Telephone

people have devised methods for communicating over long distances. The earliest methods involved crude systems such as drum beating or smoke signaling. These systems evolved into optical telegraphy, and by the early 1800s, electric telegraphy. The first simple telephones, which were comprised of a long string and two cans, were known in the early eighteenth century.
A working electrical voice-transmission system was first demonstrated by Johann Philipp Reis in 1863. His machine consisted of a vibrating membrane that opened or closed an electric circuit. While Reis only used his machine to demonstrate the nature of sound, other inventors tried to find more practical applications of this technology. They were found by Alexander Graham Bell in 1876 when he was awarded a patent for the first operational telephone. This invention proved to revolutionize the way people communicate throughout the world.
Bell's interest in telephony was primarily derived from his background in vocal physiology and his speech instruction to the deaf. His breakthrough experiment occurred on June 2, 1875. He and his assistant, Thomas Watson, were working on a harmonic telegraph. When a reed stuck on Watson's transmitter an intermittent current was converted to a continuous current. Bell was able to hear the sound on his receiver confirming his belief that sound could be transmitted and reconverted through an electric wire by using a continuous electric current.
The original telephone design that Bell patented was much different than the phone we know today. In a real sense, it was just a modified version of a telegraph. The primary difference was that it could transmit true sound. Bell continued to improve upon his design. After two years, he created a magnetic telephone which was the precursor to modern phones. This design consisted of a transmitter, receiver, and a magnet. The transmitter and receiver each contained a diaphragm, which is a metal disk. During a phone call, the vibrations of the caller's voice caused the diaphragm in the transmitter to move. This motion was transferred along the phone line to the receiver. The receiving diaphragm began vibrating thereby producing sound and completing the call.
While the magnetic phone was an important breakthrough, it had significant drawbacks. For example, callers had to shout to overcome noise and voice distortions. Additionally, there was a time lapse in the transmission which resulted in nearly incoherent conversations. These problems were eventually solved as the telephone underwent numerous design changes. The first phones made available to consumers used a single microphone. This required the user to speak into it and then put it to the ear to listen. Thomas Edison introduced a model that had a moveable listening earpiece and stationary speaking tube. When placing a call, the receiver was lifted and the user was connected directly to an operator who would then switch wires manually to transmit. In 1878, the first manual telephone exchange was opened. It served 21 customers in New Haven, Connecticut. Use of the telephone spread rapidly and in 1891, the first automatic number calling mechanism was introduced.
Long-distance service was first made available in 1881. However, the transmission rates were not good and it was difficult to hear. In 1900, two workers at Bell System designed loading coils that could minimize distortions. In 1912, the vacuum tube was adapted to the phone as an amplifier. This made it possible to have a transcontinental phone line, first demonstrated in 1915. In 1956, a submarine cable was laid across the Atlantic to allow transatlantic telephone communication. The telecommunication industry was revolutionized in 1962 when orbiting communication satellites were utilized. In 1980, a fiber-optic system was introduced, again revolutionizing the industry.

Background

Telephones still operate on the same basic principles that Bell introduced over one hundred years ago. If a person wishes to make a call, they pick up the handset. This causes the phone to be connected to a routing network. When the numbers are pressed on a touch-tone keypad, signals are sent down the phone line to the routing station. Here, each digit is recognized as a combination of tone frequencies. The specific number combination causes a signal to be sent to another phone causing it to ring. When that phone is picked up, a connection between the two phones is initiated.
The mouthpiece acts as a microphone. Sound waves from the user's voice cause a thin, plastic disk inside the phone to vibrate. This changes the distance between the plastic disk and another metal disk. The intensity of an electric field between the two disks is changed as a result and a varying electric current is sent down the phone line. The receiver on the other phone picks up this current. As it enters the receiver, it passes through a set of electromagnets. These magnets cause a metal diaphragm to vibrate. This vibration reproduces the voice that initiated the current. An amplifier in the receiver makes it easier to hear. When one of the phones is hung up the electric current is broken, causing all of the routing connections to be released.

Eiisha Gray

Elisha Gray was Alexander Graham Bell's principle rival, first for invention of the harmonic telegraph and then of the telephone. He was a prolific inventor, granted some 70 patents during his lifetime. Born in Barnesville, Ohio, on August 2, 1935, and brought up on a farm, Gray had to leave school early when his father died but later continued his studies at Oberlin College, where he concentrated on physical sciences, especially electricity, and supported himself as a carpenter.
After leaving Oberlin, Gray continued his electrical experiments, concentrating on telegraphy. In 1867, he patented an improved telegraph relay, and later, a telegraph switch, an "annunciator" for hotels and large business offices, a telegraphic repeater, and a telegraph line printer. He also experimented with ways to transmit multiple, separate messages simultaneously across a single wire, a subject that was also engaging the efforts of Bell. Gray prevailed, filing his harmonic telegraph patent application in February 1875, two days before Bell's similar application.
Gray now began investigating ways to transmit voice messages, soon developing a telephone design that featured a liquid transmitter and variable resistance. In one of the most remarkable coincidences in the history of invention, Gray filed notice of his intent to patent his device on February 14, 1876—just two hours after Bell had filed his own telephone patent at the same office. Western Union Telegraph Company purchased the rights to Gray's telephone and went into the telephone business; the Bell Telephone Company launched a bitter lawsuit in return.
Meanwhile, Gray had been a founding partner in 1869 of Gray and Barton, an electric-equipment shop in Cleveland, Ohio. This became Western Electric Manufacturing of Chicago in 1872, which evolved into Western Electric Company, which, ironically, became the largest single component of Bell Telephone in 1881.
The system of transmission presented describes what happens during a local call. It varies slightly for other types of calls such as long distance or cellular. Long distance calls are not always connected directly through wires. In some cases, the signal is converted

The electronic components of the telephone are sophisticated and use the latest in electronic processing technology. The circuit board is produced the same way that boards are made for other types of electronic equipment. The preprinted, nonconductive board is passed through a series of machines that place the appropriate chips, diodes, capacitors, and other electronic parts in the appropriate places. To affix the electronic parts to the board, a wave soldering machine is used.

to a satellite dish signal and transmitted via a satellite. For cellular phones, the signal is sent to a cellular antenna. Here, it is sent via radio waves to the appropriate cell phone.

Raw Materials

A variety of raw materials are used for making telephones. Materials range from glass, ceramics, paper, metals, rubber and plastics. The primary components on the circuit board are made from silicon. The outer housing of the phone is typically made of a strong, high-impact resistant polymer. To modify the characteristics of this polymer, various fillers and colorants are used. The speakers require magnetic materials.

Design

Modern telephones come in many shapes and sizes, but they all have the same general features. They consist of a single handset which contains both the transmitter and receiver. The handset rests on the base when the phone is not in use. They also have a dialing system which is either a rotary dial or a touch-tone keypad. Recently, rotary phones have been phased out in favor of the more useful keypad. To alert the consumer that they have an incoming call, phones are equipped with ringers. A wide variety of specialized phones are also produced. Speaker phones are made to allow the consumer to carry on a telephone conversation

The individual parts of the telephone are assembled both automatically and manually. The transmitter and receiver are put together by machines. These parts are then fed onto the main assembly line and inserted into the molded headset. Similarly, the internal electronics, including the touch-tone pad, are inserted into the main housing and attached with screws.

without holding the handset. Cordless phones are also available. These models do not require direct connection of the handset to the base. Instead the user's voice is converted to radio waves and then sent to the phone base. This, in turn, gets converted to an electric signal and sent down the phone lines. Another type of common phone is the cellular phone. These phones use radio waves and an antenna system to communicate between phones.

The Manufacturing
Process

Since there are so many different parts that go into making a telephone, the components are typically produced by different companies and then assembled by the phone manufacturer. The main components include the internal electronics, the handset, and the various plastic parts.

Plastic parts

1 To produce the plastic parts like the base, handset casing, and push buttons, injection molding is typically done. In this process, pellets of plastic polymer are put into the hopper of an injection molding machine. They then pass through a hydraulically controlled screw and are melted. While the screw rotates, the melted plastic is moved through a nozzle and injected into a mold. Just prior to this injection, the two halves of a mold are brought together to form a cavity which matches the shape of the telephone part. While inside the mold, the plastic is held under pressure for a set amount of time and then allowed to cool. As it cools, it hardens and forms into the shape of the part. This mold is coated with chromium to create a shiny surface.

2 After a short while, the mold halves are opened and the part is ejected. The mold then closes again and the process begins again. At this point in process, many of the parts are manually inspected to ensure that no significantly damaged parts are used. If there are damaged parts, they are set aside to be remelted and reformed into new parts.

Internal electronics

3 The electronic components of the telephone are sophisticated and use the latest in electronic processing technology. The circuit board is produced the same way that boards are made for other types of electronic equipment. The process begins with a board made of non-conducting material that has the electronic configuration printed on it using a conducting material. This board is then passed through a series of machines that place the appropriate chips, diodes, capacitors and other electronic parts in the appropriate places. To prevent damage caused by dust, the process is completed in a specially cleaned room. When completed, it is sent to the next step for soldering.

4 To affix the electronic parts to the board, a wave soldering machine is used. Before being put into the machine, the board is washed to remove contaminants. Upon entering, the board is heated using infrared heat. The underside of the board is passed over a wave of molten solder and through capillary action, all of the necessary spots are filled. As the board is allowed to cool, the solder hardens and the pieces stay in place. This creates an electrical connection between the printed circuits and the components.

Assembly and Packaging

5 The individual parts are assembled both automatically and manually. The transmitter and receiver are put together by machines. These parts are then fed onto the main assembly line and inserted into the molded headset. Similarly, the internal electronics, including the touch-tone pad, are inserted into the main housing and attached with screws. The headset is then put on the phone base and the phone chord may also be put on.

6 After all of the phone pieces are assembled, the completed phones are put in final packaging. Typically, they are wrapped in plastic and put in boxes. A packaging material such as polystyrene is also included to protect the device from damage during shipping. An owner's manual or other literature is included and the box is sealed with tape. The boxes are stacked on pallets, shipped to distributors and finally, customers.

Quality Control

To ensure the quality of each telephone, visual and electrical inspections are done throughout the entire production process and most flaws are detected. Additionally, the each completed phone is tested to make sure it works. Often these tests are done under different environmental conditions such as excessive heat and humidity to simulate the extremes that are experienced in a real life setting. Plastic parts are given torture tests to ensure they will still function even after a level of consumer abuse. For example, the numbers on a touch tone pad are put under a rubber-finger that taps the buttons enough times that it equals forty years of dialing. Since many of the parts that make up the telephone are produced by subcontractors, telephone manufacturers rely heavily on these suppliers for good quality. To ensure consistent manufacturing, most telephone makers set quality specifications for individual parts that the suppliers must meet.

The Future

Telephone technology is improving rapidly. In the future, cordless phones will be designed to be smaller and lighter. They will have wider transmission and better reception ranges. The sound quality will also be improved. Other technologies that integrate the phone with computers and cable television will be commonplace. Dialing systems will also be improved. In a recent demonstration, one company showed a technology that accepted voice command to dial a phone number.

XXX . V Mobile Phones

Mobile phones are very useful for people with low vision and there are plenty of models to choose from with different levels of functionality.
If a mobile is primarily required for making phone calls, a simple phone with basic functions is ideal. It should have large, high contrast keys and display, loud ring tones and emergency call functions. Some phones can be personalised to have just a few pre-programmed numbers that are accessible at the push of a single button.

If a mobile phone is needed for additional functions, select a model with screen reader software. The phone will then speak all of the information on the screen, including contacts, caller information and text messages. It should also have a screen enlargement function, to increase the font size on the screen, and a high contrast display panel for easier reading.

Smart Phones, such as the Apple iPhones, have a broad range of features including functions to support people with low vision. Some of these features are magnification and speech accessibility for voice navigation commands.

In addition to the usual tools of phone, email and web accessibility, smart phones can provide GPS navigation and support applications such as talking books.

XXX . V0 TELEVISION AND RADIO

Television and Radio

When it comes to watching television, there are many large screen options available, along with universal remote controls that have large buttons. When choosing a television, consider an LED TV, which offers more vibrant colours and sharper contrast.
Some televisions now come with built-in voice guidance. Voice guidance speaks aloud onscreen information using text-to-speech technology and enables blind and visually impaired viewers to control their TV by voice, for example, changing channels and searching for programs.
Digital radios provide very clear sound output. There is now a wide range to choose from including those with large print, large buttons and high colour contrast.
Radio for the Print Handicapped (RPH) provides a radio reading service for people who cannot see, handle or understand printed material. Programming includes readings from daily newspapers and articles from magazines as well as book readings and extracts from a variety of publications on topics such as health, music, art, entertainment, science.

Audio Technology Audio books Audio books, or talking books, can be sourced from a range of providers including low vision agencies, council libraries and audio book websites. The content can be played on a range of devices including standard CD players, MP3 devices and tablet computers. Some newspapers are also available in audio format. Navigator audio book The Navigator is a ‘low tech’ portable audio book device. Digital files of books or newspapers are loaded on to the Navigator from a computer. It can hold an average of five books in its memory (approximately thirty hours of listening). The Navigator is available from Macular Disease Foundation Australia and also in selected libraries around Australia and some low vision organisations. Macular Disease Foundation Australia’s Navigator Home Access Program allows users to access audio books and newspapers from a website and download them onto the Navigator audio book unit. The download process requires some computer experience so some people with low vision may require assistance from family or friends. Once loaded, the Navigator is very easy to use and, as it is light and portable, it can be used at home or out and about

XXX . V00 Computers and Software

Technology has changed the way we undertake many tasks, from accessing information to driving a car.
Even if it hasn’t been part of your education or life experience so far, it is possible to learn the skills necessary to make use of computer technology and software. Talk to one of the many low vision service providers about computer training programs and typing courses. Local Computer Pals clubs for seniors, which offer a fun and supportive environment, may also be suitable for learning computer skills. Technical Aid to the Disabled (TAD) can help to provide affordable computer packages for people with a disability.
Another excellent resource is Media Access Australia (MAA). MAA is a not-for-profit organisation devoted to increasing access to media for people with disabilities. Their website contains information on assistive technology.

Maximising vision using computer technology

There are many ways you can maximise remaining vision by using technology, including choosing a large screen to increase the viewing area and increasing the size of items displayed on the screen.
To make type easier to read, choose simple fonts without decorative curves, such as Arial or Calibri, and type in upper and lower case instead of all capitals. Add extra space between words and lines of text.

