互联网智能设备中英文对照外文翻译文献

(文档含英文原文和中文翻译)

Mobile Malware and Smart Device Security:Trends, Challenges and Solutions

Abdullahi Arabo and Bernardi Pranggono

The Oxford Internet Institute (OII), Oxford University, Oxford, OX1 3JS, U.K.

School of Engineering and Built Environment, Glasgow Caledonian University, Glasgow, G4 0BA, U.K.

Abstract — This work is part of the research to study trends and challenges of cyber security to smart devices in smart homes. We have seen the development and demand for seamless interconnectivity of smart devices to provide various functionality and abilities to users. While these devices provide more features and functionality, they also introduce new risks and threats. Subsequently, current cyber security issues related to smart devices are discussed and analyzed. The paper begins with related background and motivation. We identified mobile malware as one of the main issue in the smart devices’ security. In the near future, mobile smart device users can expect to see a striking increase in malware and notable advancements in malware-related attacks, particularly on the Android platform as the user base has grown exponentially. We discuss and analyzed mobile malware in details and identified challenges and future trends in this area. Then we propose and discuss an integrated security solution for cyber security in smart devices to tackle the issue.

Index — Botnet, cyber security, mobile malware, security framework, smart device security

I. INTRODUCTION

The Internet is one of the most remarkable developments to have happened to mankind in the last 100 years. The development of ubiquitous computing makes things even more interesting as it has given us the possibility to utilise devices and technology in unusual ways. We have seen the development and demand for seamless interconnectivity of smart devices to provide various functionalities and abilities to users. But we also know the vulnerabilities that exist within this ecosystem. However, these vulnerabilities are normally considered for larger infrastructures and little attention has been paid to the cyber security threats from the usage and power of smart devices as a result of the Internet of Things (IoT) technologies. In the IoT vision, every physical object has a virtual component that can produce and consume services. Smart spaces are becoming interconnected with powerful smart devices (smartphones, tablets, etc.). On the other hand, we also have the backbone, the power grid that powers our nations. These two phenomena are coming at the same time. The increased usage of smart meters in our homes or businesses provides an avenue of connectivity as well as powerful home services or interconnected powerful smart devices. The example of the smart grid also provides the means of controlling and monitoring smart grid infrastructures via the use of portable smart devices.

The vulnerability of the connected home and developments within the energy industry’s new wireless smart grid are exposed to the wrong people; it will inevitably lead to lights out for everyone. This will eventually uncover the multitude of interconnected smart devices in the IoT as a hotbed for cyber-attacks or robot networks (botnets) and a security nightmare for smart space users and possibly for national infrastructures as a whole.

The latest research has reported that on average people own three internet-connected smart devices such as smartphones and tablets. Therefore, as a result of the ubiquity of smart devices, and their evolution as computing platforms, as well as the powerful processors embedded in smart devices, has made them suitable objects for inclusion in a botnet. Botnets of mobile devices (also known as mobile botnets) are a group of compromised smart devices that are remotely controlled by bot-masters via command-and-control (C&C) channels. Mobile botnets have different characteristics in several aspects as compared to PC-based botnets, such as their C&C channels medium.

PC-based botnets are seen as the most common platforms for security attacks, and mobile botnets are seen as less of a threat in comparison to their counterparts. This is so for different reasons, such as limited battery power, resource issues, and Internet access constraints, etc. Therefore, the efforts directed to both the manifestation of operating mobile botnets and corresponding research and development endeavours are not as wide as for PC-based botnets. However, this development could change with the recent surge in popularity and use of smart devices. Smart devices are now widely used by billions of users due to their enhanced computing ability, practicality and efficient Internet access, thanks to advancement in solid-state technologies.

Moreover, smart devices typically contain a large amount of sensitive personal and corporate data and are often used in online payments and other sensitive transactions. The wide spread use of open-source smart device platforms such as Android and third-party applications made available to the public also provides more opportunities and attractions for malware creators. Therefore, for now and the near future smart devices will become one of the most lucrative targets for cybercriminals.

The main focus of this paper is threefold: firstly to highlight the possible threats and vulnerability of smart devices, secondly to analyse the challenges involved in detecting mobile malware in smart devices and finally to propose a general security solution that will facilitate solving or addressing such threats. The rest of the paper is organized as follows. In section II we provide a detailed analysis of the security threats on smart devices and their links with cyber security. We have identified mobile malware as one of the main issues and we discuss it in more detail in Section III. Section IV provides our proposed security solution that will be able to deter the problems of mobile malware. The paper is concluded in section V.

II. SECURITY THREATS ON SMART DEVICES

The weakest link in any IT security chain is the user. The human factor is the most challenging aspect of mobile device security. Home users generally assume that everything will work just as it should, relying on a device’s default settings without referring to complex technical manuals. Therefore service content providers and hardware vendors need to be aware of their responsibilities in maintaining network security and content management on the devices they provide. Service providers might also have the opportunity to provide add-on security services to complement the weaknesses of the devices.

The issue of cyber security is much closer to the home environment than has been usually understood; hence, the problem of cyber security extends beyond computers it is also a threat to portable devices. Many electronic devices used at home are practically as powerful as a computer - from mobile phones, video consoles, game consoles and car navigation systems. While these devices are portable, provide more features and functionality, they also introduce new risks.

These devices previously considered as secure can be an easy target for assailants. The information stored and managed within such devices and home networks forms part of an individual’s Critical Information Infrastructure (CII) [2] as identified by the POSTnote on cyber security in the UK. For example, an attacker may be able to compromise a smart device with a virus, to access the data on the device. Not only do these activities have implications for personal information, but they could also have serious consequences if corporate information were also stored on the smart device.

The use of mobile devices in healthcare is also more common these days, such as in mobile-health. A typical example is having a health device connected to the home network, which is capable of transmitting data wirelessly to hospitals and other relevant parties. Most of the manufacturers of these devices do not put much effort in trying to make sure that the devices are secure. If these devices are compromised not only will the information and privacy of the user of the device be compromised, but the attacker can even change the settings of the devices, which could lead to harmful consequences. It has been shown that it is possible to hack into a pacemaker and read the details of data stored in the device such as names and medical data without having direct access to the devices simply by standing nearby [3].

Therefore, it is also possible to reconfigure the parameters of the device. This is not only applicable to medical devices, but also to any devices that are used within the home network for any purpose.

According to the Juniper Networks report [4], 76 percent of mobile users depend on their mobile devices to access their most sensitive personal information, such as online banking or personal medical information. This trend is even more noticeable with those who also use their personal mobile devices for business purposes. Nearly nine in ten (89 percent) business users report that they use their mobile device to access sensitive work-related information.

Another more worrying impact is when cybercriminals use the vast resources of the network to turn it into a botnet and launch a cyber-attack on national critical infrastructures. There are some Android applications that when downloaded from a third party market (not the Android market) are capable of accessing the root functionality of devices (“rooted”) and turning them into botnet soldiers without the user’s explicit consent.

People could easily and unwittingly download malware to their smart devices or fall prey to “man-in-the-middle” attacks where cyber-criminals pose as a legitimate body, intercept and harvest sensitive information for malicious use. In 2011, there was a mix of Android applications removed from the Android Market because they contained malware. There were over 50 infected applications - these applications were copies of “legitimate” applications from legitimate publishers that were modified to include two root exploits and a rogue application downloader .

The Juniper Networks Mobile Threat Centre (MTC) reported that in 2011 there was an unparalleled increase in mobile malware attacks, with a 155 percent increase from the previous year across all platforms [5]. It is also reported that Android malware experienced an increase of 3,325 percent in 2011. Notable in these findings is a significant number of malware samples obtained from third-party applications which do not enjoy the benefit or protection Google Play Store scanning techniques. Previously, an Android developer could post an application to the official Android Market and have it available immediately, without inspection or vetting to block pirated or malicious applications.

This increase in malware is mainly due to the combination of Google Android’s dominant market share in smartphone (68.8 percent in 2012) and the lack of security control over the applications appearing in the various Android application markets. It was reported recently that Google Play store, which has more than 700,000 apps just passed 15 billion downloads. Security firm Fortinet estimated that money-stealing malware has increased exponentially in 2006-2011 as shown in Figure 1. Based on an estimation by Kaspersky Lab, cybercriminals who target smart devices like smartphones earn from $1,000 to $5,000 per day per person. Mobile phone hacking is also getting more attractive with the rise of the Near-Field Communication technology (NFC), which expands the use of smart devices as e-wallet or helps people to read product information.

In December 2011 alone, Kaspersky Lab discovered more than 1,000 new Trojans targeting smartphones. That is more than all the smartphone viruses spotted during 2003-2010. This trend is continuing; in 2012, the number of cyber-attacks targeting mobile devices increased exponentially during the first quarter, as reported by security firm Trend Micro [6].

Their report identified approximately 5,000 new malicious Android applications in just the first three months of the year, mainly due to the increase of the Android user base. The research also pointed out a marked escalation in the number of active advanced persistent threat (APT) campaigns currently being mounted against companies and governments. APT is a cyber-attack launched by a group of sophisticated, determined, and coordinated attackers who systematically compromise the network of a specific target or entity for a prolonged period. Security researchers see APT in different ways, while some researchers regard APT as different type of attack; others just categorize it as a more organized botnet with more resources behind it.

Malware developments that targets smart home devices have several known monetization factors. Most malwares are aimed at mobile pick pocketing (short message service (SMS) or call fraud) or the ability to charge premium bills via SMS or calls, as illustrated in Figure 2. Some malware are used as part of botnet creations. Malwares like DreamDroid (or DroidDream) [7] have integrated thousands of mobile devices into extensive botnets. Some of the malwares are developed to exploit vulnerabilities on either the operating systems (OS), installed applications, or just to create trouble to user information.

Home devices and general consumer electronics are progressively becoming more advanced and are capable of connecting with other devices over a network. While it may sound unreal, devices such as TVs, digital picture frames, smart meters and e-readers are quite vulnerable and absolutely capable of causing problems on your network. The next few years will provide opportunities for various types of malware developers to explore unlikely methods of achieving their goals. Smartphones are not invulnerable and Macs can get malware, such as the CVE-2012-0507 vulnerability [8].

Luigi Auriemma in [9] has uncovered a vulnerability in a Samsung D6000 high definition (HD) TV that caused it to get stuck in an endless loop of restarts. Auriemma's report followed another denial-of-service (DoS) vulnerability in Sony Bravia TVs uncovered by Gabriel Menezes Nunes [10] which stops users from changing the volume, channels or access any functions.

In the 2012 first quarterly report from Trend Micro [11], it was pointed out that the large diffusion of mobile devices and the increase in awareness of the principal cyber threats have resulted in an increase in the interest of cybercrime in the mobile sector. Another significant interest is concentrated on the threat in terms of the rapid spread of botnets based on mobile devices, favored by the total almost absence of protection and the difficulty of tracing the agents composing the network. If these exploits are targeted by well-established hacker groups such as Anonymous, it will pose a bigger threat to organizations and smart environments that protect highly sensitive data, targeting companies and individuals for various political and financial reasons.

III. MOBILE MALWARE

One of the major and most common problems in today’s Internet is malware. Among these malware, Botnets are considered as the biggest challenge. Botnets are used to send email spam, carry out distributed denial of services (DDoS) attacks, and for hosting phishing and malware sites. Botnets are slowly moving towards smart devices since those devices are now basically everywhere, powerful enough to run a bot and offer additional gains for a bot-master such as financial gains as discussed earlier. With PC-based botnets, cybercriminals often use zombies within botnets to launch DDoS attacks. Even though there have been no major mobile DDoS incidents, with current trends we can expect to see this in the near future.

Botnets are maintained by malicious actors commonly referred to as “bot-masters” that can access and manage the botnet remotely or via bot proxy servers as illustrated in Error! Reference source not found.. The bots are then programmed and instructed by the bot-master to perform a variety of cyber-attacks, including attacks involving the further distribution and installation of malware on other information systems.

In PC-based botnets, botnet master controllers typically use http requests with normal port 80 to transmit and receive their messages. In mobile-based botnets, the bot-master also uses similar http techniques to distribute their commands but also exploits SMS, Bluetooth, etc. The bot-master exploits operating system and configuration vulnerabilities to compromise smart devices and to install the bot software.

The first mobile malware, known as Cabir, was discovered in 2004 and was also known as the first mobile worm. The first mobile botnet was discovered around July 2009, when a security researcher found SymbOS.Yxes or SymbOS.Exy.C (aka Sexy Space) [12] targeting Symbian devices and using simple HTTP-based Command-and-Control (C&C).

Later the same year, a security researcher discovered Ikee.B [13], which targets jailbroken iPhones using a similar mechanism to SymbOS.Yxes. Geinimi, which is considered to be the first Android botnet, was discovered in China in December 2010. Geinimi also implements similar HTTP-based C&C with the added feature of encrypted communications. Geinimi steals the device’s international mobile equipment identity (IMEI), international mobile subscriber identity (IMSI), GPS coordinate, SMS, contact list, etc. and forwards it to the bot-master.

Although advanced mobile botnets have not been observed in the main population of smartphones, we believe it is just a matter of time. As shown in [14], mobile botnets are obviously serious threats for both end users and cellular networks. Threats imposed by botnets will continue to increase. As more people use smart devices, it is essential to analyze and explore the mechanisms of mobile botnets and develop security solutions in regard to smart devices.

The use of C&C for a mobile botnet stipulates additional challenges that differentiate it from well-known PC-based botnets. Some of these main challenges include, among others: computational power, seamless connectivity, inter-connectivity with other secure platforms networks, portability and amount of stored sensitive data, and computational power. PC-based botnets also use an IRC-channel as the main C&C communication channel.

The impact of SMS-based C&C, IP-based C&C, and Bluetooth-based C&C has been addressed in detail in [15], while P2P-based C&C mobile botnets are analyzed and discussed in [16].

As a result of the abilities of smart devices in terms of placing i.e. calls, use of SMS and MMS amongst others, the burdens for mobile botnets are very interesting and challenging as it opens the door for easy financial gain for a bot-master. Additionally, since mobile phones interact with operators and other networks, attacks against the critical infrastructure are also possible.

Hence, it is possible to launch sophisticated cyber-attacks on the mobile phone network that will be very hard to prevent.

Detecting and preventing malware is not a trivial task as malware developers adopt and invent new strategies to infiltrate mobile devices. Malware developers employ advanced techniques such as obfuscation and encryption to camouflage the signs of malware and thereby undermine anti-malware software.

Some of the main reasons why mobile malware are an attractive point for viruses and malware developers are:

1. The ubiquity of smart devices such as smartphones in general.

2. The increasing computational powers of smart devices. Whose they are becoming virtually as powerful as desktop systems.

3. The lack of awareness of the threats and the risk attached to smart devices from the end-user’s perspective.

4. The growing uses of jailbreak/rooted devices both on iOS and Android devices.

5. Each smart device really is an expression of the owner. It provides a means to track the user’s activity, hence serves as a single gateway to our digital identity and activities.

6. Most of the widely used smart devices operate on an open platform such as Android, which encourages developers and download of applications from both trusted applications markets and third party markets.

IV. POTENTIAL SECURITY SOLUTIONS

Considering the above threats and challenges, a new security solution is essential for cyber security for smart devices in smart homes. More specifically, several key research tasks are required: 1) investigate new secure system architecture for smart devices in smart homes; 2) re-evaluate and enhance security system architecture for smart devices in smart homes.

Android OS has four layers: Linux kernel, libraries (+Android runtime), application solution and applications layers (see Figure 4). So, basically Android runtime is a kind of “glue” between the Linux kernel and the applications.

Figure 4. Android OS layers

The main security features common to Android involve process and file system isolation; application or code signing; ROM, firmware, and factory restore; and kill switches.

However, the main security issue with Android OS is it relies heavily to the end-user to decide whether an application is safe or not. Even though Google’s just adding one piece of the security layer by scanning an applications in the Google Play, the end users still needs to analyze and make the final decision themselves whether to continue with the installation or not. Until now, the end-users cannot rely on the operating system to protect themselves from malware.

As part of Google’s marketing strategy to gain market share as big as possible by offering applications as many as possible, the Android application publishing process makes it easy for developers to develop Android applications, but also provides too much space for malicious application creators.

Malicious applications have successfully infected Android market before, one example being a malware application called droid09 which allowed users to carry out banking transactions. The application needs the user to provide the bank’s details and tricks the user by masquerading a legitimate login of a bank website (phishing).

Malware applications have become more sophisticated these days; they find new ways and techniques to enter the system by exploiting software vulnerabilities or by just tricking the users.

End-user: It is always essential for the end-user to be aware of the security measures of their mobile device. End-users should be aware of at least the following measures:

• Install anti-virus and anti-malware solutions to protect the device against malware and viruses. Also ensure to turn on the automatic update. It is been shown that installing anti-virus and anti-malware is very effective to protect mobile devices from malicious applications [5, 6, 17].

• Install a personal firewall to protect mobile device interfaces from direct attack and illegal access. The effectiveness of mobile firewalls to increase a mobile device’s security is shown in [18].

• Install only applications from trusted sources that have legitimate contact information and a website. As the current Android Market (Google Play) does not adopt a certification process for applications, it is up to the end-user to make sure he/she only installs trusted applications from trusted developers.

• Install only applications from the official and original developer (for example, if you are installing Instagram applications, make sure you download it from Instagram Inc.).

• Check the permissions carefully when the application is prompting you during the installation phase. For example, when you install a wallpaper application, do you think it really needs full Internet access?

• Ensure your OS and software's always up-to-date with the latest versions and security patches need to be installed.

• Install remote locate, track, lock, wipe, backup and restore software to retrieve, protect or restore a lost or stolen mobile device and the personal data on the device.

• Only install applications that have a high number of downloads and positive reviews.

• Never view sensitive data over public wireless networks which have no passwords or encryption.

• Should be alert to anomaly behaviours and activities in their devices.

• Should be careful when clicking links on social network sites. Malicious links on social networks can be a very effective method to spread malware. Participants tend to trust such networks and are thus willing to click on links

that are on “friends’” social networking sites.

Mobile Network Operators (MNOs): MNO also has responsibility to create a more secure environment for their customers. MNOs need to install anti-virus and anti-malware software to scan outgoing and incoming SMS and MMS to the mobile network, as many malwares use SMS/MMS to propagate and contact the bot-master. MNO should also build a global partnership with related agencies such as other MNOs to prevent mobile malware propagation by exchanging information, knowledge, database and expertise.

Apps Developers: Developers also need to take care of the security measures implemented in their application. They should ensure that private data is not being sent via an unencrypted channel; the data must be sent through HTTPS or TLS networks.

Developers should minimize the use of built-in permissions in their applications, for example do not ask for full Internet access permission, INTERNET, unless it is essential for your applications to work properly. Android has about 100 built-in permissions that control operations such as dialing the phone (CALL_PHONE), sending shot message (SEND_SMS), etc.

In Android, there are three main “ security protection levels” for permission labels: a “normal” permission is granted to any application that requests it; a “dangerous” permission is only granted after user approval at install-time; and a “signature” permission is only granted to applications signed by the same developer key as the application defining the permission label.

This “signature” protection level is integral in ensuring that third-party applications do not gain access affecting the Android’s trusted computing base (TCB)’s integrity.

Furthermore, applications developers need only collect data which is essential and required for the application otherwise it will be tampered by the attackers. This is also useful to minimize repackaging attacks. Repackaging attacks are a very common approach, in which a malware developer downloads a legitimate application, modifies it to include malicious code and then republishes it to an application market or download site.

It is shown that the repackaging technique is highly effective mainly because it is often difficult for end-users to tell the difference between a legitimate application and its malicious repackaged form. In fact, repackaging was the most prevalent type of social engineering attack used by Android malwaredevelopers in the first two quarters of 2011 [17]. One of the characteristics of Android malware is typically it is specifically developed for a speci fic group of users. It is very unlikely for an Android user from Russia to be infected by Chinese malware for example. Android malware is typically created by cybercriminals with users in specific countries as their target, which is usually their own compatriot. Market Store: The store needs to vet and rigorously screen new mobile applications before they can be put in the market. Google (Google Play) recently made a significant improvement in their security by screening new applications before they were put in the market. Applications store providers also should consider certification for each application before it can be published in the marketplace. The effectiveness of such certification process is shown in [19]. Applications should be rigorously reviewed to ensure that applications are safe from malicious codes, reliable, perform as expected, and are also free of explicit and offensive material.

V. CONCLUSION

The paper discussed a development of security solution to handle the challenges of cyber security to smart devices in smart homes. The IoT technologies may be able to extend anywhere computing to almost anything, but there are fundamental security issues that need to be properly addressed. In the near future, mobile smart device users can expect to see a striking increase in malware and notable advancements in malware-related attacks, particularly on the Android platform as the user base has grown exponentially. Today’s users utilize their mobile smart devices for everything from accessing emails to sensitive transactions such as online banking and payments. As users become more dependent on their mobile devices as digital wallets, this creates a very lucrative target for cybercriminals. Mobile smart device users can expect to see a significant malware increase on finance related applications, such as mobile Internet banking. Detecting and preventing malware in mobile device need comprehensive and multi-level approaches. This work is part of ongoing research to design and implement a security model for smart devices in the smart home environment. For the future work we plan to implement and assess the security solution proposed in the test-bed environment which includes a honeynet for mobile malware.

移动恶意软件和智能设备安全：趋势、挑战和解决方案

牛津互联网研究所（OII），牛津大学，牛津，英国3js，英国

摘要：这项工作是研究智能设备在智能家庭网络安全的研究趋势和挑战的一部分。我们已经看到，智能设备为用户提供各种功能和能力的无缝互联的发展需求。虽然这些设备提供更多的功能和功能，他们还引入新的风险和威胁。随后，目前的网络安全问题相关的智能设备进行了讨论和分析。本文首先从相关的背景和动机。我们确定了移动恶意软件的主要问题之一，在智能设备的安全。在不久的将来，移动智能设备的用户可以期待看到一个惊人的增加，恶意软件和显着的进步，在恶意软件相关的攻击，特别是在安卓平台作为用户基础已成倍增长。我们讨论和分析移动恶意软件的细节和确定的挑战和未来的趋势，在这方面。然后，我们提出并讨论了一个集成的安全解决方案，在智能设备的网络安全解决问题。

关键词：僵尸网络，网络安全，移动恶意软件，安全框架，智能设备安全

一、引言

在过去的100年里，互联网是人类发生的最显著的发展之一。普适计算的发展使得事情变得更加有趣，因为它给我们提供了利用设备和技术以不寻常的方式的可能性。我们已经看到，为智能设备提供的各种功能和能力给用户无缝互联的发展需求。但我们也知道在这个生态系统中存在的漏洞。然而，这些漏洞通常被认为是较大的基础设施和小的关注已经支付给网络安全的威胁，从使用和智能设备的力量，因为物联网（物联网）技术的结果。在物联网中，每一个实体对象都有一个可以生成和消费服务的虚拟组件。智能空间与强大的智能设备（智能手机、平板电脑等）变得越来越大。另一方面，我们也有脊椎，权力的力量，我们的国家。这2种现象同时出现。智能电表在我们的家庭或企业的增加使用提供了一个连接的途径，以及强大的家庭服务或互联功能强大的智能设备。智能电网的例子也提供了控制和监控智能电网基础设施，通过使用便携式智能设备的装置。

在能源行业的新的无线智能电网连接的家庭和发展的脆弱性暴露于错误的人，这将不可避免地导致了灯，为每个人。这将最终揭开互联智能设备在物联网众多温床的网络攻击或机器人网络（僵尸网络）和智能空间的用户的安全噩梦，可能是国家的基础设施作为一个整体。

最新的研究报告称，平均有三个互联网连接的智能设备，如智能手机和平板电脑[1]。因此，由于智能设备的普及，及其演变为计算平台，以及嵌入式智能设备的功能强大的处理器，使他们在一个僵尸网络包含适用对象。移动设备的僵尸网络（又称移动僵尸网络）是一组妥协，被僵尸大师通过命令和控制远程控制的智能设备（C & C）通道。移动僵尸网络已经在一些方面不同的特性相比，基于PC的僵尸网络，如C和C通道中。

基于PC的僵尸网络被视为安全攻击最常见的平台，和移动僵尸网络被视为他们的同行相比，少了一个威胁。这是因为不同的原因，如电池电力，资源有限的问题，和互联网接入的限制，因此，努力向都体现操作移动僵尸网络和相应的研究和开发工作不是基于PC的僵尸一样宽。然而，这种发展可能会改变最近的激增，普及和使用的智能设备。智能设备是目前广泛使用的数十亿的用户，由于其增强的计算能力，实用性和有效的互联网接入，由于固态技术的进步。

此外，智能设备通常包含大量的敏感的个人和企业数据，并经常使用在在线支付和其他敏感的交易。广泛使用的开源智能设备平台，如安卓和第三方应用程序提供给公众也提供了更多的机会和吸引力的恶意软件的创造者。因此，现在和未来的智能设备将成为网络罪犯最有利可图的目标。

二：智能设备的安全威胁

任何信息安全链中最薄弱的环节就是用户。人的因素是最具挑战性的移动设备的安全性。家庭用户一般认为，一切都将工作，正如它应该，依靠一个设备的默认设置，而不涉及复杂的技术手册。因此，服务内容供应商和硬件供应商需要知道他们的责任，在维护网络安全和他们所提供的设备的内容管理。服务供应商可能也有机会提供附加的安全服务，以补充设备的弱点。

网络安全的问题是非常接近的家庭环境，而不是通常被理解；因此，网络安全问题的问题超出了计算机，它也是一个威胁到便携式设备。在家中使用的许多电子设备实际上是强大的，作为一台计算机-从移动电话，视频游戏机，游戏机和汽车导航系统。虽然这些设备是便携式的，提供更多的功能和功能，他们还引入新的风险。

这些设备以前被视为安全可以为攻击者的一个容易的目标。信息存储和管理在这样的设备和家庭网络的关键信息基础设施的组成部分（CII）[2]通过对英国网络安全的postnote鉴定。例如，攻击者可能会妥协的智能设备与病毒，访问设备上的数据。这些活动不仅对个人信息有一定的影响，而且在智能设备上还存储了企业信息也会带来严重的后果。

在医疗保健的移动设备的使用也越来越常见的这些天，如在移动健康。典型的例子是有一个连接到家庭网络的健康设备，这是能够无线传输数据的医院和其他相关方。大多数生产这些设备的制造商并没有尽最大努力，以确保设备是安全的。如果这些设备被泄露，不仅会损害设备的用户的信息和隐私，但攻击者甚至可以改变设备的设置，这可能会导致有害的后果。它已被证明，它是可能的侵入心脏起搏器和读的数据存储在设备，如姓名和医疗数据，而不直接通过站在附近[3]的设备直接访问的数据的细节。

因此，它也可以重新配置该设备的参数。这不仅适用于医疗设备，也适用于任何用于任何目的的家庭网络中的设备。

据Juniper报告[4]，百分之76移动用户依赖于他们的移动设备访问他们最敏感的个人信息，如网上银行或个人医疗信息。这种趋势更为明显，那些还使用个人移动设备的商业用途。近十的九（百分之89）企业用户报告说，他们使用他们的移动设备访问敏感的工作相关的信息。

另一个令人担忧的影响是当犯罪分子利用网络的巨大资源，把它变成一个僵尸网络发起对国家关键基础设施的网络攻击。有一些安卓应用程序，当从三分之一方市场下载（不安卓市场）是能够访问设备的根功能（“根”），并把他们变成僵尸网络的士兵没有用户的明确同意。

人们可以很容易地和无意中下载恶意软件到他们的智能设备或落入“人在中间”的攻击，网络罪犯构成合法的身体，拦截和收获的恶意使用敏感信息。在2011，有一个混合的安卓应用程序从安卓市场上删除，因为它们包含恶意软件。有超过50的受感染的应用程序-这些应用程序是“合法的出版商进行了修改，包括两根漏洞和恶意应用程序下载合法的“应用程序的副本。

瞻博网络的移动威胁中心（MTC）报道，2011有移动恶意软件攻击的空前的增长，从跨平台[5]前一年增加百分之155。也有报道称，安卓恶意软件在2011的增长了百分之3325。在这些研究结果是一个显着的恶意软件样本，从第三方应用程序获得的恶意软件样本，不享受谷歌游戏商店的利益或保护。此前，Android开发者可以发布一个应用到官方的Android市场有立即可用，未经检验或审查阻止盗版或恶意应用程序。

这种增加的恶意软件主要是由于谷歌安卓的占主导地位的市场份额在智能手机（百分之68.8，2012）和缺乏安全控制的应用程序出现在不同的安卓应用市场。近日有报道称，谷歌游戏商店，其中有超过700000个应用程序刚刚通过了150亿次下载。安全公司Fortinet公司估计，钱窃取恶意软件已在实际成果如图1所示的成倍增加。根据卡巴斯基实验室估计，网络犯罪分子谁目标智能智能手机收入从1000美元到5000美元每人每天。手机黑客也越来与近场通信技术（NFC）的兴起更具吸引力，从而拓展智能设备作为电子钱包的使用或帮助人们阅读产品信息。

仅在十二月2011时，就发现了1000多个新的木马瞄准智能手机。这是比所有智能手机病毒发现2003-2010年。这一趋势正在持续；2012，针对移动设备的网络攻击的数量在第一季度呈指数上升，如安全公司趋势微[6]。

他们的报告确定了大约5000个新的恶意应用程序在短短的三个月内，主要是由于增加了安卓的用户基础。该研究还指出，目前正被安装在对公司和政府的积极的持续威胁（倾向）活动的数量明显增加。易是由一组复杂的，确定的，和协调的攻击者谁系统地妥协网络的一个特定的目标或实体为一个长期的网络攻击。安全研究人员认为，在不同的方式，而一些研究人员认为倾向于不同类型的攻击，其他人只是把它归类为一个更有组织的僵尸网络背后有更多的资源。

目标智能家庭设备的恶意软件的发展有几个已知的货币化因素。大多数恶意软件都是针对手机扒窃（短消息服务（SMS）或电话诈骗）或能力收取保费账单通过短信或电话，如图2所示。一些恶意软件被用作僵尸网络创作的一部分。恶意软件（或像dreamdroid DroidDream）[7]集成了成千上万的移动设备进行大规模的僵尸网络。一些恶意软件的开发利用在操作系统（OS）的漏洞，安装的应用程序，或者只是制造麻烦的用户信息。

家庭设备和一般消费类电子产品正逐步变得更加先进，并能够与其他设备连接在网络上。虽然这听起来不真实，设备如电视、数码相框、智能仪表和电子阅读器是很脆弱的，绝对能够在你的网络造成的问题。未来几年将提供各种类型的恶意软件开发者的机会，探索实现他们的目标不可能的方法。智能手机并非无懈可击，Mac可以让恶意软件，如cve-2012-0507脆弱性[8]。

路易吉奥列马在[9]发现在三星d6000高清（HD）电视的一个漏洞，使其陷入无限循环的重新启动。奥列马的报道之后，另一个拒绝服务（DoS）在索尼Bravia电视的加布里埃尔以外，努涅斯[10]阻止用户更改音量发现漏洞，通道或访问任何功能。

在2012个第一季度报告从趋势微[11]，有人指出，移动设备的大规模扩散和增加的主要网络威胁的认识，导致在移动领域的网络犯罪的利益的增加。另一个明显的兴趣集中在威胁在基于移动设备的僵尸网络的迅速传播，受到总几乎没有保护和追踪剂组成的网络的难度。如果这些攻击是有针对性的完善的黑客团体，如匿名，它将构成更大的威胁，组织和智能环境，保护高度敏感的数据，针对企业和个人的各种政治和金融原因。

