In the past decade, more and more of us have come to rely on smartphones for on-the-go financial, business and social transactions. But the security of the personal information we store on these devices could decline considerably as hardwired features increasingly give way to open-source software programs that users can customize to fit their needs. Identifying, understanding and mitigating new security risks to these “open softphones” will be critical to ensuring their continued viability and success in the mobile communications marketplace.
To help nip these risks in the bud, the National Science Foundation has awarded a $3 million grant to a Boston-University-led project called Securing the Open Softphone. Based at BU’s Center for Reliable Information Systems and Cyber Security (RISCS), the research team includes nine senior investigators from the College of Engineering (ENG), College of Arts and Sciences, and Metropolitan College; two industrial partners, Deutsche Telekom and Raytheon BBN Technologies; and one academic partner, Warwick University.
The ENG faculty, Professor Mark Karpovsky and Associate Professors David Starobinski and Ari Trachtenberg (all ECE), plan to address hardware, software and networking challenges in making softphones more secure.
“Our goal is to preempt major security problems before the technology becomes mature and widespread,” says Trachtenberg, one of the chief architects of the five-year project. “We seek to understand these problems and identify new opportunities for solving them.”
Among other things, softphone security can be compromised through malware (malicious applications), eavesdropping and identity theft. For example, the person sitting next to you at a Red Sox game could steal your softphone, search for personal information and break into your home and access your bank account. Softphones could also be used to attack critical communication systems ranging from air traffic control to emergency services. For instance, someone could e-mail a virus to thousands of softphones in a designated region, program the virus to call 911 at exactly the same time on all the phones, and shut down the region’s 911 system.
The research team ultimately aims to identify security challenges that are particular to softphones, and resolve many of them by leveraging the devices’ unique features, which include sensors, accelerometers, GPS and digital cameras. These technologies could be exploited to identify threats, detect attacks, protect user privacy and authenticate users. For example, a softphone’s sensors could be programmed to confirm its user’s biometric signature before granting access to the device, or to detect the physical proximity of an unknown caller before accepting the connection.
Collaborating with experts in computer networking, security and algorithms; cryptography; and telecommunications, the College of Engineering subgroup aims to develop more effective ways to authenticate users and callers, and design more secure networking protocols and hardware.
“In response to a growing interest in smartphone security, several researchers are attempting to fix individual hardware or software components,” says Trachtenberg. “We’re part of an exceptionally broad, multidisciplinary team that’s addressing different aspects of the problem in a holistic and cohesive manner.”