The following modifications will help you get the most from your computer:

A large monitor to increase your viewing area
A large print keyboard or large font keyboard stickers applied to the keys
Software that increases the cursor size
If the mouse or cursor is difficult to use, it may be easier to learn to touch type and use keyboard commands
Enlarge the toolbar display
Change the colour contrast

Computer technology for people with low vision

Electronic note takers

An electronic note taker is basically an adapted personal data service. Users can do the same tasks that a typical personal data device allows including: taking notes, reading email, diary functions, calculator, playing music, or digital books and data transfer to or from computers. Because the electronic note takers are adapted for persons who are blind or vision impaired, they have built in speech output.

Tablets and small personal computers

Netbooks, ultrabooks, and tablet personal computers are essentially just small computers. They are highly portable which means that those with low vision can readily access low vision technology when out and about.

Software options for people with low vision

Screen magnification software

Screen magnification software increases the size of the image displayed on the screen. This means only a portion of the original screen image can be seen at one time. The mouse or keyboard can then be used to move the magnified window to view other parts of the original screen image.

Screen reading software

Screen reading software is also available to translate text into speech and is designed for people with very little usable vision. They may also be built in to some websites such as this one – by pressing the ‘Listen’ button at the top of the screen, the text will be read aloud.

Screen magnifier and reader

At times, a program with a screen magnifier AND speech reader may help. For example, Type Echo - hearing text as it is typed can be useful for new or slow typists. Listening to long documents or web pages may be less tiring than reading with a screen magnifier.
Additionally, starting with both magnification and a reader may simplify the transition to speech only if vision deteriorates further.

	Function
Program	Screen magnifier	Screen reader
Guide Zoom Text MAGic	✔	✔
Magnifying Glass Pro Mouse Magnifier Utility Lightning	✔
JAWS Windows-Eyes Thunder Dragon Dictate		✔

Free software options

There are a number of free software options to choose from, provided by suppliers that include Microsoft, Apple and Linux.
Microsoft Windows has a built-in narrator, and has third party software support, which allows for greater access.
Apple Mac has built-in full-screen magnification, a voice over feature that converts text-to-speech, voice command capability and high-contrast settings.
Non-Visual Desktop Access – or NVDA - provides Windows users with a free text-to-speech program.
Web Anywhere is a text-to-speech tool that integrates into the web browser in virtually any operating system, providing free basic voice access to the internet. The voice software can work on almost any computer with sound and will start almost immediately after download.
System Access to Go is an online screen reader, available from any Internet Explorer connected Windows Computer.

Web browsers

Whether you use Windows or Mac, you access the Internet through a web browser. There are several web browsers available, the most popular being Internet Explorer, Mozilla Firefox and Chrome. Each contains a variety of features which can help people with low vision who rely on the use of a keyboard or need to make a webpage easier to see.

XXX . V000 Electronic Magnifiers

Hand held electronic magnification

Hand held electronic magnification provides distortion-free viewing as well as the ability to change background and foreground colours for glare reduction. They are useful for people who have progressed from hand held optical devices, for identifying objects and reading. Hand held electronic magnifiers require a medium amount of training with little follow up support. Products available are the Compact+, Compact Mini and Looky, which all operate with standard or rechargeable batteries. Pricing ranges from approximately $500 to $1,100.
The Farview Hand Held Electronic Distance magnifier greatly assists mobility by capturing and magnifying distant images. This small rectangular unit is also used in education for capturing information on whiteboards. Of value is the ability to scan an entire page then scroll around the page once the image is captured.

Hand held electronic distance magnifiers

Students and active seniors find that hand held electronic distance magnifiers, which capture and magnify distant images, greatly assist mobility. They can be used to capture information on whiteboards and to scan whole pages of information then scroll around the page once the information is captured.
Hand held electronic distance magnifiers cost around $4,000.
Training is important and a low level of support will be required. The unit is powered by rechargeable batteries.

Computer connectable – optical camera

The ClearNote and ClearNote Plus are optical cameras on a flexible arm that connect to the computer. They offer high flexibility for near and distance viewing and very high magnification levels. Images can be captured and stored on the PC then magnified and enhanced for display on the computer screen. These products are useful for students and seniors with a PC, for study, craft and distance viewing.
The ClearNote and ClearNote Plus require batteries and a USB. Pricing is around $4,000 to $5,000 and, while training is required support requirements after training are low.

Computer connectable - digital cameras

Computer connectable - digital cameras enable text to be captured quickly, and converted to large print and speech on a PC. Words are highlighted as they are spoken. Speech files can also be saved and used on MP3 type devices. Currently available are the Pearl, Zoom-Ex and Zoom-Twix computer connectable digital cameras, which are useful for students and seniors with a PC.
Pricing ranges widely from $2,000 - $5,000 for these units, which run on mains power and require a USB. A high degree of training is required with moderate ongoing support.

Desktop electronic magnifiers

Desktop electronic magnifiers are by far the most commonly used aid for reading, writing, and handicrafts. The source material is simply inserted onto a flat bed scanner and the image projects onto the screen. There are various options available for screen sizes, reading modes, non-reflective screens and high definition. ClearView and ViVA are two desktop electronic magnifers, which greatly enhance independent living skills. They are suitable for anyone with low vision, run on mains power and require minimal training. Prices range from $3,000 to $6,000.
The desktop electronic magnifier PC offers the same basic design and functionality as regular desktop electronic magnifiers. However it has the additional flexibility of connecting to a PC. Users can choose to use the magnifier’s screen, the PC screen, or both. Split screen options facilitate study and employment opportunities.
The ClearView PC (include image) is suitable for anyone with low vision, for home use, study or in the office. It requires mains power, needs little training and is priced at around $4,000.
Magnification Software (include image) for PC by ZoomText, MAGic, and iZoom provide useful access to computing and Internet for all low vision users. This software requires a high level of training with moderate levels of ongoing support.

XXX . V0000 Mobile security

Mobile security, or more specifically mobile device security, has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones.
More and more users and businesses use smartphones to communicate, but also to plan and organize their users' work and also private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company.
All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses inherent in smartphones that can come from the communication mode—like Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), wifi, Bluetooth and GSM, the de facto global standard for mobile communications. There are also exploits that target software vulnerabilities in the browser or operating system. And some malicious software relies on the weak knowledge of an average user. According to a finding by McAfee in 2008, 11.6% users had heard of someone else being affected by mobile malware, but only 2.1% had personal experience on such problem.^[1] However, this number is expected to grow.
Security countermeasures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps.

XXX . V00000 Challenges of mobile security

Threats

A smartphone user is exposed to various threats when they use their phone. In just the last two-quarters of 2012, the number of unique mobile threats grew by 261%, according to ABI Research.^[2] These threats can disrupt the operation of the smartphone, and transmit or modify user data. So applications must guarantee privacy and integrity of the information they handle. In addition, since some apps could themselves be malware, their functionality and activities should be limited (for example, restricting the apps from accessing location information via GPS, blocking access to the user's address book, preventing the transmission of data on the network, sending SMS messages that are billed to the user, etc.).
There are three prime targets for attackers:^[3]

Data: smartphones are devices for data management, and may contain sensitive data like credit card numbers, authentication information, private information, activity logs (calendar, call logs);

Identity: smartphones are highly customizable, so the device or its contents can easily be associated with a specific person. For example, every mobile device can transmit information related to the owner of the mobile phone contract, and an attacker may want to steal the identity of the owner of a smartphone to commit other offenses;

Availability: attacking a smartphone can limit access to it and deprive the owner of its use.

There are a number of threats to mobile devices, including annoyance, stealing money, invading privacy, propagation, and malicious tools.^[4]

Botnets: attackers infect multiple machines with malware that victims generally acquire via e-mail attachments or from compromised applications or websites. The malware then gives hackers remote control of "zombie" devices, which can then be instructed to perform harmful acts.^[4]

Malicious applications: hackers upload malicious programs or games to third-party smartphone application marketplaces. The programs steal personal information and open backdoor communication channels to install additional applications and cause other problems.^[4]

Malicious links on social networks: an effective way to spread malware where hackers can place Trojans, spyware, and backdoors.^[4]

Spyware: hackers use this to hijack phones, allowing them to hear calls, see text messages and e-mails as well as track someone's location through GPS updates.^[4]

The source of these attacks are the same actors found in the non-mobile computing space:^[3]

Professionals, whether commercial or military, who focus on the three targets mentioned above. They steal sensitive data from the general public, as well as undertake industrial espionage. They will also use the identity of those attacked to achieve other attacks;

Thieves who want to gain income through data or identities they have stolen. The thieves will attack many people to increase their potential income;

Black hat hackers who specifically attack availability.^[5] Their goal is to develop viruses, and cause damage to the device.^[6] In some cases, hackers have an interest in stealing data on devices.

Grey hat hackers who reveal vulnerabilities.^[7] Their goal is to expose vulnerabilities of the device.^[8] Grey hat hackers do not intend on damaging the device or stealing data.

Consequences

When a smartphone is infected by an attacker, the attacker can attempt several things:

The attacker can manipulate the smartphone as a zombie machine, that is to say, a machine with which the attacker can communicate and send commands which will be used to send unsolicited messages (spam) via sms or email;^[10]

The attacker can easily force the smartphone to make phone calls. For example, one can use the API (library that contains the basic functions not present in the smartphone) PhoneMakeCall by Microsoft, which collects telephone numbers from any source such as yellow pages, and then call them.^[10] But the attacker can also use this method to call paid services, resulting in a charge to the owner of the smartphone. It is also very dangerous because the smartphone could call emergency services and thus disrupt those services;^[10]

A compromised smartphone can record conversations between the user and others and send them to a third party.^[10] This can cause user privacy and industrial security problems;

An attacker can also steal a user's identity, usurp their identity (with a copy of the user's sim card or even the telephone itself), and thus impersonate the owner. This raises security concerns in countries where smartphones can be used to place orders, view bank accounts or are used as an identity card;^[10]

The attacker can reduce the utility of the smartphone, by discharging the battery.^[11] For example, they can launch an application that will run continuously on the smartphone processor, requiring a lot of energy and draining the battery. One factor that distinguishes mobile computing from traditional desktop PCs is their limited performance. Frank Stajano and Ross Anderson first described this form of attack, calling it an attack of "battery exhaustion" or "sleep deprivation torture";^[12]

The attacker can prevent the operation and/or be starting of the smartphone by making it unusable.^[13] This attack can either delete the boot scripts, resulting in a phone without a functioning OS, or modify certain files to make it unusable (e.g. a script that launches at startup that forces the smartphone to restart) or even embed a startup application that would empty the battery;^[12]

The attacker can remove the personal (photos, music, videos, etc.) or professional data (contacts, calendars, notes) of the user.^[13]

Attacks based on communication

Attack based on SMS and MMS

Some attacks derive from flaws in the management of SMS and MMS.
Some mobile phone models have problems in managing binary SMS messages. It is possible, by sending an ill-formed block, to cause the phone to restart, leading to the denial of service attacks. If a user with a Siemens S55 received a text message containing a Chinese character, it would lead to a denial of service.^[14] In another case, while the standard requires that the maximum size of a Nokia Mail address is 32 characters, some Nokia phones did not verify this standard, so if a user enters an email address over 32 characters, that leads to complete dysfunction of the e-mail handler and puts it out of commission. This attack is called "curse of silence". A study on the safety of the SMS infrastructure revealed that SMS messages sent from the Internet can be used to perform a distributed denial of service (DDoS) attack against the mobile telecommunications infrastructure of a big city. The attack exploits the delays in the delivery of messages to overload the network.^[15]
Another potential attack could begin with a phone that sends an MMS to other phones, with an attachment. This attachment is infected with a virus. Upon receipt of the MMS, the user can choose to open the attachment. If it is opened, the phone is infected, and the virus sends an MMS with an infected attachment to all the contacts in the address book. There is a real-world example of this attack: the virus Commwarrior^[13] uses the address book and sends MMS messages including an infected file to recipients. A user installs the software, as received via MMS message. Then, the virus began to send messages to recipients taken from the address book.

Attacks based on communication networks

Attacks based on the GSM networks

The attacker may try to break the encryption of the mobile network. The GSM network encryption algorithms belong to the family of algorithms called A5. Due to the policy of security through obscurity it has not been possible to openly test the robustness of these algorithms. There were originally two variants of the algorithm: A5/1 and A5/2 (stream ciphers), where the former was designed to be relatively strong, and the latter was designed to be weak on purpose to allow easy cryptanalysis and eavesdropping. ETSI forced some countries (typically outside Europe) to use A5/2. Since the encryption algorithm was made public, it was proved it was possible to break the encryption: A5/2 could be broken on the fly, and A5/1 in about 6 hours .^[16] In July 2007, the 3GPP approved a change request to prohibit the implementation of A5/2 in any new mobile phones, which means that it has been decommissioned and is no longer implemented in mobile phones. Stronger public algorithms have been added to the GSM standard, the A5/3 and A5/4 (Block ciphers), otherwise known as KASUMI or UEA1^[17] published by the ETSI. If the network does not support A5/1, or any other A5 algorithm implemented by the phone, then the base station can specify A5/0 which is the null-algorithm, whereby the radio traffic is sent unencrypted. Even in case mobile phones are able to use 3G or 4G which have much stronger encryption than 2G GSM, the base station can downgrade the radio communication to 2G GSM and specify A5/0 (no encryption) .^[18] This is the basis for eavesdropping attacks on mobile radio networks using a fake base station commonly called an IMSI catcher.
In addition, tracing of mobile terminals is difficult since each time the mobile terminal is accessing or being accessed by the network, a new temporary identity (TMSI) is allocated to the mobile terminal. The TSMI is used as the identity of the mobile terminal the next time it accesses the network. The TMSI is sent to the mobile terminal in encrypted messages.
Once the encryption algorithm of GSM is broken, the attacker can intercept all unencrypted communications made by the victim's smartphone.

Attacks based on Wi-Fi Wi-Fi § Network_security

Access Point spoofing

An attacker can try to eavesdrop on Wi-Fi communications to derive information (e.g. username, password). This type of attack is not unique to smartphones, but they are very vulnerable to these attacks because very often the Wi-Fi is the only means of communication they have to access the internet. The security of wireless networks (WLAN) is thus an important subject. Initially, wireless networks were secured by WEP keys. The weakness of WEP is a short encryption key which is the same for all connected clients. In addition, several reductions in the search space of the keys have been found by researchers. Now, most wireless networks are protected by the WPA security protocol. WPA is based on the "Temporal Key Integrity Protocol (TKIP)" which was designed to allow migration from WEP to WPA on the equipment already deployed. The major improvements in security are the dynamic encryption keys. For small networks, the WPA is a "pre-shared key" which is based on a shared key. Encryption can be vulnerable if the length of the shared key is short. With limited opportunities for input (i.e. only the numeric keypad), mobile phone users might define short encryption keys that contain only numbers. This increases the likelihood that an attacker succeeds with a brute-force attack. The successor to WPA, called WPA2, is supposed to be safe enough to withstand a brute force attack.
As with GSM, if the attacker succeeds in breaking the identification key, it will be possible to attack not only the phone but also the entire network it is connected to.
Many smartphones for wireless LANs remember they are already connected, and this mechanism prevents the user from having to re-identify with each connection. However, an attacker could create a WIFI access point twin with the same parameters and characteristics as the real network. Using the fact that some smartphones remember the networks, they could confuse the two networks and connect to the network of the attacker who can intercept data if it does not transmit its data in encrypted form.
Lasco is a worm that initially infects a remote device using the SIS file format.^[22] SIS file format (Software Installation Script) is a script file that can be executed by the system without user interaction. The smartphone thus believes the file to come from a trusted source and downloads it, infecting the machine.

Principle of Bluetooth-based attacks Bluesnarfing and Bluebugging

Security issues related to Bluetooth on mobile devices have been studied and have shown numerous problems on different phones. One easy to exploit vulnerability: unregistered services do not require authentication, and vulnerable applications have a virtual serial port used to control the phone. An attacker only needed to connect to the port to take full control of the device.^[23] Another example: a phone must be within reach and Bluetooth in discovery mode. The attacker sends a file via Bluetooth. If the recipient accepts, a virus is transmitted. For example: Cabir is a worm that spreads via Bluetooth connection.^[13] The worm searches for nearby phones with Bluetooth in discoverable mode and sends itself to the target device. The user must accept the incoming file and install the program. After installing, the worm infects the machine.

Attacks based on vulnerabilities in software applications

Other attacks are based on flaws in the OS or applications on the phone.

Web browser Browser security

The mobile web browser is an emerging attack vector for mobile devices. Just as common Web browsers, mobile web browsers are extended from pure web navigation with widgets and plug-ins, or are completely native mobile browsers.
Jailbreaking the iPhone with firmware 1.1.1 was based entirely on vulnerabilities on the web browser.^[24] As a result, the exploitation of the vulnerability described here underlines the importance of the Web browser as an attack vector for mobile devices. In this case, there was a vulnerability based on a stack-based buffer overflow in a library used by the web browser (Libtiff).
A vulnerability in the web browser for Android was discovered in October 2008. As the iPhone vulnerability above, it was due to an obsolete and vulnerable library. A significant difference with the iPhone vulnerability was Android's sandboxing architecture which limited the effects of this vulnerability to the Web browser process.
Smartphones are also victims of classic piracy related to the web: phishing, malicious websites, software that run in the background, etc. The big difference is that smartphones do not yet have strong antivirus software available.

Operating system Operating_system § Security

Sometimes it is possible to overcome the security safeguards by modifying the operating system itself. As real-world examples, this section covers the manipulation of firmware and malicious signature certificates. These attacks are difficult.
In 2004, vulnerabilities in virtual machines running on certain devices were revealed. It was possible to bypass the bytecode verifier and access the native underlying operating system The results of this research were not published in detail. The firmware security of Nokia's Symbian Platform Security Architecture (PSA) is based on a central configuration file called SWIPolicy. In 2008 it was possible to manipulate the Nokia firmware before it is installed, and in fact in some downloadable versions of it, this file was human readable, so it was possible to modify and change the image of the firmware.^[25] This vulnerability has been solved by an update from Nokia.
In theory smartphones have an advantage over hard drives since the OS files are in ROM, and cannot be changed by malware. However, in some systems it was possible to circumvent this: in the Symbian OS it was possible to overwrite a file with a file of the same name.^[25] On the Windows OS, it was possible to change a pointer from a general configuration file to an editable file.
When an application is installed, the signing of this application is verified by a series of certificates. One can create a valid signature without using a valid certificate and add it to the list.^[26] In the Symbian OS all certificates are in the directory: `c:\resource\swicertstore\dat`. With firmware changes explained above it is very easy to insert a seemingly valid but malicious certificate.

Attacks based on hardware vulnerabilities

Electromagnetic Waveforms

In 2015, researchers at the French government agency Agence nationale de la sécurité des systèmes d'information (ANSSI) demonstrated the capability to trigger the voice interface of certain smartphones remotely by using "specific electromagnetic waveforms".^[27] The exploit took advantage of antenna-properties of headphone wires while plugged into the audio-output jacks of the vulnerable smartphones and effectively spoofed audio input to inject commands via the audio interface.^[27]

Juice Jacking Juice_jacking

Juice Jacking is a physical or hardware vulnerability specific to mobile platforms. Utilizing the dual purpose of the USB charge port, many devices have been susceptible to having data exfiltrated from, or malware installed onto a mobile device by utilizing malicious charging kiosks set up in public places or hidden in normal charge adapters.

Jail-breaking and rooting

Jail-breaking is also a physical access vulnerability, in which mobile device users initiate to hack into the devices to unlock it, and exploit weaknesses in the operating system. Mobile device users take control of their own device by jail-breaking it, and customize the interface by installing applications, change system settings that are not allowed on the devices. Thus, allowing to tweak the mobile devices operating systems processes, run programs in the background, thus devices are being expose to variety of malicious attack that can lead to compromise important private data .

Password cracking

In 2010, researcher from the University of Pennsylvania investigated the possibility of cracking a device's password through a smudge attack (literally imaging the finger smudges on the screen to discern the user's password).^[29] The researchers were able to discern the device password up to 68% of the time under certain conditions.^[29] Outsiders may perform over-the-shoulder on victims, such as watching specific keystrokes or pattern gestures, to unlock device password or passcode.

Malicious software (malware) Malware

As smartphones are a permanent point of access to the internet (mostly on), they can be compromised as easily as computers with malware. A malware is a computer program that aims to harm the system in which it resides. Trojans, worms and viruses are all considered malware. A Trojan is a program that is on the smartphone and allows external users to connect discreetly. A worm is a program that reproduces on multiple computers across a network. A virus is malicious software designed to spread to other computers by inserting itself into legitimate programs and running programs in parallel. However, it must be said that the malware are far less numerous and important to smartphones as they are to computers.

^[30]
Nonetheless, recent studies show that the evolution of malware in smartphones have rocketed in the last few years posing a threat to analysis and detection.^[31]

The three phases of malware attacks

Typically an attack on a smartphone made by malware takes place in 3 phases: the infection of a host, the accomplishment of its goal, and the spread of the malware to other systems. Malware often uses the resources offered by the infected smartphones. It will use the output devices such as Bluetooth or infrared, but it may also use the address book or email address of the person to infect the user's acquaintances. The malware exploits the trust that is given to data sent by an acquaintance.

Infection

Infection is the means used by the malware to get into the smartphone, it can either use one of the faults previously presented or may use the gullibility of the user. Infections are classified into four classes according to their degree of user interaction:^[32]

Explicit permission

the most benign interaction is to ask the user if it is allowed to infect the machine, clearly indicating its potential malicious behavior. This is typical behavior of a proof of concept malware.

Implied permission

this infection is based on the fact that the user has a habit of installing software. Most trojans try to seduce the user into installing attractive applications (games, useful applications etc.) that actually contain malware.

Common interaction

this infection is related to a common behavior, such as opening an MMS or email.

No interaction

the last class of infection is the most dangerous. Indeed, a worm that could infect a smartphone and could infect other smartphones without any interaction would be catastrophic.

Accomplishment of its goal

Once the malware has infected a phone it will also seek to accomplish its goal, which is usually one of the following: monetary damage, damage data and/or device, and concealed damage:^[33]

Monetary damages

the attacker can steal user data and either sell them to the same user or sell to a third party.

Damage

malware can partially damage the device, or delete or modify data on the device.

Concealed damage

the two aforementioned types of damage are detectable, but the malware can also leave a backdoor for future attacks or even conduct wiretaps.

Spread to other systems

Once the malware has infected a smartphone, it always aims to spread one way or another:

It can spread through proximate devices using Wi-Fi, Bluetooth and infrared;

It can also spread using remote networks such as telephone calls or SMS or emails.

Examples of malware

Here are various malware that exist in the world of smartphones with a short description of each.

Viruses and Trojans Mobile virus

Cabir (also known as Caribe, SybmOS/Cabir, Symbian/Cabir and EPOC.cabir) is the name of a computer worm developed in 2004, designed to infect mobile phones running Symbian OS. It is believed to have been the first computer worm that can infect mobile phones

Commwarrior, found March 7, 2005, was the first worm that can infect many machines from MMS.^[13] It is sent as COMMWARRIOR.ZIP containing the file COMMWARRIOR.SIS. When this file is executed, Commwarrior attempts to connect to nearby devices by Bluetooth or infrared under a random name. It then attempts to send MMS message to the contacts in the smartphone with different header messages for each person, who receive the MMS and often open them without further verification.

Phage is the first Palm OS virus discovered.^[13] It transfers to the Palm from a PC via synchronization. It infects all applications in the smartphone and embeds its own code to function without the user and the system detecting it. All that the system will detect is that its usual applications are functioning.

RedBrowser is a Trojan based on java.^[13] The Trojan masquerades as a program called "RedBrowser" which allows the user to visit WAP sites without a WAP connection. During application installation, the user sees a request on their phone that the application needs permission to send messages. If the user accepts, RedBrowser can send SMS to paid call centers. This program uses the smartphone's connection to social networks (Facebook, Twitter, etc.) to get the contact information for the user's acquaintances (provided the required permissions have been given) and will send them messages.

WinCE.PmCryptic.A is malicious software on Windows Mobile which aims to earn money for its authors. It uses the infestation of memory cards that are inserted in the smartphone to spread more effectively.^[35]

CardTrap is a virus that is available on different types of smartphone, which aims to deactivate the system and third party applications. It works by replacing the files used to start the smartphone and applications to prevent them from executing.^[36] There are different variants of this virus such as Cardtrap.A for SymbOS devices. It also infects the memory card with malware capable of infecting Windows.

Ghost Push is malicious software on Android OS which automatically roots the android device and installs malicious applications directly to system partition then unroots the device to prevent users from removing the threat by master reset (The threat can be removed only by reflashing). It cripples the system resources, executes quickly, and is hard to detect.

Ransomware

Mobile ransomware is a type of malware that locks users out of their mobile devices in a pay-to-unlock-your-device ploy, it has grown by leaps and bounds as a threat category since 2014.^[37] Specific to mobile computing platforms, users are often less security-conscious, particularly as it pertains to scrutinizing applications and web links trusting the native protection capability of the mobile device operating system. Mobile ransomware poses a significant threat to businesses reliant on instant access and availability of their proprietary information and contacts. The likelihood of a traveling businessman paying a ransom to unlock their device is significantly higher since they are at a disadvantage given inconveniences such as timeliness and less likely direct access to IT staff. Recent ransomware attack has caused a stir in the world as the attack caused many of the internet connected devices to not work and companies spent a large amount to recover from these attacks.

Spyware

Flexispy is an application that can be considered as a trojan, based on Symbian. The program sends all information received and sent from the smartphone to a Flexispy server. It was originally created to protect children and spy on adulterous spouses.^[13]

Number of malware

Below is a diagram which loads the different behaviors of smartphone malware in terms of their effects on smartphones:^[30]

Effects of Malware

We can see from the graph that at least 50 malware varieties exhibit no negative behavior, except their ability to spread.^[30]

Portability of malware across platforms

There is a multitude of malware. This is partly due to the variety of operating systems on smartphones. However attackers can also choose to make their malware target multiple platforms, and malware can be found which attacks an OS but is able to spread to different systems.
To begin with, malware can use runtime environments like Java virtual machine or the .NET Framework. They can also use other libraries present in many operating systems.^[38] Other malware carry several executable files in order to run in multiple environments and they utilize these during the propagation process. In practice, this type of malware requires a connection between the two operating systems to use as an attack vector. Memory cards can be used for this purpose, or synchronization software can be used to propagate the virus.

Countermeasures

The security mechanisms in place to counter the threats described above are presented in this section. They are divided into different categories, as all do not act at the same level, and they range from the management of security by the operating system to the behavioral education of the user. The threats prevented by the various measures are not the same depending on the case. Considering the two cases mentioned above, in the first case one would protect the system from corruption by an application, and in the second case the installation of a suspicious software would be prevented.

Security in operating systems

The first layer of security in a smartphone is the operating system (OS). Beyond needing to handle the usual roles of an operating system (e.g. resource management, scheduling processes) on the device, it must also establish the protocols for introducing external applications and data without introducing risk.^[
A central paradigm in mobile operating systems is the idea of a sandbox. Since smartphones are currently designed to accommodate many applications, they must have mechanisms to ensure these applications are safe for the phone itself, for other applications and data on the system, and for the user. If a malicious program reaches a mobile device, the vulnerable area presented by the system must be as small as possible. Sandboxing extends this idea to compartmentalize different processes, preventing them from interacting and damaging each other. Based on the history of operating systems, sandboxing has different implementations. For example, where iOS will focus on limiting access to its public API for applications from the App Store by default, Managed Open In allows you to restrict which apps can access which types of data. Android bases its sandboxing on its legacy of Linux and TrustedBSD.
The following points highlight mechanisms implemented in operating systems, especially Android.

Rootkit Detectors

The intrusion of a rootkit in the system is a great danger in the same way as on a computer. It is important to prevent such intrusions, and to be able to detect them as often as possible. Indeed, there is concern that with this type of malicious program, the result could be a partial or complete bypass of the device security, and the acquisition of administrator rights by the attacker. If this happens, then nothing prevents the attacker from studying or disabling the safety features that were circumvented, deploying the applications they want, or disseminating a method of intrusion by a rootkit to a wider audience.^[39]^[40] We can cite, as a defense mechanism, the Chain of trust in iOS. This mechanism relies on the signature of the different applications required to start the operating system, and a certificate signed by Apple. In the event that the signature checks are inconclusive, the device detects this and stops the boot-up.^[41] If the Operating System is compromised due to Jailbreaking, root kit detection may not work if it is disabled by the Jailbreak method or software is loaded after Jailbreak disables Rootkit Detection.

