Biblio

Mobile Device Security is an important factor as all the user's sensitive information is stored on the mobile device. The problem of mobile devices getting lost or stolen has only been increasing. There are various systems which provide Online Mobile Device Security which require internet to perform their required functions. Our proposed system SMS Based Offline Mobile Device Security System provides mobile device users with a wide range of security features that help protect the mobile device from theft and also acts as an assistant that helps the users in any problems they may face in their day-to-day lives. The project aims to develop a mobile security system that will allow the user to manipulate his mobile device from any other device through SMS which can be used to get contact information from the user's mobile device remotely, help find the phone by maximizing the volume and playing a tone, trace the current location of the mobile device, get the IMEI No of the device, lock the device, send a message that will be converted to speech and played on the user's mobile device, call forwarding, message forwarding and various other features. It also has an additional security feature that will detect a sim card change and send the new SIM card mobile no to the recovery mobile numbers specified during initial setup automatically. Hence, the user will be able to manipulate his phone even after the SIM card has been changed. Therefore, the SMS-Based Offline Mobile Device Security System provides much more security for the mobile device than the existing online device security methods.

Today's mobile applications increasingly rely on communication with a remote backend service to perform many critical functions, including handling user-specific information. This implies that some form of authentication should be used to associate a user with their actions and data. Since schemes involving tedious account creation procedures can represent "friction" for users, many applications are moving toward alternative solutions, some of which, while increasing usability, sacrifice security. This paper focuses on a new trend of authentication schemes based on what we call "device-public" information, which consists of properties and data that any application running on a device can obtain. While these schemes are convenient to users, since they require little to no interaction, they are vulnerable by design, since all the needed information to authenticate a user is available to any app installed on the device. An attacker with a malicious app on a user's device could easily hijack the user's account, steal private information, send (and receive) messages on behalf of the user, or steal valuable virtual goods. To demonstrate how easily these vulnerabilities can be weaponized, we developed a generic exploitation technique that first mines all relevant data from a victim's phone, and then transfers and injects them into an attacker's phone to fool apps into granting access to the victim's account. Moreover, we developed a dynamic analysis detection system to automatically highlight problematic apps. Using our tool, we analyzed 1,000 popular applications and found that 41 of them, including the popular messaging apps WhatsApp and Viber, were vulnerable. Finally, our work proposes solutions to this issue, based on modifications to the Android API.