+1-206-973-7012 Toll-free Chat Now Available 24/7
Log in
+1-206-973-7012 Chat Now
Log in
Order Now

Mobile Device Attacks Outline

Posted: August 26th, 2021

Mobile Device Attacks Outline

Christopher Mata

ISSC362-IT Security: Attack & Defense

American Public University

Elliott Lynn

May 3, 2020

Mobile Device Attacks Outline

This outline will be used to develop a research paper on mobile device attacks. The increased use of mobile devices, such as smartphones, tablets has some challenges. Users connect to the Internet and risk being attack. Moreover, people store sensitive information into these gadgets that can be stolen or attacked. In some cases, mobile devices are used in completing work-related activities. For that matter, mobile devices are at risk of being hacked or physically stolen. Malicious users are attacking mobile devices to access private data about individuals and companies. Therefore, this paper outline presents are a detailed plan for developing a research paper on mobile device security.

In the introduction, the basics of mobile security will be covered, along with the definition of concepts and statistics on how mobile devices are being utilized. Moreover, there will be a discussion on cases of mobile attacks in the news and described their impacts on users and organizations. The rest of the outline will include mobile security challenges, the next phase in mobile security, and approach to mobile security, the emerging solution to mobile security, and conclusion.

1.0              Introduction

  1. Background On Use Of Mobile Devices

In today’s world, mobile phones have unlimited capabilities, from making calls to the utilization of the latest technologies on the Internet and interconnection. Smartphones are used in video chat, payment systems, NFC, web browsing, and audio recording (Yang et al., 2017). The innovation has impacted the general communication and business world due to effective interaction between the users and ease of access to voluminous data in private and public clouds (Yang et al., 2017). Numerous benefits, such as social media, e-commerce, and revenue streams, would not be possible without technological infrastructures on mobile devices. Thus, technology has transformed the world by ensuring that individuals are connected 24/7 making the twenty-first century entirely different from history.

  1. Overview of Mobile Device Attacks

The ubiquitous technology comes with its downside due to the vicious problem of the mobility and vulnerability of the device to cyber-attacks. The attacks compromise security as they are designed to access high sensitivity data, siphon cash, and create interruptions(Yang et al., 2017). Attacks on mobile devices are more rampant today as they are an easy target due to their operating systems, mobile processors, and cellular broadband. As enhanced security awareness on dangers inherent in mobile phone usage is created due to their increased usage and populace in private and business, attackers become more sophisticated with technological improvement; hence it is challenging to match countermeasures (Aleroud, & Zhou, (2017). Mobile phone’s cyber threats target personal information on banking, bill payments, contact information, passwords, and emails. Many users use their social applications to store personal data. As such, they stay logged on, creating a higher threat of attacks from hackers. More so, mobile devices have basic security features that a determined hacker can easily crack with sufficient time.Therefore, its most significant advantage in usage is also the greatest threat that exposes the devices to attacks and loss of data.

  1. Definition of Mobile Device Attacks

Mobile device attacks refer to the exploitation ofnetworks targeting smartphones and tablets that are handheld communication device against cyber-attacks. The attacker connects to the device’s system and, without authorization, access any information available in the handsets (Ahvanooey et al., 2020).It mostly occurs when the authorized owner allows ad-hoc connections to networks, for example, open WiFis,thus raising raise the threat of cyber-attack.

  1. Examples of Mobile Attacks in the News

Numerous security threats aretargeting the hardware, operating system, and communication networks of mobile devices (Ahvanooey et al., 2020; Aleroud & Zhou, 2017). The mobile attacks include data leakage, network spoofing, phishing attacks, unsecured Wi-Fi, spyware, improper session handling, and broken cryptography.

2.0  Mobile security challenges

2.1  Data leakage

2.1.1        Definition of concept

Data leakage refers to an unauthorized transmission of information from a device to an external recipient or destination,which is done electronically (Pathan, 2016). In mobile devices, it occurs when hostile enterprise-signed mobile malware programs distribute codes built-in mobile operating systems such as IOS and Android to target devices(Ahvanooey, Li, Rabbani, & Rajput, 2020). The malware transfers data incorporate network without being noticed. As such, therefore, devices that have allowed permissions for affected apps are attacked.

2.1.2        Examples of Data Leakages

It occurs mainly from free apps in the android or IOS app stores used for advertising but collects personal data for cybercrimes (Pathan, 2016). They commonly include phishing, malicious attacks, and loss of passwords that are used by unauthorized people to collect personal data.

2.2  Unsecured Wi-Fi

2.2.1 Definition of the concept

Unsecured Wi-Fi is a network connection in mobile devices that has no security encryption whatsoever(Pathan, 2016; Ahvanooey, Li, Rabbani, & Rajput, 2020). Thus, it does not secure the user’s data from interception, and anyone can access connected devicesand the connection itself. Hence, unsecured Wi-Fi does not have a valid password for protectingits users.

2.3  Network Spoofing

2.3.1        Definition of Concept

Network spoofing happens when a hacker sets-up a fake access connection points which resemble Wi-Fi networks, but they are a trap (Pathan, 2016). It usually occurs in high traffic public areas such as airports, libraries, coffee shops, and malls. Cybercriminals provide the connection access points which require the users to create an account with passwords to access the free services(Yang et al., 2017). In these cases, illegal hackers then compromise the users’secure information such as email and e-commerce services available on the phone device.

2.4  Phishing attacks

2.4.1        Definition of Concept

Phishing refers to social engineering attack used to steal user’s data such as credit card numbers and login credentials by the hacker masquerading like a trustworthy electronic communication entity (Pathan, 2016). The attacker dupes victims into opening emails, text messages, and instant messages thus enabling easy access to their information.

2.4.2        News Driven Examples of Phishing Attacks

In the year 2019, Kaspersky detected phishing attacks were approximately 129.9 million that was mainly spear phishing (Vlaznev, 2020).

2.5  Spyware

2.5.1        Definition of Concept

Spyware is malware that aims at gathering information about a person without their knowledge in mobile devices and using such information in hacking another entity without the customer’s consent (Aleroud & Zhou, 2017). The malware infiltrates mobile devices by stealing sensitive information and internet usage data to gain access or damage the mobile device without the legit user’s knowledge.

2.5.2        Examples Spyware in Mobile Devices

Spywares are classified into four categories, which are adware, tracking cookies, system monitors, and Trojans.

2.6  Broken Cryptography

2.6.1        Description of Concept

     It is an insecure practice of cryptography in mobile apps that leverage encryption and can either have a technical or business impact (Pathan, 2016). It can result from the use of insecure algorithms such as RC2, MD4, MD5, and SHA1, the creation of customized encryption protocols, poor essential management techniques, and reliance on in-built code encryption methods.

2.7  Improper Session Handling

2.7.1        Definition of Concept

The improper session handling happens when mobile device apps unintentionally share session tokens with the adversary in a subsequent transaction on the mobile app and backend servers (Pathan, 2016).

2.7.2        Threats of Improper Session Handling in Mobile Devices

It occurs when a person forgets to log out in the mobile devices completing a task (Pathan, 2016). This gives cybercriminals a chance to explore the devices thus accessing valuable user information freely.

3.0  The Next Phase in Mobile Security Threats

3.1  SMiShing

3.1.1        Definition of concept

It refers to short messages (SMS) phishing, which is a security attack on mobile devices where the usersare tricked into downloading a Trojan horse, malware, or virus onto their cellular phones or other mobile devices (Chen & Huang, 2019; Aleroud & Zhou, 2017).

3.2  Bring Your Own Device (BYOD)

3.2.1        Definition of BYOD and Background Information about the Concept

BYOD in companies is a growing development where the company’s employees connect their devices to the organization’s network in accessing the corporate resources (Chen & Huang, (2019). It is a threat to the company as employees can use their mobile devices or tablets or laptops as their work devices. In most cases, own mobile devices do not offer high security or controls like the company computers due to mobile device attacks, thus exposing the company to cyber-attacks.

3.2.2        BYOD and Security of Mobile Devices

The potential security threats of BYOD include malware infiltration, potential legal issues, device losses or thefts, inadequate employee training, and poor mobile management (Chen & Huang, (2019).

3.3  Internet of Things (IoT)

3.3.1        Definition of IoT

It is an interrelated computing system in mobile devices provided with a unique identifier and ability of data transfer in a network without human-to-human interactions or human-to-computer interface (Chen & Huang, (2019).

3.3.2        Architecture of IoT

IoT architecture consists of three stages. They includethe physical stage, application stage, and communication stage (Chen & Huang, (2019). Besides, it is composed of numerous elements, such as sensors, actuators, protocols, cloud services, and layers. The architecture also has three layers that are perception, network, and application.

3.3.3        IoT Security and Mobile devices

Most IoT has no built-in security features, which makes it vulnerable to malware. The security of most internets of things devices is not a top priority; thus, they are exposed to security attacks (Chen & Huang, (2019).

4.0  Approach to Mobile Security

4.1  Education

4.1.1        Sensitizing People

People should be informed of mobile security and ways of prevention. This includes sensitizing them on minimizing the use of unsecured Wi-Fi, not sharing passwords, and downloading free apps in their mobile devices (Pathan, 2016).

4.1.2        Awareness of Security Issues

Users of mobile devices should also be educated on security issues such as data leakage to prevent loss of both mobile devices and their data on the android and IOS apps.

4.2  Protection

4.2.1        Threat Intrusion Protection

IPS offers mobile security protection on mobile devices and information to next-generation EPP solutions on the traditional connectivity endpoints (Yang et al., 2017). It provides security on BYOD devices, unparalleled mobile threat research, and machine learning-based detection.

4.2.2        Data leakage Protection and Monitoring

Data loss prevention (DLP) techniques ensure that the end-users do not send confidential information outside the company’s network (Pathan, 2016). The software assists a network administrator in managing and monitoring the type of data that end-users can transfer.

4.2.2.1  Techniques for data leakage protection in mobile devices

The methods involve data backups, user education, data classification, protection policies, and employ DLP techniques (Pathan, 2016; Vlaznev & Kubrin, 2020).

4.3  Detection

4.3.1        Malware Detection

It is a process of scanning a mobile device, files, and information to detect malware andemploys multiplemethods and tools (Pathan, 2016). Though it is a complex process, it takes only50 seconds to detect and remove malware in mobile devices.

4.3.2        Anomaly Detection

It identifies the existence of rare items or observations that raise suspicions in mobile devices that vary from significant data (Vlaznev & Kubrin, 2020).

4.4  Response

4.4.1        Containment Eradication

Containment is a security methodology that involves control of access to information, networks, files, and systems on mobile devices through access and connection points (Pathan, 2016).

4.4.2        Recovery

            When authorized users of mobile devices lose their data through mobile attacks, they can recover their information from backups or antivirus systems (Vlaznev & Kubrin, 2020).

5.0  Emerging Solutions for Mobile Devices Security

5.1  Static Analysis

Static analysis in mobile devices involves automating numerous operations such as reverse engineering, automatic verification, and privilege analysis of security properties (Ahvanooey et al., 2020).

5.2  Dynamic Analysis

            These analyze entails importing new instruction to a mobile device by use of codes and then modifying the application to curb mobile attacks (Ahvanooey et al., 2020).

5.3  Machine Learning

            The technique detects malware using machine learning algorithms to distinguish normal and anomalous behaviors in a mobile device during their execution (Ahvanooey et al., 2020).

6.0  Conclusion

Threats on mobile devices security are increasing in numbers and also evolving in scope. To protect the mobile devices and information,the users should understand the common threat vectors, as well as formulateand be prepared for more advanced malicious activities. More robust internet security solutions should offer comprehensive coveragethat spreads beyond the desktops and laptops also to include internet connection points such asmobile devices and IoT devices. Furthermore, personal networks and mobile devices should offer inclusive protections when the user cannot access mobile devices.

References

Ahvanooey, M. T., Li, Q., Rabbani, M., & Rajput, A. R. (2020). A survey on smartphone security: Software vulnerabilities, malware, and attacks. arXiv preprint arXiv:2001.09406.

Aleroud, A., & Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security, 68, 160-196.

Chen, Y. T. & Huang, C. C. (2019). Determining Information Security Threats for an IoT-Based Energy Internet by Adopting Software Engineering and Risk Management Approaches. Inventions, 4(3), 53.

Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.

Vlaznev, D. O., & Kubrin, S. V. (2020). U.S. Patent Application No. 16/188,449.

Yang, C., Huang, Q., Li, Z., Liu, K., & Hu, F. (2017). Big Data and cloud computing: innovation opportunities and challenges. International Journal of Digital Earth, 10(1), 13-53.

Expert paper writers are just a few clicks away

Place an order in 3 easy steps. Takes less than 5 mins.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00