when users install applications that are (often) unsigned. This problem is all the more aggravated given that Symbian phones do no have a centralized app store that can vet applications. It is not that the security model for Symbian is weak. In fact from an architectural perspective – there are 4 levels with increasing privilege levels.
Symbian Security Model
As can be seen the Symbian signed applications / modules have the most widespread system privileges. These are the ones that are allowed unrestricted access to system internals and the underlying hardware. However recently we have seen mobile malware that has a legitimate digital signature. This has raised serious questions about Symbian’s automated approval process. Symbian has since revoked the certificate and published it on their CRL server. However these will only be picked up by the handset if they are configured to receive revocation certs. By default this is disabled in the Application Manager settings.
On S60 3rd and 5th edition, the setting to turn on revocation checks can be found in the application manager, for example:
Tools →Settings →Applications →App. manager →Online Certificate Check
More gory details about the app signing process can be gotten from here.
A5/1 is a stream cipher that is used to provide OTA security on GSM wireless networks. Vulnerabilities in this protocol have been known for years. It has been rumored that these vulnerabilities were left unfixed more due to political concerns than technical.Earlier this month, researcher Karsten Nohl has unveiled software that uses the distributed computing power of thousands of graphics processors (a la-‘ SETI) to construct a massive rainbow table of GSM codes. A rainbow table is just a fancy name for a look up table that allows one to “invert” a hash. This hack in its most benign form would allow the community to come up with an open-source GSM protocol (though the market and business case for this is as yet unclear), however a more sinister manifestation would allow a hacker to snoop the airwaves and listen in on any cellular conversation(shudder!!). In the US, Verizon and Sprint are unaffected by this flaw, though AT&T and T-Mobile are potentially vulnerable. Presently there is no software or technique out there that can exploit this, however that could change soon. The GSM Association is said to be working on updating this decades old protocol and address some of its security flaws. About time!!
A recent survey by TrendMicro showed that the average crackberry/iphone addict is quite oblivious of the potential security risks of conducting his work over the mobile airwaves. Nearly 45% of smartphone users have fallen victim to the a security breach and less than a quarter of them are consciously aware of the native security features on their phone.
The typical malware writer has gradually shifted the intent of malware from pure fame and geek curiosity to more diabolical ends. A few months ago, Kaspersky reported a trojan that can steal your money by exploiting a vulnerability in the SMS implementation on your phone. Such phishing attacks are called by a new term called “smishing”. Then again F-secure has earlier demonstrated another vulnerability in Series 60 phones that allows for a privilege escalation attack that allows complete access to the underlying file system. This vulnerability has been addressed in a firmware upgrade since.Smishing attacks are not that prevalent in the United States as it is in Europe or Asia, since SMS is not the preferred way of communication yet. This is changing though… Carriers are now including unlimited SMS plans for under $10 and this is encouraging SMS phishing. The also exist legitimate services out there that facilitate bulk SMS tranmission.
Traditional phishing attacks which can be easily identified by their broken links or non-rendering images or plain bad spelling (think Nigerian 419 emails), however these shortcomings are not that evident on SMS. Typically the messages themselves are concise and are usually entirely composed of text. It is also relatively easy to spoof the sender name, so that it may look like a legitimate source. This attack has been recently demonstrated in the Blackhat conference albeit on a jailbroken iPhone.
So how does one guard against this attack? Truth be told, there isn’t a single reliable way. Most brick-and-mortar legitimate companies will not use SMS to communicate with you (exception being your carrier). If you get an SMS from your bank, utility company or even your friend, soliciting for any information, simply ignore it and try to reach them offband (i.e. from another phone or email etc.). The cell phone industry has not developed standardized and robust protocols to guarantee the security of the SMS channel. Hopefully that will change soon.
Today’s smart phones offer as much processing power as personal computers from half a decade ago. These devices and the complimenting apps offer incredible flexibility in processing and pulling information from the cloud around us, yet at the same time they expose us to new and unique attack vectors that can compromise the sensitive and often personal nature of data resident on the phone.
Security Vendors are furiously developing solutions that address this up and coming threat. In this blog I will discuss this exciting new frontier that will prove to be the next battleground between the good guys and the bad.