Mobile Handsets: A Panoramic Overview

1
Mobile Handsets A Panoramic Overview

• Adam C. Champion and Dong Xuan
• Department of Computer Science Engineering
• The Ohio State University
• January 6, 2011

2
Outline

• Introduction
• Mobile Handset Architecture
• Mobile Handset Operating Systems
• Networking
• Applications
• Mobile Handset Security

3
Mobile Handset Definition

• Mobile handsets (mobiles) electronic devices
  that provide services to users
• Internet
• Games
• Contacts
• Form factors tablets, smartphones, consoles
• Mobile your next computer system

4
Mobile Handsets Business

• Meteoric sales and growth
• Over 4 billion mobile phone users 1
• Over 5 billion mobile phone subscriptions 2
  (some people have multiple phones)
• Mobile handsets industries 5 trillion 3
• Mobile phones are replaced every 6 months in S.
  Korea (just phones) 4
• We cant ignore these numbers
• Note mobiles are computer systems

5
Whats Inside a Mobile Handset?
Source 5
6
Handset Architecture (1)

• Handsets use several hardware components
• Microprocessor
• ROM
• RAM
• Digital signal processor
• Radio module
• Microphone and speaker
• Hardware interfaces
• LCD display

7
Handset Architecture (2)

• Handsets store system data in electronically-erasa
  ble programmable read-only memory (EEPROM)
• Mobile operators can reprogram phones without
  physical access to memory chips
• OS is stored in ROM (nonvolatile memory)
• Most handsets also include subscriber identity
  module (SIM) cards

8
Handset Microprocessors

• Handsets use embedded processors
• Intel, ARM architectures dominate market.
  Examples include
• BlackBerry 8700, uses Intel PXA901 chip 6
• iPhone 3G, uses Samsung ARM 1100 chip 7
• Low power use and code size are crucial 5
• Microprocessor vendors often package all the
  chips functionality in a single chip
  (package-on-package (PoP)) for maximum
  flexibility
• Apple A4 uses a PoP design 10

9
Example iPhone 3G CPU

• The iPhone a real-world MH 79
• Runs on Samsung S3C6400 chip, supports ARM
  architecture
• Highly modular architecture

Source 8
10
Mobile Handset OSes (1)

• Key mobile OSes
• Symbian OS
• BlackBerry OS
• Google Android
• Apple iOS
• Windows Phone 7 (formerly Windows Mobile)
• Others include
• HP Palm webOS
• Samsung bada

Source 11
11
Mobile Handset OSes (2)

• Symbian (n) OS (ARM only)
• Open-source (Nokia)
• Multitasking
• Programming C, Java ME, Python, Qt/HTML5
• BlackBerry OS (ARM)
• Proprietary (RIM)
• Multitasking
• Many enterprise features
• Programming Java ME, Adobe AIR (tablet)
• iPhone OS (ARM only)
• Proprietary (Apple)
• Multitasking
• Multi-touch interface
• Programming Objective-C

• Windows Phone 7 (ARM only)
• Proprietary (Microsoft)
• No multitasking
• Programming Silverlight/XNA, C.NET/VB.NET
• Android (ARM, x86, )
• Open-source
• Multitasking
• Programming Java (Apache Harmony), scripts
• Other OS features
• Most require app code signing
• Many support Adobe Flash/AIR, multitasking
• ARM is predominant ISA

12
Mobile Handset Networking

• Handsets communicate with each other and with
  service providers via many networking
  technologies
• Two classes of these technologies
• Cellular telephony
• Wireless networking
• Most handsets support both, some also support
  physical connections such as USB

13
Cellular Telephony Basics (1)

• Many mobile handsets support cellular services
• Cellular telephony is radio-based technology,
  radio waves propagated by antennas
• Most cellular frequency bands 800, 850, 900,
  1800, 1900, 2100 MHz

Source 5
14
Cellular Telephony Basics (2)

• Cells, base stations
• Space divided into cells, each has base station
  (tower, radio equipment)
• Base stations coordinate so mobile users can
  access network
• Move from one cell to another handoff

15
Cellular Telephony Basics (3)

• Statistical multiplexing
• Time Division Multiple Access (TDMA)
• Time frequency band split into time slots
• Each conversation gets the radio a fraction of
  the time
• Frequency Division Multiple Access (FDMA)
  analogous

16
Wireless Networking (1)

• Bluetooth (BT)
• Frequency-hopping radio technology hops among
  frequencies in 2.4 GHz band
• Nearly ubiquitous on mobile handsets
• Personal area networking master device associate
  with 7 slave devices (piconet)
• Pull model, not push model
• Master device publishes services
• BT devices inquire for nearby devices, discover
  published services, connect to them
• Latest version 4.0 latest mobiles support 3.0
  12

