Exploiting the mobile cloud via mobile browsers
Recent research has shown that mobile browsers can take advantage of cloud hosting, permitting the use of multiple servers in order to complete complex tasks which would be impossible using mobile technology alone.
Due to their limited computational capabilities, smartphones and tablets are not able to carry out complex tasks, however such mobile browser cloud servers could alleviate this problem. Complex tasks can be carried out via the cloud thus sending the user information on a web page.
This could however have repercussions. For instance, a cybercriminal could anonymously hack and crack computer networks via a mobile based system, according to William Enck a professor of North Carolina State University. Enck said that "Because the person getting the bill for that computation is really the cloud browser provider, it gives those using the resources anonymously for other purposes an added advantage."
Enck and his researchers were able to exploit a design fault so as to enable theoretically unlimited browser requests. By customizing certain things such as the interface, they could make many more requests. They tested their theory by using 1mb, 10mb and 100mb data packets (they could have used even larger data packets had they wanted to).
They used a Google program called MapReduce to undertake the large computations required. Enck said that they were essentially able to “chain together a bunch of requests to make a larger computation."
Resolving this problem would however be easy – the requirement of authentication in browsers. Another resolution could be via the use of accounts – you would easily notice if an account was making vastly more requests than a human being could. As such, measures could be taken to halt any further exploitation.
The research team managed to use Opera Mini, Cloud Browse as well as Amazon Silk to carry out their tests. Mobile cloud security is therefore very much in its infancy but we should be seeing vast improvements happening in the near future – Enck’s team will present a paper in three days time at the Annual Computer Security Applications Conference in Orlando, highlighting their discoveries.