When mobile is harder than fixed (and vice versa): demystifying security challenges in mobile environments

Abstract

Sophisticated consumer mobile devices continue to approach the capabilities and extensibility of traditional computing environments. Unfortunately, these new capabilities and applications make mobile devices an enticing target for attackers and malicious software. Due to such threats, the domain of mobile security has been getting a considerable amount of attention. However, current approaches have failed to consider key differences and their practical impact on the security of modern platforms when adopting techniques from non-mobile (or "fixed") environments. To help demystify mobile security and guide future research, we examine the unique challenges of mobile environments ranging from hardware to software to usability, delve in the diverse security models of current mobile platforms, and present our five commandments of mobile security research.