Title: Mobile Handsets: A Panoramic Overview
1Mobile Handsets A Panoramic Overview
- Adam C. Champion and Dong Xuan
- Department of Computer Science Engineering
- The Ohio State University
- January 6, 2011
2Outline
- Introduction
- Mobile Handset Architecture
- Mobile Handset Operating Systems
- Networking
- Applications
- Mobile Handset Security
3Mobile Handset Definition
- Mobile handsets (mobiles) electronic devices
that provide services to users - Internet
- Games
- Contacts
- Form factors tablets, smartphones, consoles
- Mobile your next computer system
4Mobile Handsets Business
- Meteoric sales and growth
- Over 4 billion mobile phone users 1
- Over 5 billion mobile phone subscriptions 2
(some people have multiple phones) - Mobile handsets industries 5 trillion 3
- Mobile phones are replaced every 6 months in S.
Korea (just phones) 4 - We cant ignore these numbers
- Note mobiles are computer systems
5Whats Inside a Mobile Handset?
Source 5
6Handset Architecture (1)
- Handsets use several hardware components
- Microprocessor
- ROM
- RAM
- Digital signal processor
- Radio module
- Microphone and speaker
- Hardware interfaces
- LCD display
7Handset Architecture (2)
- Handsets store system data in electronically-erasa
ble programmable read-only memory (EEPROM) - Mobile operators can reprogram phones without
physical access to memory chips - OS is stored in ROM (nonvolatile memory)
- Most handsets also include subscriber identity
module (SIM) cards
8Handset Microprocessors
- Handsets use embedded processors
- Intel, ARM architectures dominate market.
Examples include - BlackBerry 8700, uses Intel PXA901 chip 6
- iPhone 3G, uses Samsung ARM 1100 chip 7
- Low power use and code size are crucial 5
- Microprocessor vendors often package all the
chips functionality in a single chip
(package-on-package (PoP)) for maximum
flexibility - Apple A4 uses a PoP design 10
9Example iPhone 3G CPU
- The iPhone a real-world MH 79
- Runs on Samsung S3C6400 chip, supports ARM
architecture - Highly modular architecture
Source 8
10Mobile Handset OSes (1)
- Key mobile OSes
- Symbian OS
- BlackBerry OS
- Google Android
- Apple iOS
- Windows Phone 7 (formerly Windows Mobile)
- Others include
- HP Palm webOS
- Samsung bada
Source 11
11Mobile Handset OSes (2)
- Symbian (n) OS (ARM only)
- Open-source (Nokia)
- Multitasking
- Programming C, Java ME, Python, Qt/HTML5
- BlackBerry OS (ARM)
- Proprietary (RIM)
- Multitasking
- Many enterprise features
- Programming Java ME, Adobe AIR (tablet)
- iPhone OS (ARM only)
- Proprietary (Apple)
- Multitasking
- Multi-touch interface
- Programming Objective-C
- Windows Phone 7 (ARM only)
- Proprietary (Microsoft)
- No multitasking
- Programming Silverlight/XNA, C.NET/VB.NET
- Android (ARM, x86, )
- Open-source
- Multitasking
- Programming Java (Apache Harmony), scripts
- Other OS features
- Most require app code signing
- Many support Adobe Flash/AIR, multitasking
- ARM is predominant ISA
12Mobile Handset Networking
- Handsets communicate with each other and with
service providers via many networking
technologies - Two classes of these technologies
- Cellular telephony
- Wireless networking
- Most handsets support both, some also support
physical connections such as USB
13Cellular Telephony Basics (1)
- Many mobile handsets support cellular services
- Cellular telephony is radio-based technology,
radio waves propagated by antennas - Most cellular frequency bands 800, 850, 900,
1800, 1900, 2100 MHz
Source 5
14Cellular Telephony Basics (2)
- Cells, base stations
- Space divided into cells, each has base station
(tower, radio equipment) - Base stations coordinate so mobile users can
access network - Move from one cell to another handoff
15Cellular Telephony Basics (3)
- Statistical multiplexing
- Time Division Multiple Access (TDMA)
- Time frequency band split into time slots
- Each conversation gets the radio a fraction of
the time - Frequency Division Multiple Access (FDMA)
analogous
16Wireless Networking (1)
- Bluetooth (BT)
- Frequency-hopping radio technology hops among
frequencies in 2.4 GHz band - Nearly ubiquitous on mobile handsets
- Personal area networking master device associate
with 7 slave devices (piconet) - Pull model, not push model
- Master device publishes services
- BT devices inquire for nearby devices, discover
published services, connect to them - Latest version 4.0 latest mobiles support 3.0
12
17Wireless Networking (2)
- WiFi (IEEE 802.11)
- Variants 802.11b, g, n, etc.
