Mobile operating systems come in four flavors: Blackberry, Windows Mobile, Google Android, and Apple iOS. Of these, the Apple iOS and Google Android operating systems are by far the ones most commonly found on modern devices. In order to simplify the examination of mobile operating systems and devices in this chapter, the discussion will consider only iOS and Android.
Both of these operating systems have been designed to address some of the most basic threats and risks right out of the box, such as the following:
- Web-based attacks
- Network-based attacks
- Social engineering attacks
- Resource and service availability abuse
- `Malicious and unintentional data loss
- Attacks on the integrity of data
Before analyzing the security models of these two operating systems, a brief recap of each of these attacks as they relate to mobile devices might be helpful:
Web and Network Attacks These are typically launched by malicious websites or compromised legitimate websites. The attacking website sends malformed network content to the victim’s browser, causing the browser to run malicious logic of the attacker’s choosing.
Malware can be broken into three high-level categories: traditional computer viruses, computer worms, and Trojan horse programs. Much like traditional systems, malware does plague mobile systems, and in fact there are pieces of malware designed exclusively for mobile devices.
Social Engineering Attacks
Social engineering attacks such as phishing attempt to trick the user into disclosing sensitive information. Social engineering attacks can also be
used to entice a user to install malware on a mobile device. In many cases social engineering attacks are easier to accomplish on mobile devices largely because of their personal nature and the fact that they are already used to share information on social media and other similar services.