Get the Skills you need from Home with SANS Online Training - Special Offers Available Now

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Mobile Security

Featuring 7 Papers as of June 5, 2019

  • Mobile A/V: Is it worth it? Graduate Student Research
    by Nicholas Dorris - June 5, 2019 

    In the mid 2010’s, mobile devices such as smartphones and tablets have become ubiquitous with users employing these gadgets for various applications. While this pervasive adoption of mobile devices offers numerous advantages, attackers have leveraged the languid attitude of device owners to secure the owner’s gadgets. The diversity of mobile devices exposes them to a variety of security threats, as the industry lacks a comprehensive solution to protect mobile devices. In a bid to secure their assets and informational resources, individuals and corporations have turned to commercial mobile antivirus software. Most security providers present mobile versions of their PC antivirus applications, which are primarily based on the conventional signature-based detection techniques. Although the signature-based strategy can be valuable in identifying and mitigating profiled malware, it is not as effective in detecting unknown, new, or evolving threats, as it lacks adequate information and signature regarding these infections. Mobile attackers have remained ahead via obfuscation and transformation methods to bypass detection techniques. This paper seeks to ascertain whether current mobile antivirus solutions are effective, in addition to which default Android settings assist in the prevention or mitigation of various malware and their consequences.

  • Understanding Mobile Device Wi-Fi Traffic Analysis by Erik Choron - April 24, 2018 

    Mobile devices have become more than just a portable vehicle to place phone calls in locations previously deprived of traditional phone service. In addition to versatile phone service, mobile devices include the capability of utilizing the internet through the Mobile Internet Protocol (IP). This can cause a problem whenever a device is roaming through different points of the cellular network. The IP handoff that takes place during the transfer between cellular towers can result in a degraded performance which can possibly impede traffic analysis. A thorough understanding of Wi-Fi traffic and Mobile IP technology could benefit network and system administrators and defenders by heightening awareness in a field that is surpassing more commonly understood technology.

  • BYOD Security Implementation for Small Organizations Graduate Student Research
    by Raphael Simmons - December 15, 2017 

    The exponential improvement of the mobile industry has caused a shift in the way organizations work across all industry sectors. Bring your own device (BYOD) is a current industry trend that allows employees to use their personal devices such as laptops, tablets, mobile phones and other devices, to connect to the internal network. The number of external devices that can now connect to a company that implements a BYOD policy has allowed for a proliferation of security risks. The National Institute of Standards and Technology lists these high-level threats and vulnerabilities of mobile devices: lack of physical security controls, use of untrusted mobile devices, use of untrusted networks, use of untrusted applications, interaction with other systems, use of untrusted content, and use of location services. A well implemented Mobile Device Management (MDM) tool combined with network access controls can be used to mitigate the risks associated with a BYOD policy.

  • Forensic Analysis On Android: A Practical Case by Angel Alonso-Parrizas - October 14, 2015 

    Mobile platforms have grown in the last few years very quickly. At the same time, vulnerabilities and malware have evolved affecting the new mobile landscape. In order to respond to this new set of threats it is necessary that existing security techniques and tools adapt to the new situation. As a result, the current techniques, tools and processes to perform forensic analysis in networks and systems, need to cover also mobile platforms. In this paper it will be discussed how it is possible to perform forensic analysis in Android platforms covering the following aspects: the evidences in the logs, the network traffic, file system and in particular the analysis of the memory. A real malware case is investigated using the above aspects.

  • Passing the Sniff (Snort) Test by Matthew Hansen - October 7, 2015 

    They go by several names: Bloatware. Trialware. Pre-installation-ware. Some of them are completely innocuous. Many are designed to automate harvesting of information from the user. The line between these "unwantedware" and malware is thinning. Whether they arrive in our networks from a less-than-perfect supply chain, or as a natural result from Bring-Your-Own-Device (BYOD) policies, or even as an aggressive customer support "service" from the manufacturer, unwantedware shall exist. On the best of days, network defenders will identify, mitigate, and remove said software from their organization in the hopes that it cannot come back. Unfortunately, these herculean efforts are not enough. Users will ignore warnings from the security administrators. Users will pay lip service to the security training their organization provides. Users will rationalize intrusions into their devices through a myriad of worthless excuses: "I'm really boring", or "Anyone who wants to spy on me will have a lot of nothing to do", or "I'm really ugly, turning on my webcam would hurt THEM." Time and again users have shown that they are incapable of understanding the risks involved, they must be trained to dislike being spied on. In this paper we will examine unwanted data exfiltrations initiated by software we are told to trust, be it prepackaged software, chatty smartphone apps, or smart television applications. We will also present methods for detecting said exfiltrations, determining what data is being sent, and alerting the user in a meaningful way.

  • BYOD: Do You Know Where Your Backups Are Stored? Graduate Student Research
    by Marsha Miller - June 30, 2015 

    Ever striving to reduce costs, companies in increasing numbers are testing Bring Your Own Device (BYOD) as a mobile solution. Although security has become a hot topic, ensuring the protection of confidential information during synchronization of a mobile device to a personal storage location may be overlooked. This paper will touch on elements of how and where data is stored on a mobile Apple and Android device, the default backup solutions, a few legal aspects to consider, and some security solutions offered by AirWatch and Good.

  • Data Charging Bypass: How your IDS can help. Graduate Student Research
    by Hassan Mourad - October 2, 2014 

    The recent increase in the number of smart devices, the introduction of high speed mobile connections (4G/LTE), as well as the hype in social networking has all led to the dramatic increase in mobile Internet traffic.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact

All papers are copyrighted. No re-posting or distribution of papers is permitted. Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.