Iosif I. Androulidakis Mobile Phone Security and Forensics A Practical Approach Second Edition Mobile Phone Security and Forensics Iosif I. Androulidakis Mobile Phone Security and Forensics A Practical Approach Second Edition Iosif I. Androulidakis Pedini Ioannina Greece ISBN 978-3-319-29741-5 ISBN 978-3-319-29742-2 (eBook) DOI 10.1007/978-3-319-29742-2 Library of Congress Control Number: 2016931614 © Springer International Publishing Switzerland 2016 T his work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifi cally the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfi lms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. T he use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specifi c statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. T he publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG Switzerland To my parents Pref ace W elcome to the second edition of “Mobile Phone Security and Forensics.” The dominance of mobile phones has continued since the publication of the fi rst version of the book, in an ever-increasing rate. However, while we are enjoying the techno- logical advances that mobile phones offer, we are also facing new security risks coming as a cost of our increasing dependence on the benefi ts of wireless communications. The purpose of this book is the same as before: to raise user awareness in regard to security and privacy threats present in the use of mobile phones. It is focused on practical issues and easy to follow examples, skipping theoretical analysis of algo- rithms and standards. Most sections have been enriched with new material. The book is more geared toward the mobile devices themselves and not the underlying networks, so most of the contents are applicable irrespectively of the “generation” of the network (GSM, 3G, 4G, etc.) to GSM and UMTS alike. The goal is to achieve a balance, including both technical and nontechnical chapters. Amateurs as well as experienced users will benefi t from the overview of threats and the valuable practi- cal advice. They will also get to know various tricks affecting the security of their phone. More advanced users will appreciate the technical discussions and will pos- sibly try experimenting with the forensics and mobile phone control techniques presented in the respective chapters. Chapter 1 gives an introduction to confi dentiality, integrity, and availability threats in mobile telephones, providing the background for the rest of the book. In Chap. 2 , the results of a large-scale survey and some following ones are presented, placing the user as one of the weakest links in the security landscape. With eavesdropping being one of the most apparent threats, a specifi c interception technique is examined in Chap. 3 , while at the same time the ineffi ciencies of mobile phones’ graphical user interfaces are highlighted in regard to security. The chapter is further enriched since the previous edition with a discussion regarding software defi ned radio and other advances in mobile telephony communications interception. Chapter 4 is the more diverse themed chapter of the book covering device and network codes, commands to control the phone, and software and hardware tricks. Software and mobile applica- tions’ security are not extensively covered since they mostly fall in computer security vii viii Preface literature. Chapter 5 is devoted to security in SMS, as a leading service in mobile telephony. Moreover, there is an extended discussion for fi ghting unsolicited SMS messages (spam). Following, a chapter focusing on the procedures and techniques of forensics reminds us that mobile phones will sooner or later be criminals’ preferred target. Concluding the book, Chap. 7 synopsizes the previous chapters and provides a condensed list of practical security advices users should follow. Closing, I would like to thank my family for all the support and love, my profes- sors in Greece and Slovenia for their mentoring during my studies, and the security researchers all over the world I have met and collaborated with. They are all too many to be listed here but they know who they are! Last, but not least, I would like to thank my editor and all of the members of the Springer team that I collaborated with. With such a good collaboration writing, the second version of the book was a true pleasure. I hope you will enjoy reading it. Writing a book is a hard and long process but thanks to my editor’s guidance everything proceeded pleasantly and smoothly. Ioannina, Greece Iosif I. Androulidakis, Ph.D., Ph.D. October 2015 Contents 1 Introduction: Confidentiality, Integrity, and Availability Threats in Mobile Phones . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Confi dentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.4 Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.5 Manufacturers’ Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.6 Malicious Software and Other Issues . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2 A Multinational Survey on Users’ Practices, Perceptions, and Awareness Regarding Mobile Phone Security . . . . . . . . . . . . . . . . . 15 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.3.1 In General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.3.2 Demographics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.3.3 Economics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.3.4 Security-Specifi c Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.4 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3 Voice, SMS, and Identification Data Interception in GSM . . . . . . . . . . . 29 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.2 Practical Setup and Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3.3 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.4 Problem Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.4.1 In General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 ix
Description: