2009/dap/policy-reqs Overview.html,1.32,1.33

Update of /sources/public/2009/dap/policy-reqs
In directory hutz:/tmp/cvs-serv2221

Modified Files:
	Overview.html 
Log Message:
Add abuse cases material from David

Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/policy-reqs/Overview.html,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- Overview.html	18 Mar 2010 12:41:32 -0000	1.32
+++ Overview.html	30 Mar 2010 12:58:51 -0000	1.33
@@ -489,6 +489,40 @@
           </li>
         </ul>
 </section>
+<section>
+      <h3>Abuse Cases</h3>
+	  <p>
+	  This section outlines some abuse cases for misuse of APIs.
+	  </p>
+	  <p>
+	  The landscape that is being created is the enablement of cross-platform, cross-device, easy to develop, highly functional applications based on browser technology that has been proven repeatedly to be untrustworthy - a perfect recipe for evil. Will this meet all the criteria for really successful malware on mobile devices for example?
+	  </p>
+	  <p>
+	  Up until now the measures taken by the mobile industry have proven highly successful in ensuring no major malware incident has affected the industry. There have been attempts: the MMS-spreading Commwarrior is probably the most infamous, along with the Spyware tool, Flexispy. An additional factor in ensuring the success of mobile security has been the fact that mobile platforms have been too fragmented and complex, therefore not representing an attractive target so far. Existing modus operandi from technology-related attacks can provide indicators as to the types of attack and abuse that can be expected on widgets and web applications as device APIs are opened up. 
+	  </p>
+    <section id="premium-rate-abuse">
+      <h2>Abuse Case AC1: Premium Rate Abuse</h2>
+			<p>A widget that seems benign but is actually spewing out SMSs to premium rate numbers without the user’s knowledge. This could be modified from an original safe widget such as a game. For the malware author, the key piece to solve is to dupe the user into thinking that the SMS capability is something that is part of the original application. Examples of this have been seen in the past, created from games and this model could be used for ‘diallers’ too (which plagued the desktop world in the days of dial-up networking). There have been recent warnings about this kind of abuse from security firms.
+			</p>
+</section> <!-- premium rate Abuse -->
+      <section id="privacy-breach">
+<h3>Abuse Case AC2: Privacy Breach</h3>
+			<p>An application that gains access to locations, contacts and gallery, silently uploading the data in the background to a site owned by the attacker. This is something that has been a clear goal for attackers already. There have been numerous high-profile examples in the past in the mobile world. Celebrities such as Paris Hilton, Miley Cyrus and Lindsay Lohan have all had private pictures, phone numbers and voicemails stolen from devices or networks in clear breach of their privacy. There has been embarrassment for teachers who had their pictures and videos copied by the children in their class and spread around school. The most high-profile case in the UK of a mobile related privacy breach was that of the News of the World's use of voicemail hacking to gain access to private information about Royalty. The Royal editor, Clive Goodman was jailed for four months and the editor, Andy Coulson resigned over this blatant privacy breach. Given the appetite for breaching privacy, users need to be safe in the kowledge that their personal data will not leak in any way.
+			</p>
+      </section> <!-- privacy-breach -->
+      <section id="integrity-breach">
+        <h3>Abuse Case AC3: Integrity Breach</h3>
+			<p>A widget that replaces the voicemail number with a premium rate number instead? There are number of reasons why an attacker would want to breach the integrity of the device. Simply changing the telephone number of the voicemail that is stored on the device could be enough to make an attacker a lot of money. Users usually have a shortcut key to their voicemail and may not notice for a long time that anything is wrong. A more sinister use could be to plant evidence on a device. Pictures, files and even criminal contacts could potentially be anonymously planted all without the user's consent or knowledge. Proving innocence could suddenly become very difficult.
+There are also a number of reasons why somebody would want to steal data. The contents of corporate e-mails would be very interesting to a competitor, as would sabotaging data stored in spreadsheets and presentations on the target phone.
+			</p>
+      </section> <!-- integrity-breach -->
+      <section id="phishing">
+        <h3>Abuse Case AC4: Phishing</h3>
+			<p>A widget that replaces the voicemail number with a premium rate number instead? There are number of reasons why an attacker would want to breach the integrity of the device. Simply changing the telephone number of the voicemail that is stored on the device could be enough to make an attacker a lot of money. Users usually have a shortcut key to their voicemail and may not notice for a long time that anything is wrong. A more sinister use could be to plant evidence on a device. Pictures, files and even criminal contacts could potentially be anonymously planted all without the user's consent or knowledge. Proving innocence could suddenly become very difficult.
+There are also a number of reasons why somebody would want to steal data. The contents of corporate e-mails would be very interesting to a competitor, as would sabotaging data stored in spreadsheets and presentations on the target phone.
+			</p>
+      </section> <!-- phishing -->
+</section> <!-- Abuse -->
     </section> <!-- policy use cases -->
     <section> 
       <h2>Requirements</h2>

Received on Tuesday, 30 March 2010 12:59:00 UTC