PDF Basket
We increasingly bank with our phones, connect to social media and even control household appliances thanks to the advent of the ‘Internet of Things’ applications — where computing devices are embedded in objects like fridges, TVs and dishwashers, enabling them to send and receive data.
The rise in mobile applications is increasingly attracting the attention of cybercriminals looking for ways to steal personal data and other critical information.
In response the EU-funded PRISM CODE project has identified and made recommendations to address security and privacy vulnerabilities in mobile devices, which increasingly play a pivotal role in our everyday lives.
The strategy is built on two concepts: privacy — ensuring the non-disclosure of personal information — and security, providing protection against malicious intent. The project is grounded on the belief that widespread adoption of cooperative services for mobile devices is possible only if these two conditions are met.
The project specifically addressed the expected proliferation of distributed services and Internet of Things. A good example of this is when an app requests permission to access parts of your smartphone.
“We don’t think that this permission should be granted forever, and should instead be related to specific contexts,” says project coordinator Mauro Conti from the University of Padua in Italy. “So when an app asks to use your microphone, this does not require you to grant the app access to your microphone when you want to use the phone. We are actually now seeing this concept being implemented in the latest version of Android phones.”
Pioneering research excellence
In order to address security threats, PRISM CODE set about designing a strategy to protect smartphones even if it is in constant communication with other devices and contains potentially vulnerable applications.
“The project began by looking at different types of problem scenarios,” explains Conti. “Vulnerable apps that are downloaded for example can be exploited. This means that if you’re on your phone and trying to connect with your bank, you might be at risk of a cyberattack if proper security features have not been properly implemented.”
The project also enabled Conti to carry out truly independent research and establish a pioneering research group at the University of Padua.
“The project helped me to establish the SPRITZ Security and Privacy Research Group, which includes nine PhD and ten MSc students,” he says. “This was set up completely from scratch. We now have visibility and are increasingly recognised worldwide.” Conti was also able to publish 36 journal papers and 70 conference papers during the duration of PRISM CODE.
Projects such as this, says Conti, are essential in ensuring that disruptive technological change solves more problems than it creates.
“We are not in the era of Galileo any more, where a single researcher can completely change our view of the world,” he says. “Research now is collaborative. I think PRISM CODE and projects like this are making a significant contribution to the future security of mobile devices. We have designed specific solutions, and shown other researchers where they should go next from a security point of view.”