Process isolation

Android uses mechanisms of user process isolation inherited from Linux. Each application has a user associated with it, and a tuple (UID, GID). This approach serves as a sandbox: while applications can be malicious, they can not get out of the sandbox reserved for them by their identifiers, and thus cannot interfere with the proper functioning of the system. For example, since it is impossible for a process to end the process of another user, an application can thus not stop the execution of another.^[39]^[42]^[43]^[44]^[45]

File permissions

From the legacy of Linux, there are also filesystem permissions mechanisms. They help with sandboxing: a process can not edit any files it wants. It is therefore not possible to freely corrupt files necessary for the operation of another application or system. Furthermore, in Android there is the method of locking memory permissions. It is not possible to change the permissions of files installed on the SD card from the phone, and consequently it is impossible to install applications.^[46]^[47]^[48]

Memory Protection

In the same way as on a computer, memory protection prevents privilege escalation. Indeed, if a process managed to reach the area allocated to other processes, it could write in the memory of a process with rights superior to their own, with root in the worst case, and perform actions which are beyond its permissions on the system. It would suffice to insert function calls are authorized by the privileges of the malicious application.^[45]

Development through runtime environments

Software is often developed in high-level languages, which can control what is being done by a running program. For example, Java Virtual Machines continuously monitor the actions of the execution threads they manage, monitor and assign resources, and prevent malicious actions. Buffer overflows can be prevented by these controls.

Security software

Above the operating system security, there is a layer of security software. This layer is composed of individual components to strengthen various vulnerabilities: prevent malware, intrusions, the identification of a user as a human, and user authentication. It contains software components that have learned from their experience with computer security; however, on smartphones, this software must deal with greater constraints (see limitations).

Antivirus and firewall

An antivirus software can be deployed on a device to verify that it is not infected by a known threat, usually by signature detection software that detects malicious executable files. A firewall, meanwhile, can watch over the existing traffic on the network and ensure that a malicious application does not seek to communicate through it. It may equally verify that an installed application does not seek to establish suspicious communication, which may prevent an intrusion attempt.^[51]^[52]^[53]^[40]
A mobile antivirus product would scan files and compare them against a database of known mobile malware code signatures.^[4]

Visual Notifications

In order to make the user aware of any abnormal actions, such as a call they did not initiate, one can link some functions to a visual notification that is impossible to circumvent. For example, when a call is triggered, the called number should always be displayed. Thus, if a call is triggered by a malicious application, the user can see, and take appropriate action.

Turing test

In the same vein as above, it is important to confirm certain actions by a user decision. The Turing test is used to distinguish between a human and a virtual user, and it often comes as a captcha.

Biometric identification

Another method to use is biometrics.^[54] Biometrics is a technique of identifying a person by means of their morphology(by recognition of the eye or face, for example) or their behavior (their signature or way of writing for example). One advantage of using biometric security is that users can avoid having to remember a password or other secret combination to authenticate and prevent malicious users from accessing their device. In a system with strong biometric security, only the primary user can access the smartphone.

Resource monitoring in the smartphone[edit]

When an application passes the various security barriers, it can take the actions for which it was designed. When such actions are triggered, the activity of a malicious application can be sometimes detected if one monitors the various resources used on the phone. Depending on the goals of the malware, the consequences of infection are not always the same; all malicious applications are not intended to harm the devices on which they are deployed. The following sections describe different ways to detect suspicious activity.^[55]

Battery

Some malware is aimed at exhausting the energy resources of the phone. Monitoring the energy consumption of the phone can be a way to detect certain malware applications.^[39]

Memory usage

Memory usage is inherent in any application. However, if one finds that a substantial proportion of memory is used by an application, it may be flagged as suspicious.

Network traffic

On a smartphone, many applications are bound to connect via the network, as part of their normal operation. However, an application using a lot of bandwidth can be strongly suspected of attempting to communicate a lot of information, and disseminate data to many other devices. This observation only allows a suspicion, because some legitimate applications can be very resource-intensive in terms of network communications, the best example being streaming video.

Services

One can monitor the activity of various services of a smartphone. During certain moments, some services should not be active, and if one is detected, the application should be suspected. For example, the sending of an SMS when the user is filming video: this communication does not make sense and is suspicious; malware may attempt to send SMS while its activity is masked.^[56]
The various points mentioned above are only indications and do not provide certainty about the legitimacy of the activity of an application. However, these criteria can help target suspicious applications, especially if several criteria are combined.

Network surveillance

Network traffic exchanged by phones can be monitored. One can place safeguards in network routing points in order to detect abnormal behavior. As the mobile's use of network protocols is much more constrained than that of a computer, expected network data streams can be predicted (e.g. the protocol for sending an SMS), which permits detection of anomalies in mobile networks.^[57]

Spam filters

As is the case with email exchanges, we can detect a spam campaign through means of mobile communications (SMS, MMS). It is therefore possible to detect and minimize this kind of attempt by filters deployed on network infrastructure that is relaying these messages.

Encryption of stored or transmitted information

Because it is always possible that data exchanged can be intercepted, communications, or even information storage, can rely on encryption to prevent a malicious entity from using any data obtained during communications. However, this poses the problem of key exchange for encryption algorithms, which requires a secure channel.

Telecom network monitoring

The networks for SMS and MMS exhibit predictable behavior, and there is not as much liberty compared with what one can do with protocols such as TCP or UDP. This implies that one cannot predict the use made of the common protocols of the web; one might generate very little traffic by consulting simple pages, rarely, or generate heavy traffic by using video streaming. On the other hand, messages exchanged via mobile phone have a framework and a specific model, and the user does not, in a normal case, have the freedom to intervene in the details of these communications. Therefore, if an abnormality is found in the flux of network data in the mobile networks, the potential threat can be quickly detected.

Manufacturer surveillance

In the production and distribution chain for mobile devices, it is the responsibility of manufacturers to ensure that devices are delivered in a basic configuration without vulnerabilities. Most users are not experts and many of them are not aware of the existence of security vulnerabilities, so the device configuration as provided by manufacturers will be retained by many users. Below are listed several points which manufacturers should consider.

Remove debug mode

Phones are sometimes set in a debug mode during manufacturing, but this mode must be disabled before the phone is sold. This mode allows access to different features, not intended for routine use by a user. Due to the speed of development and production, distractions occur and some devices are sold in debug mode. This kind of deployment exposes mobile devices to exploits that utilize this oversight.^[58]^[59]

Default settings

When a smartphone is sold, its default settings must be correct, and not leave security gaps. The default configuration is not always changed, so a good initial setup is essential for users. There are, for example, default configurations that are vulnerable to denial of service attacks.^[39]^[60]

Security audit of apps

Along with smart phones, appstores have emerged. A user finds themselves facing a huge range of applications. This is especially true for providers who manage appstores because they are tasked with examining the apps provided, from different points of view (e.g. security, content). The security audit should be particularly cautious, because if a fault is not detected, the application can spread very quickly within a few days, and infect a significant number of devices.^[39]

Detect suspicious applications demanding rights

When installing applications, it is good to warn the user against sets of permissions that, grouped together, seem potentially dangerous, or at least suspicious. Frameworks like such as Kirin, on Android, attempt to detect and prohibit certain sets of permissions.^[61]

Revocation procedures

Along with appstores appeared a new feature for mobile apps: remote revocation. First developed by Android, this procedure can remotely and globally uninstall an application, on any device that has it. This means the spread of a malicious application that managed to evade security checks can be immediately stopped when the threat is discovered.