17
Wireless Networking (2)

• WiFi (IEEE 802.11)
• Variants 802.11b, g, n, etc.
• Radio technology for WLANs 2.4, 3.6, 5 GHz
• Some mobile handsets support WiFi, esp. premium
• Two modes infrastructure and ad hoc
• Infrastructure mobile stations communicate with
  deployed base stations, e.g., OSU Wireless
• Ad hoc mobile stations communicate with each
  other without infrastructure
• Most mobiles support infrastructure mode

18
Mobile Handset Applications

• Mobile apps span many categories, e.g.
• Games Angry Birds, Assassins Creed, etc.
• Multimedia Pandora, Guitar Hero, etc.
• Utilities e-readers, password storage, etc.
• Many apps are natively developed for one mobile
  OS, e.g., iOS, Android
• Cross-platform native mobile apps can be
  developed via middleware, e.g., Rhodes 13,
  Titanium 14
• Can also build (HTML5) Web apps, e.g., Ibis
  Reader 15, Orbium 16
• Well discuss mobile app development next

19
Native Mobile App Development

• Mobile apps can be developed natively for
  particular mobile handset OSes
• iOS Dashcode, Xcode Mac only
• Android Eclipse Win/Mac/Linux
• Windows Phone Visual Studio, XNA Windows only
• Symbian Eclipse, NetBeans, Qt Win/Mac/Linux
• BlackBerry Eclipse, Visual Studio Win/Mac

20
Other Mobile App Development

• Middleware
• Rhodes Ruby/HTML compiled for all mobile OSes
• Titanium HTML/JS APIs compiled for iOS,
  Android
• Still dependent on native SDK restrictions
• Web development HTML5, CSS, JS
• Works on most mobile browsers
• Can develop on many IDEs, Win/Mac/Linux
• Biz SMS/MMS/mobile network operators key

21
Business Opportunities

• Virtually every mobile OS supports app sales via
  stores, e.g., iOS App Store, Android Market,
  Windows Marketplace
• Devs sign up for accounts, download SDKs
• Costs 99/yr (iOS, Win), 25 once (Android)
• http//developer.apple.com, http//market.android.
  com, http//create.msdn.com

22
Mobile Handset Security Issues

• People store much info on their mobiles
• Smartphones are the new computers.2
  billionwill be deployed by 2013 M.A.D.
  Partners 18
• Handsets are targets for miscreants
• Calls
• SMS/MMS messages
• E-mail
• Multimedia
• Calendars
• Contacts
• Phone billing system 18

23
Handset Malware History (1)

• Hackers are already attacking handsets
• Most well-known case a 17-year-old broke into
  Paris Hiltons Sidekick handset 19
• Less well-known worms, viruses, and Trojans have
  targeted handsets since 2004
• 2004 20
• Cabir worm released by 29A, targets Symbian
  phones via Bluetooth
• Duts virus targets Windows Mobile phones
• Brador Trojan opens backdoor on Windows Mobile
  24

24
Handset Malware History (2)

• 2005 21
• CommWarrior worm released replicates via
  Bluetooth, MMS to all contacts
• Doomboot Trojan released claims to be Doom 2
  video game, installs Cabir and CommWarrior
• 2006 20, 21
• RedBrowser Trojan released claims to be a Java
  program, secretly sends premium-rate SMS messages
  to a Russian phone number
• FlexiSpy spyware released sends log of phone
  calls, copies of SMS/MMS messages to Internet
  server for third party to view
• 2008 22
• First iPhone Trojan released
• 20092010 iPhone Rickrolling, Android SMS
  malware, etc.
• The single biggest thing threatening any
  enterprise today on a security basis is mobile.
  Furthermore, mobile phone application stores are
  the greatest malware delivery system ever
  invented by man Robert Smith, CTO, M.A.D.
  Partners 18

25
Key Handset Threats, Attacks

• Info theft 23
• Transient info user location
• Static info bluesnarfing attacks, WEP WPA
  cracks 24
• Service/ theft, e.g., premium-rate calls/SMS
  23
• Denial-of-service attacks 23
• Flooding attacks overload handset radio with
  garbage
• Power-draining attacks attempt to drain battery
• Botnets and DoS attacks against networks 22, 25
• Exploiting the human factor
• Well discuss risk management strategies

26
Risk Management Strategies

• Organizations must
• Understand rapidly-evolving threatspace 18
• Understand applicable laws regulations
• Understand employee demand for handsets and
  balance this against the risk they pose
• Institute CSO policies to achieve compliance
  (and get top management on board!)
• Inform employees about policies (change mgmt)
• Implement the policies with tech and people

