Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Mobile phone security and forensics: a practical approach (2nd ed.)
Androulidakis I., Springer International Publishing, New York, NY, 2016. 120 pp. Type: Book (978-3-319297-41-5)
Date Reviewed: Aug 5 2016

Mobile phone security and forensics are clearly of top concern to many users, service providers, and the business and institutional worlds. The complexity of these issues increases at a fast pace, so it will not come as a surprise that a 113-page volume dedicated to them will have some restrictions. The preface states that theoretical aspects, algorithms, and standards are in general outside the scope of this volume, as they are a bit expeditiously categorized as computer security topics. The preface also states that the focus is on aspects of relevance to end users; unfortunately, most topics, except to some extent user interface features, are predominantly relevant to hackers, police, and device management at operators. The reader of this book will not learn any information about security or forensics for smartphones; only some rather primitive GSM handsets and modems are discussed.

Chapter 1 is a descriptive survey of some examples of problems experienced by users in the areas of confidentiality, integrity, availability, and malicious software. It gives a sample of mostly GSM handset attack processes in relation to symptoms. Chapter 2 seems to summarize survey results dated back to 2011, devoted to a student population’s mobile usage and awareness of security. Even Figure 2.5 on network architecture is an outdated simplification of GSM networks, discussed in relation to smartphone operating systems. Chapter 3 is a detailed analysis of how to spoof base stations in GSM to acquire user data; Section 3.5 on the consequences of software-defined radios, which did not exist in the first edition of the volume, only addresses second-generation GSM and not their role in third- and fourth-generation user equipment (the current terminology for terminals). Chapter 4 discusses AT script commands to GSM modems as well as other specific techniques for attacks. Chapter 5 is still relevant today for users of short messaging services (SMS) as it illustrates spoofing, “silent” SMS attack processes, and others. Chapter 6 discusses some of the forensics processes used when security forces want to “force a GSM handset to talk,” the most detailed exposé being about the analysis of GSM SIM cards. It was a good idea in the chapter list to provide a bullet point checklist about what users should do to minimize their risks; however, most points are only applicable to GSM handsets and the very first leaky Bluetooth implementations.

Overall, this short volume has taken on a huge challenge, but ends up covering almost exclusively outdated GSM handsets, most with manufacturer-specific hardware and microcontrollers, very remote from the threats and needs users face in 2016. The device architectures as studied have in rare cases migrated into machine-machine communications devices (for the so-called “Internet of Things”); students and researchers from this branch may find useful inspiration about what not to do. But the design and the architecture of 3G and 4G multicore devices have evolved a lot since IP was set at their core over 15 years ago, even setting aside network aspects, cryptographic progress in terminals and SIM cards, and so-called open operating systems or protocol stacks. New kinds of threats have also emerged, like IP messaging, IPv6Sec embedded in the IPv6 stack, on-handset cryptanalysis, new denial of service processes, trojans, and so on; these are not addressed in this volume.

Reviewer:  Prof. L.-F. Pau, CBS Review #: CR144668 (1610-0720)
Bookmark and Share
  Reviewer Selected
Security and Protection (C.2.0 ... )
Portable Devices (C.5.3 ... )
Security and Protection (K.6.5 )
Reference (A.2 )
Would you recommend this review?
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy