Posted: August 26th, 2021
Mobile Device Attacks Outline
Christopher Mata
ISSC362-IT Security: Attack & Defense
American Public University
Elliott Lynn
May 3, 2020
Mobile Device Attacks Outline
This outline will be used to develop a research paper on mobile device attacks. The increased use of mobile devices, such as smartphones, tablets has some challenges. Users connect to the Internet and risk being attack. Moreover, people store sensitive information into these gadgets that can be stolen or attacked. In some cases, mobile devices are used in completing work-related activities. For that matter, mobile devices are at risk of being hacked or physically stolen. Malicious users are attacking mobile devices to access private data about individuals and companies. Therefore, this paper outline presents are a detailed plan for developing a research paper on mobile device security.
In the introduction, the basics of mobile security will be covered, along with the definition of concepts and statistics on how mobile devices are being utilized. Moreover, there will be a discussion on cases of mobile attacks in the news and described their impacts on users and organizations. The rest of the outline will include mobile security challenges, the next phase in mobile security, and approach to mobile security, the emerging solution to mobile security, and conclusion.
In today’s world, mobile phones have unlimited capabilities, from making calls to the utilization of the latest technologies on the Internet and interconnection. Smartphones are used in video chat, payment systems, NFC, web browsing, and audio recording (Yang et al., 2017). The innovation has impacted the general communication and business world due to effective interaction between the users and ease of access to voluminous data in private and public clouds (Yang et al., 2017). Numerous benefits, such as social media, e-commerce, and revenue streams, would not be possible without technological infrastructures on mobile devices. Thus, technology has transformed the world by ensuring that individuals are connected 24/7 making the twenty-first century entirely different from history.
The ubiquitous technology comes with its downside due to the vicious problem of the mobility and vulnerability of the device to cyber-attacks. The attacks compromise security as they are designed to access high sensitivity data, siphon cash, and create interruptions(Yang et al., 2017). Attacks on mobile devices are more rampant today as they are an easy target due to their operating systems, mobile processors, and cellular broadband. As enhanced security awareness on dangers inherent in mobile phone usage is created due to their increased usage and populace in private and business, attackers become more sophisticated with technological improvement; hence it is challenging to match countermeasures (Aleroud, & Zhou, (2017). Mobile phone’s cyber threats target personal information on banking, bill payments, contact information, passwords, and emails. Many users use their social applications to store personal data. As such, they stay logged on, creating a higher threat of attacks from hackers. More so, mobile devices have basic security features that a determined hacker can easily crack with sufficient time.Therefore, its most significant advantage in usage is also the greatest threat that exposes the devices to attacks and loss of data.
Mobile device attacks refer to the exploitation ofnetworks targeting smartphones and tablets that are handheld communication device against cyber-attacks. The attacker connects to the device’s system and, without authorization, access any information available in the handsets (Ahvanooey et al., 2020).It mostly occurs when the authorized owner allows ad-hoc connections to networks, for example, open WiFis,thus raising raise the threat of cyber-attack.
Numerous security threats aretargeting the hardware, operating system, and communication networks of mobile devices (Ahvanooey et al., 2020; Aleroud & Zhou, 2017). The mobile attacks include data leakage, network spoofing, phishing attacks, unsecured Wi-Fi, spyware, improper session handling, and broken cryptography.
Data leakage refers to an unauthorized transmission of information from a device to an external recipient or destination,which is done electronically (Pathan, 2016). In mobile devices, it occurs when hostile enterprise-signed mobile malware programs distribute codes built-in mobile operating systems such as IOS and Android to target devices(Ahvanooey, Li, Rabbani, & Rajput, 2020). The malware transfers data incorporate network without being noticed. As such, therefore, devices that have allowed permissions for affected apps are attacked.
It occurs mainly from free apps in the android or IOS app stores used for advertising but collects personal data for cybercrimes (Pathan, 2016). They commonly include phishing, malicious attacks, and loss of passwords that are used by unauthorized people to collect personal data.
Unsecured Wi-Fi is a network connection in mobile devices that has no security encryption whatsoever(Pathan, 2016; Ahvanooey, Li, Rabbani, & Rajput, 2020). Thus, it does not secure the user’s data from interception, and anyone can access connected devicesand the connection itself. Hence, unsecured Wi-Fi does not have a valid password for protectingits users.
Network spoofing happens when a hacker sets-up a fake access connection points which resemble Wi-Fi networks, but they are a trap (Pathan, 2016). It usually occurs in high traffic public areas such as airports, libraries, coffee shops, and malls. Cybercriminals provide the connection access points which require the users to create an account with passwords to access the free services(Yang et al., 2017). In these cases, illegal hackers then compromise the users’secure information such as email and e-commerce services available on the phone device.
Phishing refers to social engineering attack used to steal user’s data such as credit card numbers and login credentials by the hacker masquerading like a trustworthy electronic communication entity (Pathan, 2016). The attacker dupes victims into opening emails, text messages, and instant messages thus enabling easy access to their information.
In the year 2019, Kaspersky detected phishing attacks were approximately 129.9 million that was mainly spear phishing (Vlaznev, 2020).
Spyware is malware that aims at gathering information about a person without their knowledge in mobile devices and using such information in hacking another entity without the customer’s consent (Aleroud & Zhou, 2017). The malware infiltrates mobile devices by stealing sensitive information and internet usage data to gain access or damage the mobile device without the legit user’s knowledge.
Spywares are classified into four categories, which are adware, tracking cookies, system monitors, and Trojans.
It is an insecure practice of cryptography in mobile apps that leverage encryption and can either have a technical or business impact (Pathan, 2016). It can result from the use of insecure algorithms such as RC2, MD4, MD5, and SHA1, the creation of customized encryption protocols, poor essential management techniques, and reliance on in-built code encryption methods.
The improper session handling happens when mobile device apps unintentionally share session tokens with the adversary in a subsequent transaction on the mobile app and backend servers (Pathan, 2016).
It occurs when a person forgets to log out in the mobile devices completing a task (Pathan, 2016). This gives cybercriminals a chance to explore the devices thus accessing valuable user information freely.
It refers to short messages (SMS) phishing, which is a security attack on mobile devices where the usersare tricked into downloading a Trojan horse, malware, or virus onto their cellular phones or other mobile devices (Chen & Huang, 2019; Aleroud & Zhou, 2017).
BYOD in companies is a growing development where the company’s employees connect their devices to the organization’s network in accessing the corporate resources (Chen & Huang, (2019). It is a threat to the company as employees can use their mobile devices or tablets or laptops as their work devices. In most cases, own mobile devices do not offer high security or controls like the company computers due to mobile device attacks, thus exposing the company to cyber-attacks.
The potential security threats of BYOD include malware infiltration, potential legal issues, device losses or thefts, inadequate employee training, and poor mobile management (Chen & Huang, (2019).
It is an interrelated computing system in mobile devices provided with a unique identifier and ability of data transfer in a network without human-to-human interactions or human-to-computer interface (Chen & Huang, (2019).
IoT architecture consists of three stages. They includethe physical stage, application stage, and communication stage (Chen & Huang, (2019). Besides, it is composed of numerous elements, such as sensors, actuators, protocols, cloud services, and layers. The architecture also has three layers that are perception, network, and application.
Most IoT has no built-in security features, which makes it vulnerable to malware. The security of most internets of things devices is not a top priority; thus, they are exposed to security attacks (Chen & Huang, (2019).
People should be informed of mobile security and ways of prevention. This includes sensitizing them on minimizing the use of unsecured Wi-Fi, not sharing passwords, and downloading free apps in their mobile devices (Pathan, 2016).
Users of mobile devices should also be educated on security issues such as data leakage to prevent loss of both mobile devices and their data on the android and IOS apps.
IPS offers mobile security protection on mobile devices and information to next-generation EPP solutions on the traditional connectivity endpoints (Yang et al., 2017). It provides security on BYOD devices, unparalleled mobile threat research, and machine learning-based detection.
Data loss prevention (DLP) techniques ensure that the end-users do not send confidential information outside the company’s network (Pathan, 2016). The software assists a network administrator in managing and monitoring the type of data that end-users can transfer.
The methods involve data backups, user education, data classification, protection policies, and employ DLP techniques (Pathan, 2016; Vlaznev & Kubrin, 2020).
It is a process of scanning a mobile device, files, and information to detect malware andemploys multiplemethods and tools (Pathan, 2016). Though it is a complex process, it takes only50 seconds to detect and remove malware in mobile devices.
It identifies the existence of rare items or observations that raise suspicions in mobile devices that vary from significant data (Vlaznev & Kubrin, 2020).
Containment is a security methodology that involves control of access to information, networks, files, and systems on mobile devices through access and connection points (Pathan, 2016).
When authorized users of mobile devices lose their data through mobile attacks, they can recover their information from backups or antivirus systems (Vlaznev & Kubrin, 2020).
Static analysis in mobile devices involves automating numerous operations such as reverse engineering, automatic verification, and privilege analysis of security properties (Ahvanooey et al., 2020).
These analyze entails importing new instruction to a mobile device by use of codes and then modifying the application to curb mobile attacks (Ahvanooey et al., 2020).
The technique detects malware using machine learning algorithms to distinguish normal and anomalous behaviors in a mobile device during their execution (Ahvanooey et al., 2020).
Threats on mobile devices security are increasing in numbers and also evolving in scope. To protect the mobile devices and information,the users should understand the common threat vectors, as well as formulateand be prepared for more advanced malicious activities. More robust internet security solutions should offer comprehensive coveragethat spreads beyond the desktops and laptops also to include internet connection points such asmobile devices and IoT devices. Furthermore, personal networks and mobile devices should offer inclusive protections when the user cannot access mobile devices.
References
Ahvanooey, M. T., Li, Q., Rabbani, M., & Rajput, A. R. (2020). A survey on smartphone security: Software vulnerabilities, malware, and attacks. arXiv preprint arXiv:2001.09406.
Aleroud, A., & Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security, 68, 160-196.
Chen, Y. T. & Huang, C. C. (2019). Determining Information Security Threats for an IoT-Based Energy Internet by Adopting Software Engineering and Risk Management Approaches. Inventions, 4(3), 53.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.
Vlaznev, D. O., & Kubrin, S. V. (2020). U.S. Patent Application No. 16/188,449.
Yang, C., Huang, Q., Li, Z., Liu, K., & Hu, F. (2017). Big Data and cloud computing: innovation opportunities and challenges. International Journal of Digital Earth, 10(1), 13-53.
Place an order in 3 easy steps. Takes less than 5 mins.