Problem - Do and report an in-depth technical study of iOS and Android platform incidents and create a taxonomy of the incidents from the recent past 4 years. This taxonomy could classify the incidents based on whether the issue was related to the operating system or applications and if social engineering was required to exploit the vulnerability.
The primary source for your research can be the National Vulnerability Database from NIST, but feel free to consult other resources as you see fit. NIST site already has a reasonable classification methodology.
Focus only on HIGH and CRITICAL severity reports for this study. Use the Advanced Search feature to limit your search.
Adjust your search so that it yields at least a dozen and no more than 50 incidents. Do an in-depth study for a dozen most relevant incidents, about 6 incidents each for the iOS and the Android platforms. Based on your study, answer the following questions to see if there is a difference between Android and iOS (and any other questions that you think might be appropriate):
- with respect to the vulnerabilities that require social engineering?
- summarize the attack vectors for the dozen or so chosen incidents
- Common Vulnerability Score (CVS) - Give details of how this score is computed. Expand on the subscores which perhaps take into account factors such as
1) impact factors (the number of users affected)
2) easy of deploying the exploit, i.e. the ability level of the attacker
3) can be exploited remotely?
4) can be used to spy on the end user, e.g. turning on the microphone/camera without the user's knowledge?