在今天的互联网的主要和最常见的问题之一是恶意软件。在这些恶意软件，僵尸网络被认为是最大的挑战。僵尸网络被用来发送垃圾邮件，进行分布式拒绝服务（DDoS）攻击，和托管网络钓鱼和恶意软件的网站。僵尸网络正在慢慢走向智能设备由于这些设备现在基本上到处都是，强大到足以运行机器人和机器人大师如财务收益，如前面所讨论的提供额外的收益。与基于PC的僵尸网络，网络犯罪分子经常使用的僵尸在僵尸网络发动DDoS攻击。尽管没有大移动DDoS攻击事件，与当前的趋势，我们可以期待在不久的将来看到这。

僵尸网络是由恶意的行为，通常被称为“僵尸大师”，可以访问和管理僵尸网络远程或通过BOT的代理服务器作为说明的错误！未找到引用源。机器人进行编程和僵尸主的指示执行各种网络攻击，包括涉及进一步的分布与其他信息系统的恶意软件的攻击。

在基于PC的僵尸，僵尸网络的主控制器通常使用HTTP请求与正常的80端口来发送和接收消息。在基于移动僵尸网络，僵尸主也采用类似HTTP技术来发布他们的命令还利用短信、蓝牙、等主机器人利用操作系统和配置漏洞危及智能设备和安装工具。

第一移动恶意软件，被称为Cabir病毒，被发现在2004，也被称为第一个移动蠕虫。第一个手机僵尸网络被发现在2009七月，当一名安全研究人员发现symbos。Yxes或symbos。C（又名性感空间）[12]针对Symbian设备和基于命令和控制简单的HTTP（C&C）。

同年晚些时候，一名安全研究人员发现了中国。B [13]，以破解的iPhone使用类似的机制来symbos.yxes。geinimi，这被认为是第一款Android僵尸网络，是在十二月2010在中国发现。geinimi也实现了类似的基于HTTP的C和C的加密通信的新增功能。geinimi偷设备的国际移动设备识别码（IMEI）、国际移动用户识别码（IMSI）、GPS坐标、短信、联系人列表等，并将它转发给主机器人。

虽然先进的移动僵尸网络，没有智能手机的主要群体的观察，我们相信这只是时间的问题。移动僵尸网络显然是严重威胁的最终用户和蜂窝网络。由僵尸网络威胁不断增加。随着越来越多的人使用智能设备，它是分析和探索移动僵尸网络的机制，对于智能设备开发安全解决方案。

一种移动僵尸网络C&C的使用规定的额外的挑战，区别于著名的基于PC的僵尸网络。其中一些主要的挑战包括，其中包括：计算能力，无缝连接，与其他安全的平台网络，便携性和存储敏感数据的数量，以及计算能力的相互连接。基于PC的僵尸网络也使用IRC频道为主要与C的沟通渠道。

基于SMS的C和C的影响，基于IP的C和C，和基于蓝牙的C&C已经解决了[15]，而基于P2P的C&C移动僵尸网络进行了分析和讨论[16]。

在放置即调用结果的智能设备的能力，使用短信和彩信等，移动僵尸网络的负担是非常有趣和具有挑战性的因为它打开一个BOT掌握简单的财务收益的门。此外，由于移动电话与运营商和其他网络互动，对关键基础设施的攻击也是可能的。

因此，有可能推出复杂的网络攻击的移动电话网络，将非常难以防止。

检测和防止恶意软件是不是一个简单的任务，作为恶意软件开发人员采用和发明新的策略，以渗透移动设备。恶意软件开发者使用如混淆和加密伪装的恶意软件的迹象，技术先进，从而破坏反病毒软件。

一些移动恶意软件是一个有吸引力的点对病毒和恶意软件开发者的主要原因是：

1。智能设备如智能手机一般无处不在。

2、智能设备的计算能力的提高。他们正在成为几乎一样强大的桌面系统。

3，缺乏对智能设备的威胁和风险，从最终用户的角度看。

4。越狱利用增长/根设备是在iOS和Android设备。

5、每一个智能设备确实是一个表达式的所有者。它提供了一种方法来跟踪用户的活动，因此作为一个单一的网关，我们的数字身份和活动。

6，广泛使用的智能设备操作在一个开放的平台，如安卓，它鼓励开发者和下载的应用程序从两个可信应用程序市场和第三方市场。

考虑到上述的威胁和挑战，一个新的安全解决方案是必不可少的智能设备在智能家庭网络安全。更具体地说，几个关键的研究任务是必需的：1）探讨新的安全体系架构的智能设备在智能家庭；2）重新评估和提高智能设备在智能家庭的安全体系架构。

安卓系统有四层：内核、库（安卓运行库）、应用解决方案和应用层（参见图4）。所以，基本上安卓运行时是一种“胶水”的内核和应用程序。

安卓系统的主要安全功能包括进程和文件系统的隔离；应用程序或代码签名；只读存储器、固件和工厂恢复；以及杀死开关。

然而，与安卓系统的主要安全问题是它严重依赖于最终用户来决定应用程序是否安全。即使谷歌只是在谷歌游戏中添加了一个应用程序的安全层，最终用户还是需要分析并做出最终决定自己是否继续安装与否。到现在为止，最终用户不能依靠操作系统来保护自己免受恶意软件的保护。

作为谷歌营销策略的一部分，以尽可能大的市场占有率尽可能大的应用提供应用程序，安卓应用发布程序使得开发者很容易开发出安卓应用程序，而且还为恶意应用程序的开发者提供了太多的空间。

恶意应用程序已经成功的被感染的Android市场前，例如恶意软件的应用程序称为droid09允许用户进行银行交易。应用程序需要用户提供银行的细节和技巧，用户通过伪装成合法登录银行网站（钓鱼）。

恶意软件的应用程序变得更加复杂，这些天；他们发现利用软件漏洞或者只是欺骗用户进入系统的新技术和方法。

我们提出了一个多层次的综合安全解决方案的移动智能设备如图5所示。

终端用户：对于终端用户来说，要知道他们的移动设备的安全措施是至关重要的。最终用户应注意以下几点措施：

安装反病毒和反恶意软件解决方案，以保护设备免受恶意软件和病毒。还确保打开自动更新。它已被证明，安装反病毒和反恶意软件是非常有效的，以保护移动设备免受恶意应用程序[ 5，6，17 ]。

安装个人防火墙以保护移动设备接口免受直接攻击和非法访问。移动防火墙的有效性，以增加移动设备的安全性在[18]。

安装有合法联系信息和网站的可信来源的应用程序。由于目前安卓市场（谷歌游戏）不采用认证程序的应用程序，它是由最终用户，以确保他/她只安装可信的应用程序从可信的开发者。

在安装过程中，应用程序正在提示您时，请仔细检查权限。例如，当您安装了一个壁纸应用程序，您觉得它真的需要充分的互联网接入吗？

确保您的操作系统和软件的始终是最新的最新版本和安全补丁需要安装。

安装远程定位、跟踪、锁定、擦除、备份和恢复软件来检索、保护或恢复丢失或被盗的移动设备和设备上的个人数据。

只安装有大量下载和正面评论的应用程序。

在没有密码或加密的公共无线网络上，从来没有查看敏感数据。

在他们的设备中应注意异常行为和活动。

在社交网站上点击链接时应该小心。社交网络上的恶意链接可以是一种非常有效的传播恶意软件的方法。与会者倾向于信任这样的网络，从而愿意点击链接

“朋友”社交网站。

移动网络运营商（MNO）：MnO也有责任去创造一个更安全的环境，为他们的客户。移动运营商需要安装防病毒和反恶意软件扫描收发短信和彩信的移动网络，许多恶意软件使用短信/彩信传播和接触僵尸主。MnO也要建立全球伙伴关系与相关机构如其他MNO通过交换信息，防止手机恶意软件的传播知识，数据库和专业知识。

应用程序开发人员：开发人员还需要注意在应用程序中实现的安全措施。他们应该确保私人数据不通过加密通道发送；数据必须通过HTTPS或TLS网络。

开发者应该尽量减少使用内置的权限在他们的应用程序，例如不要求充分的互联网接入许可，互联网，除非它是必不可少的，你的应用程序工作正常。Android 100内置权限控制操作，如拨打电话（call_phone），发送短消息（send_sms），等。

在安卓，有三个主要的“安全保护级别”的许可标签：一个“正常”的许可被授予任何应用程序的要求，“危险”的权限只授予用户批准后，在安装时间，和“签名”的许可只授予应用程序签署的应用程序定义的权限标签的应用程序。

在确保不影响第三方应用程序访问Android的可信计算基本的“签名”保护水平积分（TCB）的完整性。

此外，应用程序开发人员只需要收集数据，这是必不可少的，并为应用程序的应用程序，否则将被攻击者篡改。这也是减少包装攻击有用。重新包装的攻击是很常见的方法，其中一个恶意软件开发者下载一个合法的应用程序，修改它包含恶意代码，然后将其重新发布到应用市场下载网站。

结果表明，包装技术是非常有效的主要是因为它往往是客户告诉一个合法的应用程序和恶意的包装形式之间的差异很难。事实上，包装是社会工程攻击使用Android的malwaredevelopers在2011 [17]的前两个季度的最普遍的类型。一个Android恶意软件的特征通常是专为一个具体的用户组。这是非常不可能的安卓用户从俄罗斯被感染的中国恶意软件例如。Android恶意软件通常是通过与特定国家的用户网络罪犯创建为目标，这通常是他们自己的同胞。市场商店：商店需要兽医和严格筛选新的移动应用程序之前，他们可以把在市场。谷歌（谷歌游戏）最近通过在市场上投放市场前筛选新的应用程序，在他们的安全性上取得了显著的改善。应用商店供应商还应考虑每一个应用程序之前，它可以在市场上公布的认证。应用程序应严格审查，以确保应用程序是安全的，从恶意代码，可靠的，执行如预期，并没有明确的和进攻的材料。

五、结论

本文讨论了一种开发的安全解决方案来处理智能设备在智能家庭网络安全的挑战。物联网技术可以扩展到任何地方的任何计算，但也有基本的安全问题，需要正确处理。在不久的将来，移动智能设备的用户可以期待看到一个惊人的增加，恶意软件和显着的进步，在恶意软件相关的攻击，特别是在安卓平台作为用户基础已成倍增长。今天的用户利用他们的移动智能设备从访问电子邮件到敏感的交易，如网上银行和付款。随着用户越来越依赖于他们的移动设备作为数字钱包，这造成了网络罪犯非常有利可图的目标。移动智能设备用户可以期待看到一个显著的恶意软件增加对金融相关的应用，如移动互联网金融。检测和防止恶意软件在移动设备需要全面的，多层次的方法。这项工作是正在进行的研究的一部分，设计和实现智能设备在智能家居环境中的安全模型。我们计划实施和评估在试验台环境包括用于移动恶意软件的蜜网提出了安全解决方案的未来工作。

本文来源：https://www.2haoxitong.net/k/doc/ed14ee2342323968011ca300a6c30c225901f0a4.html