International Journal of Mechanical Engineering and Technology (IJMET)

Volume 8, Issue 12, December 2017, pp. 760–767, Article ID: IJMET_08_12_083
Available online at http://www.iaeme.com/IJMET/issues.asp?JType=IJMET&VType=8&IType=12
ISSN Print: 0976-6340 and ISSN Online: 0976-6359

© IAEME Publication Scopus Indexed

COMPARATIVE STUDY ON SECURITY

THREATS IN MOBILES AND IOT DEVICES
Mohan Kumar Ch, Neha Shikha, S.L. Sowndarya, N.A. Ramarao
Koneru Lakshmaiah Education Foundation,
Vaddeswaram, Guntur, Andhra Pradesh, India

ABSTRACT
Modern embedded systems, IoT devices and mobile systems are highly exposed to
security issues. These devices must be protected from unauthorized access in order to
protect the data regarding the sensitive assets. The high design complexity, aggressive
time–to–market, increase in the computational power of devices are the main causes
for introduction of security attacks, errors, vulnerabilities and security backdoors for
on-field compromising of device. Organizations need to be concerned about security,
which includes theft or loss of mobiles, possible virus infection, possible unauthorized
traffic interception and much more. In the same way the IoT devices allows a huge
number of people, servers and networks to connect mutually and share information.
As the usage of these devices is increasing, the prone to security attacks have also
increased. The IoT devices needed confidentiality, authentication, access control,
integrity in order to prevent some attacks. In this paper, we provide a brief of the
existing security challenges on mobile devices and IoT devices.
Key words: IoT, Security, Privacy,Threats, SDN.
Cite this Article: Mohan Kumar Ch, Neha Shikha, S.L. Sowndarya, N.A. Ramarao,
Comparative Study on Security Threats in Mobiles and IoT Devices, International
Journal of Mechanical Engineering and Technology 8(12), 2017, pp. 760–767.
http://www.iaeme.com/IJMET/issues.asp?JType=IJMET&VType=8&IType=12

1. INTRODUCTION
The term “Internet of Things” means connecting the devices with one another it was
introduced by Kevin Ashton in the year 1982. The word “Things” in IoT can be referred to a
wide variety of devices such as mobile phones, remote, cars, etc. The internet which we called
as World Wide Web is now not only the network of computers but now we connect the
devices together which are able to send and receive the data all over the network created. In
IoT we can connect devices with one another and can create a huge network among them and
the work is done without any human interference. IoT allows the object to sense and control
the network infrastructure, for this we make use of actuators and sensors. With the help of the
IoT system we can embed all our ordinary objects such as household gadgets, remotes, cars to
work for as the IoT system. Basically Internet of Things is a revolution allowing to build
connection among various that we come across in our day to day life and their everyday
interaction with the network with help of no human. We have millions of IoT systems today

http://www.iaeme.com/IJMET/index.asp 760 editor@iaeme.com

 Comparative Study on Security Threats in Mobiles and IoT Devices

and the count is supposed to be 50 billion in the year 2050. The world will be connected over
a network. Now also we are aware of the IoT system in home automation, mobile security,
agricultural irrigation, etc.

2. SECURITY ISSUES IN IOT

We know that Internet of Things make our life go in a simple and easier manner, but it also
come across many security issues. Today we are totally digital we do transactions online
inspite of standing in the queue in ATM, we prefer online shopping over going offline for it.
We store our personal id, password in the site, the attacker may hack and get the data and can
misuse it. There are many security challenges that we face today and need to overcome that.
The issues in security in IoT increases with the number of devices connected to it. This is
because the hacker can hack these objects easily and control it according to their wish. The
security issues is also that this devices once made cannot be updated, the hardware changes
cannot be done after the implementation we have to think before the implementation however
we can make changes in the software field. We also come across the security in the
Authentication and Authorization and sometimes also in the confidentiality of our data stored.
There are many system that are in threat to this security issues, for example, the home
automation system, if can change the phone number that is provided in the system that he can
operate the home. The mobile system is also suffering from many problems where there is the
issue of privacy and the authentication. Some of the attacks that we are facing today are:
Falsification: At the point when the gadgets in brilliant home perform correspondence with
the application server, the assailant may gather the parcels by changing directing table in the
portal. In spite of the fact that the SSL (secure attachment layer) procedure is connected, an
assailant can sidestep the produced testament. Along these lines, the aggressor can
misconstrue the substance of information or may release the secrecy of information. To secure
the shrewd home system from this assault, SSL method with appropriate confirmation
instrument ought to be connected. It is likewise vital to square unapproved gadgets that may
endeavor to get to brilliant home system.
Monitoring and personal information leakage attack: Wellbeing is one of the vital reasons
for a savvy home. Subsequently there are a considerable measure of sensors that are utilized
for flame checking, child observing, and housebreaking, and so forth. On the off chance that
these sensors are hacked by a gatecrasher then he can screen the home and access individual
data. To stay away from this assault, information encryption must be connected amongst
passage and sensors or client confirmation for the recognition of unapproved gatherings might
be connected.

