A Survey on Code Injection Attacks in Mobile Cloud Computing Environment

Abstract

Mobile Cloud Computing is a combination of Mobile Computing, Cloud Computing and wireless networks to convey rich computational resources to mobile users, network operators, as well as cloud computing providers. Nowadays, the market of mobile devices and its applications are growing at an alarming speed. In general, single application for a specific purpose is not compatible to different operating systems. So the developer has to develop various versions of application which is compatible to different platforms. In order to overcome the drawback of compatibility and interoperability issues, HTML5-based mobile applications are built by using standard web technologies. HTML5-based mobile applications support same version of application in different platforms, but these applications are vulnerable to attacks because of the data and code being fused together. A new form of Code Injection Attack found in this type of mobile applications inherits the property of XSS attack and also uses many channels to inject malicious code such as Contact, SMS, WIFI, NFC, Barcode etc. This allows the attacker to inject malicious code to exhaust all the resources of the victim. Therefore, security is the major issue which impedes the development of Mobile Cloud Computing. This paper surveys the malicious code injection attacks in Mobile Cloud Computing environment and the possible solutions.