Mobile Security Taxonomy

Version 1.4 March 2016. Subtaxonomy: Mobile Malware Analysis Subtaxonomy

Gürol Canbek, Seref Sagiroglu, and Nazife Baykal, 2016. New Comprehensive Taxonomies on Mobile Security and Malware Analysis.
Designed by Gürol Canbek, All Rights Reserved. Contact:
Click the node to scroll to its text representation
Imagemap
Mobile SecurityProtection By-PassRootingJailBreakingSideLoadingFlashingSIMUnlockingThreatsBrickedPhoneDamageHoldingDeviceHostageBlackmailInappropriateContentExposureCopyCatAppsNetworkCongestionDataCollectionPrivateKeyCompromiseSecurityDegradationStealingUserCredentialsLocationTrackingInformationLeakageDisclosureUndiscoveredAttacksRemoteControlNonStandardMonetizationPolicyBreachingLostAnnoyanceBatteryDrainFinancialChargeImpersonationSextortionDataLossInteruptionExposureToThreatsFraudUnauthorizedAccessInjuryCyber bullyingMalwareInfectionInvasionOfPrivacyFireAccidentConceptual ClassesLayered ArchitectureHardware
ComponentsSecurity AspectsLeveled Security ControlsAssetsRisk  ResponsesSpecific Mobile Malware PayloadsMalwareTrojanHorseSMSFraudBotnetC&CServerWormRootkitLoadableKernelModuleBootkitRAT (Remote Access Trojan)SpywareFormsInTheWildZooPoCMaaS (Malware-as-a-Service)FamilyVariantFeaturesContainmentDifficultyRemovalDifficultyReusability (as a new variant)AdwareMadwareRansomwareChargewareGraywareDialerwareLogicBombTimeBombBackdoorTrapdoorSurvival and ConcealmentHiding Application IconAutostart on BootMutingModifying Device SettingsDisabling AntiVirusActive uponWiFi ConnectionChargingKeyloggerAttacksDoSForkBombBatteryExhaustionMalignantPowerBeningPowerNetworkServiceRequestJammingSideChannelMitMMitMoUIRedressingTapJackingEavesdroppingWiretappingTrackingMasquaredingSpoofingCallerIDSpoofingGPSSpoofingEMailAddressSpoofingCellTowerSpoofingSniffingCachePoisoningPrivilegeEscalationVerticalHorizontalSmudgeConfusedDeputyPermissionCollusionIndentityTheftTheftPayloadsTriggerConditionsCovertChannelOvertChannelPiggybackingAuthenticationBypassBruteForceSandboxEscapingSkimmingRFIDSkimmingServerSideAttacksSQLInjection (SQLi)CrossSiteScripting (XSS)SessionHijackingSessionReplayOpenRedirectURLHTTPAttacksSearchEnginePoisoning (SEP)DirectoryTraversalFileInclusion (Local/Remote)Shell/Command InjectionDictionaryAttackVectorsPhishingSMiShingVishing (Voice over IP)ShoulderSurfingWangiriPickpocketingAggressiveAdvertisementHiddenAPIDynamicExecutionDynamicClassLoading a.k.a ReflectionSpamSPITBluejackingScamBluesnarfingBluesnipingExploitRootExploitResourceConsumptionSystemCallHookingSocialEngineeringRogueAccessPoint a.k.a. Evil TwinGeoTaggingWarDrivingIMSICatcherPharmingPodSlurpingWebProxyReturnOrientedProgrammimg (ROP)LuringUserPhony patchAttackSurfacesDataCenterNetworkWAPGatewayMobileDeviceTypesTabletKindleiPadGalaxyMobilePhoneDeviceEmulatorLockScreen (2)RefurbishedSoftware3rdPartyLibraryScripting Layer for Android (SL4A)ApplicationInAppPurchasePreInstalledAppOS (2)Baseband  OSSIM Card OSRandomNumber Generator (RNG)CacheMobileBrowserLogsClipboard (Pasteboard)FirmwareEndUsers (2)SensorDataStorageSecure Digital (SD)Internal StorageCloud StorageInreasing/Reducing FactorsEnd Users (3)Mobility (+)Experience (-)RiskAppetite (+)SecurityAwareness (-)OthersSoftware (2)Installed Apps (+)Protection By-Pass (2) (+)Apps from Official Application Market (- ...Switching ContextDevice-to-EnvironmentDevice-to-DeviceDevice-to-CloudInter-Component Communication (ICC)CellularNetwork (2)Physical ConditionOpen SpaceCrowded EnvironmentWhile DrivingBattery ChargingOn the InternetOn the CallOn AircraftVulnerabilitiesUserAlwaysOnConnectivityConnectingToSuspiciousWiFiHumanErrorsCarelessnessIgnoranceUnawarenessNoPINSetToLockDeviceSamePasswordUsage CrossAppsOrServicesNotChangingAppService DefaultPrivacySett ...UnattendedDeviceInformationWeakServerSideControlsDataLeakageInCachesInCookiesInAppLogsOnMemoryDumpDataRemanenceHardcodedDataOnCodeImproperDecommisioningUnclassifiedInformationApp3rdPartyLibraryVulnerabilitiesApplicationGarbageBuggyApplicationsBufferOverflowInproperExceptionHandlingDebugInfoOnReleasedAppHardcoded CryptographicKeysHiddenFunctionalityInproperOrNoAccountLockoutInsecureRemoteAuthenticationNoAntiReverseEngineeringOverPrivilegedAppsPermissionCreepPoorAuthorization/AuthenticationSignWithDefaulPrivateKeyTOCTOUWeakEncryptionWeakPasswordWeakServerSideControlsSelfSignedCertificateInsecureSessionManagementOSMisconfigurationPrivacySettingsSecuritySettingsOutdatedOSSystemAppVulnerabilitiesBaseOSVulnerabilitiesPropagationProximityBasedIrDABluetoothQRCodeNFCiBeaconAirDrop (iOS, MAC OS)Radio Frequency  dentification (RFID)MessageBasedMMSCMASSMSIMEmailOther ChannelsMobileWebRemovableMediaPCSyncSocialMediaEnterpriseContacts3rdPartyAppMarketVoIPDesktopWebBrowserPortingPropagation StatusHealthySusceptibleInfectedImmunizedIn QuarantineRemovedDeceptionBasedRepackagingDriveByDownloadUpdate (Attack)InAppAdvertisementFakeApplicationPayPerInstallFakeAVMalvertisingDynamicPayloadNetworkBasedCellularNetworkWiFiPublicWiFiTeetheringRDSSDROSsDesktopMacOSWindowsLinuxMobile OSsiOSTizenLinux (2)FirefoxOSWindowsPhoneSymbianBlackBerryAndroidMalware DetectionAppReputation MarketMetaDataRatingDownload CountComments / ReviewsLikesEditor Choice / FeaturedCompatibilityMarket CoverageMalwareAnalysisMachine LearningDynamic AnalysisStatic AnalysisChallengesAnalysts ToolsMalware Author ToolsAnti-Analysis (Counter Measures)Anti-AntiAnalysis (Counter Counter Measu ...ClassificationDatasetsServicesVerify Apps (Android)AntiMalwareOnDevice (a.k.a AgentBased)OffDevicePreLoadedSecurityAppsAntiVirusEnginesMalwareSignatureFileSubmissionAppCrawlingMalwareExchangeScannersUrlScannerAggregatorsHoneypotMalware ContainmentRateLimitingQuarantineMalwareAlertsControlsOS (3)SandboxFactoryResetReFlashingInterProcessCommunication (IPC)Address Space Layout Randomization (ASLR ...MemoryManagementDeviceRestrictions (Administration)Security-Enhanced Linux (SELinux)PlatformHardeningVirtualMachine (VM)(Android) Dalvik VMAndroid Runtime (ART)DataExecutionPrevention (DEP)SoftwareUpdateTrust Agent (Android)Application (2)PermissionGranularityApplicationMarketOpenMarket (Android)WalledGarden (Apple)Enterprise Application StoreApplication WhitelistApplication BlacklistCodeSigningRemoteAppRemoval a.k.a AppRevocationBannedApplicationsApplicationPrivacyPolicyIn-AppIn-MarketApplicationPrivacySettingsAuthenticityIntegrityCheckingApplicationReviewProcessUpdateUnwantedApplications(WiFi) PasswordCrackerSuspending AccountBlocking AccountAuthenticationLockScreenOwnerInformationUnlockSlideSwipeMotion (tilt)Face UnlockFace & VoicePatternPIN (Pass Code)PasswordFingerprintSmart Lock (Android)LockDisableTimeout2FactorAuthenticationBiometricsFaceRecognitionFingerprintScanningTouchID (iOS)EyeScanningOfflineAuthenticationKeychainSingleSignOn (SSO)Certificate ValidationDataSecurityDataInTransitVirtualPrivateNetwork (VPN)SSL, TLSDataAtRestBackup and RecoveryRemoteWipeKillSwitchEncryptionDataOnDisplaySecureEnclave (iOS)SynchronizationDataInUsePrinciplesLeastPrivilegeNeedToKnowDefenceInDepthSegregationAvoidFalseSenseOfSecuritySecurityThroughObscrurityFUDAwarenessSecurityVsPrivacySecurityVsConvenienceWeakestLinkFailSafeCommitmentToSecurityRiskManagementContinousImprovementChainOfTrustDefaultDenyLessonsLearnedSecurity-by-ContractStandards / BestPracticesFIPSCryptographic Module Validation Program  ...SCAP (2)Reduced Attack SurfaceNo shellSupport RestrictionJavaFlashAccessControlMandatoryAC (MAC)DiscreationaryAC (DAC)PrivilegeBracketingRoleBasedAC (RBAC)PrivilegeSeperationOther ControlsMobileDeviceForensicsMemory DumpMobilePentestSecureApplicationDevelopmentRemoteConfigurationRedundancyBlocking Stolen DevicesMobilePhoneInsuranceDataLeakagePrevention (DLP)ConceptsTrustInternetOfThingsFuture (Device)PrivacyLawDRM (Digital Rights Management)EGovernmentMobileWorkingSemanticWebConvergencePolicyEnvironmentMDM (Mobile Device Management)M2M (Machine-to-Machine)NationalStrategyPresenseAwareTechnologyCIIP (Critical Information Infrastructur ...MobilePaymentSmartPhoneWearableDevicemHealthImplantableMedicalDeviceSmartGridText-to-SpeechIVR (Interactive Voice Response)MTM (Mobile Trusted ModuleNomophobiaBYOD (Bring Your Own Device)Smart HomeSmart CityActorsPlayersVendorsOperatorsManufacturersOrganizationsOpen Handset AllianceCloud Security Alliance Mobile Working G ...Security Content Automation Protocol (SC ...Trusted Computing Group (TCG) Mobile Pla ...ApplicationDevelopersAttackersIdentityThiefInformationScavangerThiefMalwareAuthorBlack Hat HackersAttackerTracesLanguageSignsInAppLocationCertificateInfosInteractedDomainIPsEndUsers
(Victims)Age GroupChildTeenagerAdultElderlyProfileConsumerEmployeeHigh OfficialDefendersWhite Hat HackersBug BountyCompetitionAntiVirusVendorsCharacteristicsSFSSizeShapeLayoutHeatPowerNoiseWeightDiversityFragmentation (Android)
hide
Mobile Security
hide
Controls