Skip navigation
The Australian National University

Student research opportunities

The Vulnerability of Smartphones

Project Code: CECS_769

This project is available at the following levels:
CS single semester, Engn4200, Engn R&D, Honours, Summer Scholar, Masters, PhD

Supervisor:

Dr Roger Clarke

Outline:

A smartphone is a computing device that is network-connected, is running a cut-down operating system, has some of its functionality intentionally suppressed in the hope that the supplier can control the customer, and is subject to frequent and rapid updates because technological capabilities and consumer expectations change so rapidly. As a result, smartphones are thought to be even more insecure than predecessor devices such as desktops and laptops.

Several projects are possible in this area. Because the market is divided into specific, directly-competitive segments (iPhone/IOS, Android, MS, RIM), it is probably necessary to focus on a particular product (device plus bundled software), rather than to define the problem generically.

Goals of this project

1. For example, the selected product could be studied in order to document the scope for new software capabilities to be delivered (through 'approved' channels) or infiltrated (some other way), and the field of play ('sandbox') within which those new software capabilities would be constrained. This would be a mixed theoretical and experimental analysis.

2. Another project could undertake a risk assessment approach, identify known threats and vulnerabilities, examine the available protections (i.e. provided with the product, or achievable by other means), and use a combination of theory and experimentation to present a gap analysis.

3. A further project could consider the specific issues that arise from the use of smartphones for electronic payments.

4. Yet another could focus on the privacy risks that arise from the use of mobile phones. This would necessarily involve an examination of location and tracking, both by means of location within cell and self-reported GPS data.

Background Literature

Clarke R. & Maurushat A. (2007) 'The Feasibility of Consumer Device Security'
J. of Law, Information and Science 18 (2007), PrePrint at http://www.rogerclarke.com/II/ConsDevSecy.html

Clarke R. (2008) 'A Risk Assessment Framework for Mobile Payments'
Proc. 21st Bled eCommerce Conf., June 2008, pp. 63-77, PrePrint at http://www.rogerclarke.com/EC/MP-RAF.html

Clarke R. (2008) 'Can Mobile Payments be Secure Enough?' commented Slide-Set for a seminar in the School of Information Management at the Victoria University of Wellington on 1 May 2008, at http://www.rogerclarke.com/EC/MPS-080501.html

Clarke R. & Wigan M. (2011) 'You Are Where You've Been: The Privacy Implications of Location and Tracking Technologies' Journal of Location Based Services 5, 3-4 (December 2011) 138-155
s.4.1 Location and Tracking Technologies: Handhelds, at http://www.rogerclarke.com/DV/YAWYB-CWP.html#Hh


Contact:

Roger Clarke
Dr Roger Clarke


Updated:  21 June 2012 / Responsible Officer:  JavaScript must be enabled to display this email address. / Page Contact:  JavaScript must be enabled to display this email address.