Defend Your Smartphone
The University of Central Oklahoma hosted Dr. Kevin Du, professor from Syracuse University, for a lecture on smartphone defense on Nov. 10, 2016 in the College of Math and Sciences. (Photo provided by Pixabay.)
A professor from Syracuse University lectured students about smartphone security, ways that security is breached and how cell phones protect themselves, in a seminar hosted by the UCO College of Mathematics and Science (CSM) in Howell Hall Thursday, Nov. 10.
Dr. Kevin Du, a researcher and professor, presented a lecture called “Smartphone Security: Attacks, Defenses, and Education” in room 201 at 4:00 p.m.
Du talked about the research that he does with smartphones, specifically with the Android operating system (OS). It is his job to find any and all security problems with Android cell phones.
The best way to find these weaknesses in the system is to attack them, Du said. He brings this work into the classroom by letting students do this work, too.
“Security is like…it’s a field you really have to have a hands-on experience,” he said.
Seminar with Dr. Kevin Du, Thursday, November 10. “Android Security: Attacks, Defenses, and Education” in Howell Hall Room 201 at 4:00 p.m. pic.twitter.com/PZ1VlZJI8P
— UCO Math & Science (@UCOCMS) November 8, 2016
He has created his own security attacks to see if they will affect the cell phones, and has also created his own cell phone prototypes, that are similar to Android phones, if unable to fully access any features of the Android OS.
The Android OS, unlike the iPhone OS, can differ between cell phone models, cell phone carriers, versions of the OS and the countries phones are sold in.
With these differences, Du said, there’s high possibility for weaknesses in the systems, especially when using HTML5 apps, which are apps that are run through the internet instead of being stored on the phone itself.
These apps can be platforms for attacks which are almost like computer viruses. Corruptive computer code comes into the phone with data a cell phone user is accessing through HTML5 apps.
The computer code that is meant to harm a device can get to an Android phone through free Wi-Fi, Bluetooth pairing, contactless connectivity between phones, barcode scanners, text messaging, internet radio, music downloads and JPEG images.
“Web technology is…it’s very dangerous because the web allows you to mix the data and the code together,” Du said.
However, Android users have built-in safeties on their phones. There is a basic filter that keeps a lot of unwanted code out of the phone.
More complex than this, there are two different operating systems within the basic Android system, according to Du.
There is the normal world in the system that holds and downloads apps and unprotected data.
The secure world, or TrustZone, is the only system that stores sensitive information such as credit card information. Only the phone vendor can access this information.
Donna Bass, the project coordinator for the CSM, organizes the seminars.
“It’s to educate, inform, and to help our students see past just UCO,” Bass said.
Du’s lecture was the second installment of the series. Dr. Grace Park, computer science professor and associate of Du, recommended him to speak.
“In my opinion, he is a true scholar, teacher and model for me to follow,” Park said.
She continued to say that he was good at research and training students and has created over 500 research labs, one of which she uses on campus.
“I am the beneficiary of his generosity,” Park said.