http://www.iaeme.com/IJMET/index.asp 761 editor@iaeme.com

 Mohan Kumar Ch, Neha Shikha, S.L. Sowndarya, N.A. Ramarao

Security attack and system vulnerabilities: Framework security for the most part
concentrates on general IoT framework to distinguish distinctive security challenges, to plan
diverse security structures and to give appropriate security rules keeping in mind the end goal
to keep up the security of a system. Framework security essentially concentrates on general
IoT framework to distinguish diverse security challenges, to outline distinctive security
systems and to give legitimate security rules so as to keep up the security of a system.
Application Security works for IoT application to deal with security issues as per situation
necessities. System security manages securing the IoT correspondence organize for
correspondence of various IoT gadgets.

Data privacy and security: A few producers of keen TVs gather information about their
clients to investigate their review propensities so the information gathered by the brilliant TVs
may have a test for information security amid transmission. Information security is likewise
an incredible test. While transmitting information consistently, it is critical to escape watching
gadgets on the web.

http://www.iaeme.com/IJMET/index.asp 762 editor@iaeme.com

 Comparative Study on Security Threats in Mobiles and IoT Devices

3. SECURITY THREATS ON SMART DEVICES

Debug Conflicts
Debug and validation mostly requires observability of internal designing states of the system
or device. The Design –for-debug or DFD, which allows the debugger to observe the design
of internal system behavior during post silicon execution incur a significant security check.
Debug requirements are different from other usability requirements because they do not
directly affect functional behavior of the design but only their vulnerable methodologies. High
confidentiality and integrity requirements can be strictly realised by restricting functionality
of the design. An obvious way to protect an asset from unauthorized access is to prohibit
access to it.
Since, observability requirements from debug depend on the potential errors in the design,
it is difficult to produce robust security policies accounting debug requirements.

Hardware/Software challenges
Security solution for the modern computing devices is the tight coupling between hardware
and software components. Generally the programmable computing systems were built upon
standard hardware architecture like X86, MIPS, SPARC, etc with a standardized publishing
instruction set. These devices are highly complex, programmable and have high computing
power more than a general purpose computer few years back. Many security vulnerabilities
arise because of errors or misconfiguration at the inner face of hardware and software
components. The breach of contact between hardware and software results in such
vulnerabilities, which cannot be detected during hardware or software
Validation and a valid co-robust validation is required to detect such problems.
The key challenge existing is “How can we validate software that is being developed to
execute on a hardware platform whose design itself is undergoing change at the same time?”
to address this issue, current industrial practise includes developing prototypes like
 Virtual platforms, an abstract model of the hardware platform
 Emulation and FPGA models
 Adapting previous generation silicon as a platform for testing the next generation software .

Specification Challenges
Improved efficiency, increased capability to access data anytime or anywhere are advantages
of the highly smart mobiles, but these advantages do not come without shortcomings. The
increase in the user requirements from time-to-time made the mobile devices highly
computable and accessing. New challenges are taking birth while building new features in the
mobiles. These challenges are on both the sides of clients and servers. Some of these
challenges in the mobile devices are:
 Theft or loss of the mobile: the personal information stored in the mobile like personal email
messages, personal data could fall into wrong hands.
 Unauthorized persons can take advantage of small size and powerful capabilities of mobile
such as storage space and camera functions.
 Mobile devices can be easily effected by viruses.
 The GPRS/GMS communication protocol can be easliy intercepted to traffic since strong
signal protection is missing.

http://www.iaeme.com/IJMET/index.asp 763 editor@iaeme.com

 Mohan Kumar Ch, Neha Shikha, S.L. Sowndarya, N.A. Ramarao

Late Identification of Hardware Bugs

Hardware bugs found late in design and during post-silicon validation are typically patched by
firmware and software updates. This is because modifying hardware is more expensive than
developing a software patch, e.g., a bug found in silicon, if fixed in hardware, would require
an additional silicon spin. Such patches then become part of the system functionality and
carried over from one product to the next.

4. SOLUTIONS FOR SOME OF THE SECURITY CHALLENGES IN

MOBILE DEVICES
Several new threats to smart phones have emerged in the last few months like rootkits in
android platform devices and remote jail breake exploits for i phone and the arrival of Zeus, a
banking tojan which has spread widely. And also a various methedologies for attaching smart
phones which may be classified as:
1. Wireless
2. Break-in
3. Infrastructure-based
4. Worm-based
5. Botnet
6. User-based

Solution for wireless network attacks

A worm called cabir comprises of a message containing an application document named
Caribe. SIS which will appears like a security director utility. This worm engenders through
bluetooth. This worm utilizes the gadget's local bluetooth usefulness to find other bluetooth
gadgets and send them tainted SIS records. Preventing installation of these infected
applications can protect the smart phone from wireless attacks.

Solution for Break-in attacks

The assailant picks up control over the focused on gadget by misusing programming blunders
through break-in assaults. A few examinations for keeping this class of assaults have
proposed a few approaches like Doomboot. This is utilized to introduce ruined framework
parallels into C drive. The debased pairs contain Trojans as CommWarrior.

Solution for Infrastructure-based Attacks

Service provided by the Infrastructure are the basis for essential smart phone functionalities
like calls, SMS, e-mail services, the economic social impact of these attacks may be large.
Worms that exploit messaging services will have infection routes as preferred routes, which
are potentially more virulent. These worms can be easily sent out of the smart phone by using
the following propagation steps:
1. Building a model which, briefly describes the meeting architecture of devices with each
other.
2. Understanding the malicious code exploit methods of both the mobility of the users and the
capacities of the networks.

Solution for worm-based

The main worm based attacks can be characterized as:
1. Transmission channel

http://www.iaeme.com/IJMET/index.asp 764 editor@iaeme.com

 Comparative Study on Security Threats in Mobiles and IoT Devices

2. Spreading parameters
3. User mobility models
Avoiding downloads of infected files from the internet, sending and receiving infected
files using Bluetooth devices, using an infected memory card, reacting to the infected files
attached to MMS messages and pairing a device with an infected computer are the preferred
solution to avoid worms regarding transmission channel.
A worm attached to a bluetooth has ability to spread very quickly. To defend this
condition, monitoring points should be located in high traffic a location is suggested as a
solution.

Solution for botnet

Botnets are initially created in the mobiles for the protection against attackers. However, with
the rapid change in the mobiles caused changes in the botnet also. To serve protection for
highly changed mobile devices, the command and control (C&C) network is uploaded among
the bots and botmasters.

Solution for user-based

A large number of the present portable malware assaults are not founded on a specialized
weakness, but rather makes the client to abrogate specialized security systems. TrojanSMS.
AndroidOS. FakePlayer.b is an application which requires user to install it manually. In these
types of cases user have to launch correct application instead of fake ones.

5. CHALLENGES IN IOT DEVICES

It is a matter of concern that there are privacy and security issues in the IoT devices. There are
some limitations to these devices. Later it was known that it was all the issue of IoT
constrains, the main limitation for the IoT devices is the battery capacity.

Battery Life
Since now the devices are made small and convenient to handle they don’t have any extra
room for battery. They are made to be light in weight and small in size but this comes as a
challenge in privacy and security in the IoT devices. Because some IoT devices are deployed
in the environment where charging is not available, they have only a limited energy to execute
the designed functionality and may not provide the heavy security that is needed by the
device. The first we can do is to reduce security requirements if it is not too sensitive.
Secondly we can go for the harvest energy from the natural resources like light, wind, heat,
etc. But this approach requires an upgrade to the hardware and also there will high increase in
the cost.

Lightweight computation
The gadgets have restricted memory space so it is somewhat hard to deal with the figuring
and capacity prerequisites of propel cryptography calculations. There is a procedure called
Encrypted Query Processing calculation for IoT. This approach permits to safely store the
encoded IoT data on the cloud, and it underpins proficient database question preparing over
scrambled information. The proposed way to deal with lessen the inactivity for IoT while
playing out the question handling over the scrambled information by applying idleness
concealing procedure, this comprise of breaking the inquiry aftereffects of substantial size
into littler one. This enables the computational work to be performed on the arrangement of
information.

http://www.iaeme.com/IJMET/index.asp 765 editor@iaeme.com

 Mohan Kumar Ch, Neha Shikha, S.L. Sowndarya, N.A. Ramarao

Classification on IoT attacks

According to the recent survey on the security on the IoT devices it has been found that the
attacks on IoT devices can be classified into four distinct types. The types are such as:
Physical attack, Network attack, Software attack, Encryption attack. Each of the attacks
covers a layer of the IoT structure (such as physical, network and application layer) in
addition to that of IoT protocols for data encryption. When the attacker is too close to the
device then it is likely to be the physical attack. The network attack is all about the
manipulation of the IoT network system to cause damage. At the point when IoT applications
set forward some security vulnerabilities that enable the aggressor to hurt the framework then
it is called as programming assault. The encryption assault is breaking the framework
encryption. This assault should be possible by side channel, cryptanalysis, and so on.

