A systematic deconstruction of human-centric privacy & security threats on mobile phones

Habiba Farzand; Melvin Abraham; Stephen Brewster; Mohamed Khamis; Karola Marky

doi:10.1080/10447318.2024.2361519

A systematic deconstruction of human-centric privacy & security threats on mobile phones

Habiba Farzand^*
, Melvin Abraham
, Stephen Brewster
, Mohamed Khamis
, Karola Marky

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

11 Downloads (Pure)

Abstract

Mobile phones are most likely the subject of targeted attacks, such as software exploits. The resources needed to carry out such attacks are becoming increasingly available and, hence, easily executable, putting users’ privacy at risk. We conducted a systematic literature analysis to understand the relationship between resources and attack feasibility and present a categorisation of social engineering and side-channel attacks on mobile phones focusing on the resources attackers require. Our proposed categorisation levels facilitate an in-depth understanding of how mobile phone attacks can be executed using different combinations of partly simple resources. The analysis reveals that discrete protection mechanisms are insufficient to provide all-inclusive protection. The proposed categorisation assists in building novel solutions for safeguarding users’ privacy from diverse attacks by carefully considering the potential misuse of resources. We conclude by outlining future research directions highlighting the urgent need for a holistic user defense.

Original language	English
Pages (from-to)	1628-1651
Number of pages	24
Journal	International Journal of Human-Computer Interaction
Volume	41
Issue number	2
Early online date	12 Jun 2024
DOIs	https://doi.org/10.1080/10447318.2024.2361519
Publication status	Published - 17 Jan 2025
Externally published	Yes

Keywords

Social engineering attacks
Side channel attacks
Human-centred attacks
Mobile devices

Access to Document

10.1080/10447318.2024.2361519Licence: CC BY

Abraham_ASystematicDeconstruction_Published_2025Final published version, 2.62 MBLicence: CC BY

Cite this

@article{7691cd0ccc1b445ea64d5c135dd950d9,

title = "A systematic deconstruction of human-centric privacy \& security threats on mobile phones",

abstract = "Mobile phones are most likely the subject of targeted attacks, such as software exploits. The resources needed to carry out such attacks are becoming increasingly available and, hence, easily executable, putting users{\textquoteright} privacy at risk. We conducted a systematic literature analysis to understand the relationship between resources and attack feasibility and present a categorisation of social engineering and side-channel attacks on mobile phones focusing on the resources attackers require. Our proposed categorisation levels facilitate an in-depth understanding of how mobile phone attacks can be executed using different combinations of partly simple resources. The analysis reveals that discrete protection mechanisms are insufficient to provide all-inclusive protection. The proposed categorisation assists in building novel solutions for safeguarding users{\textquoteright} privacy from diverse attacks by carefully considering the potential misuse of resources. We conclude by outlining future research directions highlighting the urgent need for a holistic user defense.",

author = "Habiba Farzand and Melvin Abraham and Stephen Brewster and Mohamed Khamis and Karola Marky",

note = "{\textcopyright} 2024 The Author(s). Published with license by Taylor \& Francis Group, LLC. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The terms on which this article has been published allow the posting of the Accepted Manuscript in a repository by the author(s) or with their consent. Data availability statement: Not present.",

year = "2025",

month = jan,

day = "17",

doi = "10.1080/10447318.2024.2361519",

language = "English",

volume = "41",

pages = "1628--1651",

journal = "International Journal of Human-Computer Interaction",

issn = "1044-7318",

publisher = "Taylor and Francis Ltd.",

number = "2",

}

TY - JOUR

T1 - A systematic deconstruction of human-centric privacy & security threats on mobile phones

AU - Farzand, Habiba

AU - Abraham, Melvin

AU - Brewster, Stephen

AU - Khamis, Mohamed

AU - Marky, Karola

N1 - © 2024 The Author(s). Published with license by Taylor & Francis Group, LLC. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The terms on which this article has been published allow the posting of the Accepted Manuscript in a repository by the author(s) or with their consent. Data availability statement: Not present.

PY - 2025/1/17

Y1 - 2025/1/17

N2 - Mobile phones are most likely the subject of targeted attacks, such as software exploits. The resources needed to carry out such attacks are becoming increasingly available and, hence, easily executable, putting users’ privacy at risk. We conducted a systematic literature analysis to understand the relationship between resources and attack feasibility and present a categorisation of social engineering and side-channel attacks on mobile phones focusing on the resources attackers require. Our proposed categorisation levels facilitate an in-depth understanding of how mobile phone attacks can be executed using different combinations of partly simple resources. The analysis reveals that discrete protection mechanisms are insufficient to provide all-inclusive protection. The proposed categorisation assists in building novel solutions for safeguarding users’ privacy from diverse attacks by carefully considering the potential misuse of resources. We conclude by outlining future research directions highlighting the urgent need for a holistic user defense.

AB - Mobile phones are most likely the subject of targeted attacks, such as software exploits. The resources needed to carry out such attacks are becoming increasingly available and, hence, easily executable, putting users’ privacy at risk. We conducted a systematic literature analysis to understand the relationship between resources and attack feasibility and present a categorisation of social engineering and side-channel attacks on mobile phones focusing on the resources attackers require. Our proposed categorisation levels facilitate an in-depth understanding of how mobile phone attacks can be executed using different combinations of partly simple resources. The analysis reveals that discrete protection mechanisms are insufficient to provide all-inclusive protection. The proposed categorisation assists in building novel solutions for safeguarding users’ privacy from diverse attacks by carefully considering the potential misuse of resources. We conclude by outlining future research directions highlighting the urgent need for a holistic user defense.

U2 - 10.1080/10447318.2024.2361519

DO - 10.1080/10447318.2024.2361519

M3 - Article

SN - 1044-7318

VL - 41

SP - 1628

EP - 1651

JO - International Journal of Human-Computer Interaction

JF - International Journal of Human-Computer Interaction

IS - 2

ER -

A systematic deconstruction of human-centric privacy & security threats on mobile phones

Abstract

Keywords

Access to Document

Fingerprint

Cite this