27
Risk Management Tactics

• To implement strategies, organizations must
• Decide whether to distribute handsets to
  employees for business purposes, allow use
• Encrypt device data
• Remote data wipe as needed
• Procure, install anti-malware, firewall products
• Require VPN use, strong passwords, inventory
  mgmt.
• Monitor employee handset use to detect attacks
• Educate employees about the threatspace, train
  them to treat handsets as any other computer
  system
• Prevent, detect, and respond appropriately

28
Discussion and Questions

• Thank you

29
References 1

• Wireless Intelligence, Snapshot Global mobile
  connections surpass 5 billion milestone, 8 Jul.
  2010, https//www.wirelessintelligence.com/print/s
  napshot/100708.pdf
• T. T. Ahonen, 5 - 4 - 3 - 2 - 1, as in Billions.
  What do these gigantic numbers mean?, 6 Aug.
  2010, http//communities-dominate.blogs.com
• T. T. Ahonen, 29 Sep. 2010, http//untether.tv/ell
  b/?p2227
• T. T. Ahonen, When there is a mobile phone for
  half the planet Understanding the biggest
  technology, 16 Jan. 2008, http//communities-domi
  nate.blogs.com/ brands/2008/01/when-there-is-a.htm
  l
• J. L. Hennessy and D. A. Patterson, Computer
  Architecture A Quantitative Approach, 4th ed.,
  Elsevier, 2007
• Research in Motion, BlackBerry 8700c Technical
  Specifications, http//www.blackberry.com/product
  s/pdfs/blackberry8700c_ent.pdf
• R. Block, iPhone processor found 620MHz ARM
  CPU, Engadget, 1 Jul. 2007, http//www.engadget.c
  om/2007/07/01/iphone-processor-found-620mhz-arm/
• Samsung Semiconductor, Product Technical Brief
  S3C6400, Jun. 2007, http//www.samsung.com/global
  /system/business/semiconductor/product/2007/8/21/6
  61267ptb_s3c6400_rev15.pdf

30
References 2

• Wikipedia, iPhone, updated 15 Nov. 2008,
  http//en.wikipedia.org/wiki/Iphone
• Wikipedia, Apple A4, updated 21 Oct. 2010,
  http//en.wikipedia.org/wiki/Apple_A4
• Gartner (12 August 2010). "Gartner Says
  Worldwide Mobile Device Sales Grew 13.8 Percent
  in Second Quarter of 2010, But Competition Drove
  Prices Down". Press release. http//www.gartner.co
  m/it/page.jsp?id1421013
• Wikipedia, Samsung Galaxy S, updated 21 Oct.
  2010, http//en.wikipedia.org/wiki/Samsung_Galaxy
  _S
• Rhomobile Inc., http//rhomobile.com/
• Appcelerator Inc., http//www.appcelerator.com/
• Ibis Reader LLC, http//ibisreader.com
• Björn Nilsson, Orbium, http//jsway.se/m/
• Ericsson.Global mobile data traffic nearly
  triples in 1 year, 12 August 2010.
  http//www.ericsson.com/thecompany/press/releases/
  2010/08/1437680.
• Georgia Tech Information Security Center,
  Emerging Cyber Threat Reports 2011,
  http//www.gtisc.gatech.edu/pdf/cyberThreatReport2
  011.pdf

31
References 3

• B. Krebs, Teen Pleads Guilty to Hacking Paris
  Hiltons Phone, Washington Post, 13 Sep. 2005,
  http//www.washingtonpost.com/wp-dyn/content/artic
  le/2005/09/13/AR2005091301423_pf.html
• D. Emm, Mobile malware new avenues, Network
  Security, 200611, Nov. 2006, pp. 46
• M. Hypponen, Malware Goes Mobile, Scientific
  American, Nov. 2006, pp. 7077,
  http//www.cs.virginia.edu/robins/Malware_Goes_Mo
  bile.pdf
• PandaLabs, PandaLabs Quarterly Report
  JanuaryMarch 2008, http//pandalabs.pandasecurit
  y.com/blogs/images/PandaLabs/2008/04/01/Quarterly_
  Report_PandaLabs_Q1_2008.pdf
• D. Dagon et al., Mobile Phones as Computing
  Devices The Viruses are Coming!, IEEE
  Pervasive Computing, Oct. Dec. 2004, pp. 1115
• G. Fleishman, Battered, but not broken
  understanding the WPA crack, Ars Technica, 6
  Nov. 2008, http//arstechnica.com/articles/paedia/
  wpa-cracked.ars
• http//blog.mylookout.com/2010/12/geinimi_trojan/