ABSTRACT
The smartphone landscape is very large, and has a number of layers of software, protocols, and services that work together to deliver an experience to the consumer. The interaction between consumer, apps, smartphone, service provider, and the wider Internet is supported by various wireless protocols that provide connectivity. Thus, a smartphone may be vulnerable to attacks coming from installed apps, wireless interfaces, running services, and the underlying configuration of the device. We are motivated to systematize this knowledge of attacks and attack vectors, as this will provide a compendium to security researchers intending to develop intrusion detection and prevention systems for the smartphone ecosystem. We do this by comprehensively enumerating the ways in which the security and privacy of a smartphone can be attacked. By understanding the ways in which smartphones can be attacked, we obtain a mechanism to compare them to traditional workstations, giving useful insight into the additional or varied risks that need to be addressed when building technology to secure smartphones.
