Carnegie Mellon University
May 21, 2013

Press Release: Carnegie Mellon's Information Networking Institute Applauds Alumni Authors for Book on Android Security

Contact: Chriss Swaney / 412-268-5776 / swaney@andrew.cmu.edu

Android SecurityPITTSBURGH—Two Carnegie Mellon University alumni are giving smartphone users a reality check with a new book that identifies and explains the cyberthreats posed by snooping hackers and other malware communication challenges.

Anmol Misra and Abhishek Dubey, who earned master's degrees at CMU's Information Networking Institute (INI), have written a comprehensive book about security challenges facing Android, one of the leading platforms for smartphones and tablet use. In their book, "Android Security: Attacks and Defenses," the authors explain how attackers can get control of your smartphone.

"This book is a wonderful example of how our graduates apply the knowledge and experience gained from their work in our interdisciplinary master's programs," said Dena Haritos Tsamitis, director of CMU's Information Networking Institute (INI) and director of education, training and outreach for Carnegie Mellon CyLab, one of the largest university-based cybersecurity research and education centers in the U.S.

Tsamitis, who wrote the book's foreword, points out that "anyone with an interest in mobile security will be able to get up to speed on the Android platform, and will gain a strategic perspective on how to protect personal and enterprise customers from the growing threats to mobile devices."

Both Misra and Dubey report that ever since Android has emerged as a leading platform for mobile devices, it has increasingly become the target for malicious attackers as vast amounts of personal data are stored in emails, texts and other applications, and personal information is increasingly easy to find on social networks. And the trend is going to continue with the rise in popularity of Android-based devices.

"Thirty-two applications available through the official Google market (Google Play) were recently infected with BadNews malware," said Misra, who earned his master's degree in information networking in 2005 and is now a member of Cisco's Information Security team. "People need to be able to trust the source of their applications, application behavior and they need assurance that data on their mobile devices is safe. Employees are increasingly bringing their personal devices to work — in many cases Android phones and tablets. This can result in significant exposure for enterprise security," Misra added.

Dubey, who earned his master's degree in information security and technology management in 2006 and is now a member of Cisco's Security Services and Cloud Operations team, said one of the big problems is that consumers are running old software programs on their smartphones and tablets. "This makes Android appear to be a mobile malware," Dubey said.

Misra and Dubey said the other challenge with mobile devices is that more personal data is now stored on these ubiquitous devices. "People need to upgrade frequently, develop backup systems for storage of personal material and ask for help before hackers completely overwhelm systems," the authors said.

"These mobile systems are pioneering and revolutionizing the way we work, play and live, but more attention must be spent on developing novel defenses to keep data safe, secure and reliable," Misra said.

Industry leaders agree.

"Dubey and Misra have filled a critical gap in software security literature by providing a unique and holistic approach to addressing this critical and often misunderstood topic. Android has become a key platform for mobility over the last few years and this book is a valuable resource for securing the same," said James Ransome, senior director of product security at McAfee.

For additional book information, see http://www.androidinsecurity.com or subscribe to the book's Twitter feed @droidinsecurity
                                                                ###