Modern day smartphones are capable of performing every single task that a desktop computer can do. Smartphones being a new technology with less than a decade in the communication industry are vulnerable to security attacks and data leakage. In the current scenario, Android devices are the majority are the prime target of hackers and criminal organisation. Thus, smartphone security is of utmost priority for software companies. In this chapter, the authors begin by discussing the need for mobile forensic analysis and discussing basic smartphone vulnerabilities. they then discuss the types of attacks and their effects on smartphones followed by the security mechanisms employed to deal with the attacks and threats. they also list and give a brief description of tools used commercially for forensic analysis of smartphones, and two experiment-based case studies are provided to allow the readers to get a better understanding of the merits of existing works and practical application of investigation process.
TopIntroduction
In the past few years, technology has seen a huge boost. Advancements in electronics industry have helped software manufacturers in a huge way. With more processing power and memory, modern day computers have perform complex calculations in just a few seconds. Heavy computers have been replaced by small portable yet powerful laptops and smartphones. These smartphones having such advanced technology are capable of doing online payments, e-banking, network data transfers etc.
Smartphones, being a new technology with less than a decade in the communication industry become vulnerable to security attacks and data leakage. To counter the problem of data theft and misuse of personal information, various security defects need to be analysed and hence the need of smartphone forensics arises.
Smartphone security has been a major topic of study in the recent years. Apart from implementing security features, the organisation also needs to gain customer trust on the security features that are present in the smartphone device.
In a research conducted by Matthews and Pierce (2009), they found out that while users preferred mobile devices for online searching and shopping, most of them defer to computer devices to make online payments.
Chin et al. (2012) expanded more on this by measuring user confidence on smartphones devices and concluded that smartphone security designs should be more user friendly and should offer better support for privacy of personal data.
Several studies have analysed the security aspect of smartphone based applications. Riadi et al. (2018) evaluated forensic tools on LINE messenger application in a smartphone running Android Operating System. Ntantogian (2014) evaluated the possibility of recovering authentication credentials of mobile applications from the volatile memory of Android mobile devices.
Furthermore, Ahvanooey (2017) surveyed smartphone security by evaluating security features of different smartphone operating systems and possible malwares, attacks and threats that can put user privacy to risk.
Key Concepts
Digital Forensics: Digital forensics is in simple words means using scientific and proven methods to present, validate, verify and analyse evidence derived from digital data. This evidence is used further to reconstruct malicious activities in order to gain information about any criminal activity related with the data.
Cyber-Attack: A cyber-attack is an illegal attempt by any person or an organisation to breach a software system and steal or destroy unauthorized information from the victim. Mobile cyber-attack are targeted attacks used by hackers to disrupt any working system by stealing private and confidential from smartphones devices.
Mobile Security: Mobile Security refers to the techniques used to protect portable devices like smartphones, laptops, tablets etc. from threats and attacks that jeopardize personal data security and private information of enterprises and individual users.
Some common types of cyber-attacks are:
- •
Phishing
- •
Denial of Service
- •
Malware
- •
SQL injection
Data Security And Leakage
Data Security is the process of securing digital data from any type of unauthorised access or a cyberattack. It involves encrypting data through cryptographic techniques and protecting private information through various authentication processes.
A system can never be perfectly secure. Hackers all over the world use different techniques to gain access to someone else’s computer in order to steal/modify/erase information. The illegal transfer of classified information from one computer to another in known as Data Leakage. Data Leakage happens when systems are not secure enough and are breached easily. Hackers usually try to find the weakest link in the network and breach into the victim’s computer through that link.
Nowadays, with rising popularity of smartphones and increasing ability of smartphones to perform almost every task that a computer can perform, smartphones have become most vulnerable to security attacks. Hence, there is an urgent need to improve the security of smartphones.