6. CONCLUSIONS
On the premise of the examination, keeping in mind the end goal to avoid physical assault the
gadget should utilize the protected booting by applying a cryptographic hash calculations and
advanced mark to confirm the confirmation and honesty of the product. Another gadget must
validation itself to the system it will use before any transmission or gathering of information.
A gadget should likewise convey a blunder location framework, and all the data that is
conveyed by the gadget must be encoded to keep up the information respectability and
privacy. Validation and point-to-point encryption is utilized to guarantee information
protection and establishing security at arrange layer. The application layer can likewise give
the security by methods for encryption, trustworthiness check, validation that permits just the
verification client to utilize the information and keep the gadget assault free.

7. FUTURE SCOPE
We consider Software Defined Networking (SDN) and Cloud/Edge computing as the
promising technologies to address some of these challenges. SDN provides the capabilities to
configure policies and rules along the whole network in a consistent way. SDN, separating
control and data planes, is vital to enable dynamic access policies (as well as for the
consistency verification and monitoring tasks). Integrating the mentioned enabling
technologies, our architecture is composed of six layers: the device layer, the access network
layer, the access control layer, the core network layer, the core control layer, and the
application layer. Being SDN controlled, this network is not intended to be fully centralized.
However, we resort to a hierarchical design to overcome the complexity of a single control
level in this highly scalable network. Besides, IoT (along with 5G) is depicted to be the
“nervous system” of the digital society. Thus, we tried in this architecture to imitate the
human nervous system, which is composed of two levels of control: central (brain and spinal
cord) and peripheral (network of nerves), to build an architecture characterized by a
hierarchical control design.

REFERENCES
[1] Ruchika Thukral, Gulshan Kumar, Ankit Gupta, Nilesh kumar Verma, Shivanchal
Asthana, Microcontroller Based Solar Power Inverter . International Journal of Electrical
Engineering & Technology, 7(5), 2016, pp. 70–78.
[2] J. S. Kumar and D. R. Patel, “A survey on internet of things: Security and privacy issues”
International Journal of Computer Applications, vol. 90, no. 11, 2014.
[3] S. Yoon, H. Park, and H. S. Yoo, “Security issues on smart home in iot environment," in
Computer Science and its Applications. Springer, 2015, pp.691-696.

http://www.iaeme.com/IJMET/index.asp 766 editor@iaeme.com

 Comparative Study on Security Threats in Mobiles and IoT Devices

[4] Y. H. Hwang, “Iot security & privacy: threats and challenges,” in Proceedings of the 1st
ACM Workshop on IoT Privacy, Trust, and Security. ACM, 2015, pp. 1–1.
[5] S. Singh and N. Singh, “Internet of things (iot): Security challenges, business
opportunities & reference architecture for e-commerce,” in Green Computing and Internet
of Things (ICGCIoT), 2015 International Conference on. IEEE, 2015, pp. 1577–1581.
[6] “A Survey on Security for Mobile Devices” Mariantonietta La Polla, Fabio Martinelli, and
Daniele Sgandurra.
[7] A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, “Survey of Mobile Malware in
the Wild,” 2011.
[8] Norton, “Norton Mobile Security Lite,” 2011.
[9] Techie Buzz, “Android Data Theft Vulnerability Detailed,” 2011.
[10] BullGuard Ltd, “BullGuard Mobile Security 10,” 2011.
[11] I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: behavior-based malware
detection system for Android,” in Proceedings of the 1st ACM workshop on Security and
privacy in smartphones and mobile devices, ser. SPSM ’11. New York, NY, USA: ACM,
2011, pp. 15–26.
[12] Ashlesha A. Patil and Dr. S. R. Suralkar. Review on -IOT Based Smart Healthcare
System. International Journal of Advanced Research in Engineering and Technology,
8(3), 2017, pp 37–42.
[13] Venkata Siva Rao. A, M. Srinivasa Rao and K. Push pa Rani, Shrewd Street Dividers
Driven By IOT Technology, International Journal of Civil Engineering and Technology,
8(7), 2017, pp. 385–389.
[14] Hariharr C Punjabi, Sanket Agarwal, Vivek Khithani, Venkatesh Muddaliar and
Mrugendra Vasmatkar , Smart Farming Using IoT , International Journal of Electronics
and Communication Engineering and Technology , 8(1), 2017 , pp. 58–66.
[15] S. Nithya, Lalitha Shree, Kiruthika and Krishnaveni, Solar Based Smart Garbage
Monitoring System Using IOT, International Journal of Electronics and Communication
Engineering and Technology, 8(2), 2017, pp. 75–80.

http://www.iaeme.com/IJMET/index.asp 767 editor@iaeme.com