- Radio technology for WLANs 2.4, 3.6, 5 GHz
- Some mobile handsets support WiFi, esp. premium
- Two modes infrastructure and ad hoc
- Infrastructure mobile stations communicate with
deployed base stations, e.g., OSU Wireless - Ad hoc mobile stations communicate with each
other without infrastructure - Most mobiles support infrastructure mode
18Mobile Handset Applications
- Mobile apps span many categories, e.g.
- Games Angry Birds, Assassins Creed, etc.
- Multimedia Pandora, Guitar Hero, etc.
- Utilities e-readers, password storage, etc.
- Many apps are natively developed for one mobile
OS, e.g., iOS, Android - Cross-platform native mobile apps can be
developed via middleware, e.g., Rhodes 13,
Titanium 14 - Can also build (HTML5) Web apps, e.g., Ibis
Reader 15, Orbium 16 - Well discuss mobile app development next
19Native Mobile App Development
- Mobile apps can be developed natively for
particular mobile handset OSes - iOS Dashcode, Xcode Mac only
- Android Eclipse Win/Mac/Linux
- Windows Phone Visual Studio, XNA Windows only
- Symbian Eclipse, NetBeans, Qt Win/Mac/Linux
- BlackBerry Eclipse, Visual Studio Win/Mac
20Other Mobile App Development
- Middleware
- Rhodes Ruby/HTML compiled for all mobile OSes
- Titanium HTML/JS APIs compiled for iOS,
Android - Still dependent on native SDK restrictions
- Web development HTML5, CSS, JS
- Works on most mobile browsers
- Can develop on many IDEs, Win/Mac/Linux
- Biz SMS/MMS/mobile network operators key
21Business Opportunities
- Virtually every mobile OS supports app sales via
stores, e.g., iOS App Store, Android Market,
Windows Marketplace - Devs sign up for accounts, download SDKs
- Costs 99/yr (iOS, Win), 25 once (Android)
- http//developer.apple.com, http//market.android.
com, http//create.msdn.com
22Mobile Handset Security Issues
- People store much info on their mobiles
- Smartphones are the new computers.2
billionwill be deployed by 2013 M.A.D.
Partners 18 - Handsets are targets for miscreants
- Calls
- SMS/MMS messages
- E-mail
- Multimedia
- Calendars
- Contacts
- Phone billing system 18
23Handset Malware History (1)
- Hackers are already attacking handsets
- Most well-known case a 17-year-old broke into
Paris Hiltons Sidekick handset 19 - Less well-known worms, viruses, and Trojans have
targeted handsets since 2004 - 2004 20
- Cabir worm released by 29A, targets Symbian
phones via Bluetooth - Duts virus targets Windows Mobile phones
- Brador Trojan opens backdoor on Windows Mobile
24
24Handset Malware History (2)
- 2005 21
- CommWarrior worm released replicates via
Bluetooth, MMS to all contacts - Doomboot Trojan released claims to be Doom 2
video game, installs Cabir and CommWarrior - 2006 20, 21
- RedBrowser Trojan released claims to be a Java
program, secretly sends premium-rate SMS messages
to a Russian phone number - FlexiSpy spyware released sends log of phone
calls, copies of SMS/MMS messages to Internet
server for third party to view - 2008 22
- First iPhone Trojan released
- 20092010 iPhone Rickrolling, Android SMS
malware, etc. - The single biggest thing threatening any
enterprise today on a security basis is mobile.
Furthermore, mobile phone application stores are
the greatest malware delivery system ever
invented by man Robert Smith, CTO, M.A.D.
Partners 18
25Key Handset Threats, Attacks
- Info theft 23
- Transient info user location
- Static info bluesnarfing attacks, WEP WPA
cracks 24 - Service/ theft, e.g., premium-rate calls/SMS
23 - Denial-of-service attacks 23
- Flooding attacks overload handset radio with
garbage - Power-draining attacks attempt to drain battery
- Botnets and DoS attacks against networks 22, 25
- Exploiting the human factor
- Well discuss risk management strategies
26Risk Management Strategies
- Organizations must
- Understand rapidly-evolving threatspace 18
- Understand applicable laws regulations
- Understand employee demand for handsets and
balance this against the risk they pose - Institute CSO policies to achieve compliance
(and get top management on board!) - Inform employees about policies (change mgmt)
- Implement the policies with tech and people
27Risk Management Tactics
- To implement strategies, organizations must
- Decide whether to distribute handsets to
employees for business purposes, allow use - Encrypt device data
- Remote data wipe as needed
- Procure, install anti-malware, firewall products
- Require VPN use, strong passwords, inventory
mgmt. - Monitor employee handset use to detect attacks
- Educate employees about the threatspace, train
them to treat handsets as any other computer
system - Prevent, detect, and respond appropriately
28Discussion and Questions
29References 1
- Wireless Intelligence, Snapshot Global mobile
connections surpass 5 billion milestone, 8 Jul.
2010, https//www.wirelessintelligence.com/print/s
napshot/100708.pdf - T. T. Ahonen, 5 - 4 - 3 - 2 - 1, as in Billions.
What do these gigantic numbers mean?, 6 Aug.
2010, http//communities-dominate.blogs.com - T. T. Ahonen, 29 Sep. 2010, http//untether.tv/ell
b/?p2227 - T. T. Ahonen, When there is a mobile phone for
half the planet Understanding the biggest
technology, 16 Jan. 2008, http//communities-domi
nate.blogs.com/ brands/2008/01/when-there-is-a.htm
l - J. L. Hennessy and D. A. Patterson, Computer
Architecture A Quantitative Approach, 4th ed.,
Elsevier, 2007 - Research in Motion, BlackBerry 8700c Technical
Specifications, http//www.blackberry.com/product
s/pdfs/blackberry8700c_ent.pdf - R. Block, iPhone processor found 620MHz ARM
CPU, Engadget, 1 Jul. 2007, http//www.engadget.c
om/2007/07/01/iphone-processor-found-620mhz-arm/ - Samsung Semiconductor, Product Technical Brief
S3C6400, Jun. 2007, http//www.samsung.com/global
/system/business/semiconductor/product/2007/8/21/6
61267ptb_s3c6400_rev15.pdf
30References 2
- Wikipedia, iPhone, updated 15 Nov. 2008,
http//en.wikipedia.org/wiki/Iphone - Wikipedia, Apple A4, updated 21 Oct. 2010,
http//en.wikipedia.org/wiki/Apple_A4 - Gartner (12 August 2010). "Gartner Says
Worldwide Mobile Device Sales Grew 13.8 Percent
in Second Quarter of 2010, But Competition Drove
Prices Down". Press release. http//www.gartner.co
m/it/page.jsp?id1421013 - Wikipedia, Samsung Galaxy S, updated 21 Oct.
2010, http//en.wikipedia.org/wiki/Samsung_Galaxy
_S - Rhomobile Inc., http//rhomobile.com/
- Appcelerator Inc., http//www.appcelerator.com/
- Ibis Reader LLC, http//ibisreader.com
- Björn Nilsson, Orbium, http//jsway.se/m/
- Ericsson.Global mobile data traffic nearly
triples in 1 year, 12 August 2010.
http//www.ericsson.com/thecompany/press/releases/
2010/08/1437680. - Georgia Tech Information Security Center,
Emerging Cyber Threat Reports 2011,
http//www.gtisc.gatech.edu/pdf/cyberThreatReport2
011.pdf
31References 3
- B. Krebs, Teen Pleads Guilty to Hacking Paris
Hiltons Phone, Washington Post, 13 Sep. 2005,
http//www.washingtonpost.com/wp-dyn/content/artic
le/2005/09/13/AR2005091301423_pf.html - D. Emm, Mobile malware new avenues, Network
Security, 200611, Nov. 2006, pp. 46 - M. Hypponen, Malware Goes Mobile, Scientific
American, Nov. 2006, pp. 7077,
http//www.cs.virginia.edu/robins/Malware_Goes_Mo
bile.pdf - PandaLabs, PandaLabs Quarterly Report
JanuaryMarch 2008, http//pandalabs.pandasecurit
y.com/blogs/images/PandaLabs/2008/04/01/Quarterly_
Report_PandaLabs_Q1_2008.pdf - D. Dagon et al., Mobile Phones as Computing
Devices The Viruses are Coming!, IEEE
Pervasive Computing, Oct. Dec. 2004, pp. 1115 - G. Fleishman, Battered, but not broken
understanding the WPA crack, Ars Technica, 6
Nov. 2008, http//arstechnica.com/articles/paedia/
wpa-cracked.ars - http//blog.mylookout.com/2010/12/geinimi_trojan/