Avoid heavily customized systems

Manufacturers are tempted to overlay custom layers on existing operating systems, with the dual purpose of offering customized options and disabling or charging for certain features. This has the dual effect of risking the introduction of new bugs in the system, coupled with an incentive for users to modify the systems to circumvent the manufacturer's restrictions. These systems are rarely as stable and reliable as the original, and may suffer from phishing attempts or other exploits.

Improve software patch processes

New versions of various software components of a smartphone, including operating systems, are regularly published. They correct many flaws over time. Nevertheless, manufacturers often do not deploy these updates to their devices in a timely fashion, and sometimes not at all. Thus, vulnerabilities persist when they could be corrected, and if they are not, since they are known, they are easily exploitable.^[61]

User awareness

Much malicious behavior is allowed by the carelessness of the user. Smartphone users were found to ignore security messages during application installation, especially during application selection, checking application reputation, reviews and security and agreement messages.^[64]From simply not leaving the device without a password, to precise control of permissions granted to applications added to the smartphone, the user has a large responsibility in the cycle of security: to not be the vector of intrusion. This precaution is especially important if the user is an employee of a company that stores business data on the device. Detailed below are some precautions that a user can take to manage security on a smartphone.
A recent survey by internet security experts BullGuard showed a lack of insight into the rising number of malicious threats affecting mobile phones, with 53% of users claiming that they are unaware of security software for Smartphones. A further 21% argued that such protection was unnecessary, and 42% admitted it hadn't crossed their mind ("Using APA," 2011). These statistics show consumers are not concerned about security risks because they believe it is not a serious problem. The key here is to always remember smartphones are effectively handheld computers and are just as vulnerable.

Being skeptical

A user should not believe everything that may be presented, as some information may be phishing or attempting to distribute a malicious application. It is therefore advisable to check the reputation of the application that they want to buy before actually installing it.^[65]

Permissions given to applications

The mass distribution of applications is accompanied by the establishment of different permissions mechanisms for each operating system. It is necessary to clarify these permissions mechanisms to users, as they differ from one system to another, and are not always easy to understand. In addition, it is rarely possible to modify a set of permissions requested by an application if the number of permissions is too great. But this last point is a source of risk because a user can grant rights to an application, far beyond the rights it needs. For example, a note taking application does not require access to the geolocation service. The user must ensure the privileges required by an application during installation and should not accept the installation if requested rights are inconsistent.

Be careful

Protection of a user's phone through simple gestures and precautions, such as locking the smartphone when it is not in use, not leaving their device unattended, not trusting applications, not storing sensitive data, or encrypting sensitive data that cannot be separated from the device.^[68]^[69]

Enable Android Device Encryption

Latest Android Smartphones come with an inbuilt encryption setting for securing all the information saved on your device. It makes it difficult for a hacker to extract and decipher the information in case your device is compromised. Here is how to do it,^[70]
Settings – Security – Encrypt Phone + Encrypt SD Card^[70]

Ensure data

Smartphones have a significant memory and can carry several gigabytes of data. The user must be careful about what data it carries and whether they should be protected. While it is usually not dramatic if a song is copied, a file containing bank information or business data can be more risky. The user must have the prudence to avoid the transmission of sensitive data on a smartphone, which can be easily stolen. Furthermore, when a user gets rid of a device, they must be sure to remove all personal data first.^[71]
These precautions are measures that leave no easy solution to the intrusion of people or malicious applications in a smartphone. If users are careful, many attacks can be defeated, especially phishing and applications seeking only to obtain rights on a device.

Centralized storage of text messages

One form of mobile protection allows companies to control the delivery and storage of text messages, by hosting the messages on a company server, rather than on the sender or receiver's phone. When certain conditions are met, such as an expiration date, the messages are deleted.^[72]

Limitations of certain security measures

The security mechanisms mentioned in this article are to a large extent inherited from knowledge and experience with computer security. The elements composing the two device types are similar, and there are common measures that can be used, such as antivirus software and firewalls. However, the implementation of these solutions is not necessarily possible or at least highly constrained within a mobile device. The reason for this difference is the technical resources offered by computers and mobile devices: even though the computing power of smartphones is becoming faster, they have other limitations than their computing power.

Single-task system: Some operating systems, including some still commonly used, are single-tasking. Only the foreground task is executed. It is difficult to introduce applications such as antivirus and firewall on such systems, because they could not perform their monitoring while the user is operating the device, when there would be most need of such monitoring.

Energy autonomy: A critical one for the use of a smartphone is energy autonomy. It is important that the security mechanisms not consume battery resources, without which the autonomy of devices will be affected dramatically, undermining the effective use of the smartphone.

Network Directly related to battery life, network utilization should not be too high. It is indeed one of the most expensive resources, from the point of view of energy consumption. Nonetheless, some calculations may need to be relocated to remote servers in order to preserve the battery. This balance can make implementation of certain intensive computation mechanisms a delicate proposition.^[73]

Furthermore, it should be noted that it is common to find that updates exist, or can be developed or deployed, but this is not always done. One can, for example, find a user who does not know that there is a newer version of the operating system compatible with the smartphone, or a user may discover known vulnerabilities that are not corrected until the end of a long development cycle, which allows time to exploit the loopholes.^[59]

Next Generation of mobile security

There is expected to be four mobile environments that will make up the security framework:

Rich operating system

In this category will fall traditional Mobile OS like Android, iOS, Symbian OS or Windows Phone. They will provide the traditional functionaity and security of an OS to the applications.

Secure Operating System (Secure OS)

A secure kernel which will run in parallel with a fully featured Rich OS, on the same processor core. It will include drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world"). The trusted infrastructure could include interfaces like the display or keypad to regions of PCI-E address space and memories.

Trusted Execution Environment (TEE)

Made up of hardware and software. It helps in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS. It effectively acts as a firewall between the "normal world" and "secure world".

Secure Element (SE)

The SE consists of tamper resistant hardware and associated software. It can provide high levels of security and work in tandem with the TEE. The SE will be mandatory for hosting proximity payment applications or official electronic signatures.

Security Applications (SA)

Numerous security applications are available on App Stores providing services of protection from viruses and performing vulnerability assessment.

== MA THEREFORE TELEPHONE IN COMPUTER AND SOFTWARE MATIC ==

Rabu, 20 Desember 2017

TELEPHONE UNTIL COMPUTER AND SOFTWARE AMNIMARJESLOW GOVERNMENT 91220017 LOR LOURDESS IN LORD IPHONE NOT ELTELEPHONE 02096010014 LJBUSAF AMNI 03 / 20 USE COMPUTER AND BRAIN AUVI IN SOFTWARE YO