Sample Research Paper on Mobile Application Security

The emergency of mobile phones is here to stay and as of such individuals need to know how to protect their privacy when using a mobile device. Most individuals have accepted security on their computers, as an expected norm, while others still overlook mobile phone security. Hackers are taking advantage security awareness ignorance, and as a result most individuals have become victims to identity theft.

It takes legion hours to void the wrong done to one’s prestige on top of the endowment, while at other times complete retrieval is nearly unfeasible. It is therefore paramount to emphasize on mobile phone security coupled with a strong password to safeguard vital and sensitive data. Discussions herein outline the importance of security and security issues associated with mobile security application.

Introduction

Mobile phones, especially phone devices form mobile PC, enables one to store confidential information, contacts and photos, access the internet and email and download games and applications. It is therefore very crucial to protect a phone for various security reasons, just as one would secure a mobile computer (Dagon & Martin, 2004).

Mobile security has tremendously become essential in communication device computing. Enterprises and private data can presently be reserved in smart phones. Billions of consumers and companies use smart phones not only as a conveyance tool but further as a means of mobilizing and strategizing both employment and personal lifestyle. The technology behind smart phones has resulted to profound transformations within companies, due to the emergency of information systems; although they are also the source of new risks in companies (Dagon & Martin, 2004). Smart phones assemble a wider range of sensitive data upon which retrieval should be supervised to safeguard both the seclusion of the cognitive enterprise belongings as well as the user.

Additionally, application development has spawned unprecedented growth mobility, with over a million applications available across various platforms such as Microsoft’s Windows, Google’s Android and Apple’s IOS. Retailers benefit from these mobile applications and platform in all aspects of their businesses. Versatility enhances minimized costs, doubled workforce productivity, intense parley with clients, intense comrade interactions, client contentment and extended efficiencies in operations.

As a result of this, retailers across the globe have developed programs to connect socially, offer commercials, deliver vouchers and generate sales. Marcus Neiman and Starbuck are some retailers that have expanded client-facing applications to indulge clients in unprecedented ways, thereby increasing brand loyalty and revenue (Mulliner, 2006). However, this application is exposed to devastating information breaches, which might later destroy brand stature, compromise customer trust and further affects prompt profit.

Antivirus protection is currently a prerequisite of personal computers. Since smart phones can contain vital confidential and business information, it is essential to secure a smart phone device with antivirus (Mulliner, 2006). This is so especially because malicious software is not the only threat to a smart phone device, but rather, the compact size of a mobile device makes it easier to be misplaced. Therefore, mobile antivirus apps such as kaspersky internet security come in handy to protect smart phones from virtual attackers and prying eyes.

Additionally, application 2X MDM is very important in mobile tracking. It helps relocate lost mobile and monitor the route taken during its theft. Using Q4 2011, users can lock their mobile devices by simply controlling the pin. Users can further remotely wipe the data from their tablets and Android smart phones by incorporating an online 2X MDM dashboard (Mickens & Brian, 2005). Through this, users can be rest assured that sensitive data is not exposed to potential hackers and prevents theft identity. Moreover, this security enables users to view a full list of apps that are installed on remove apps and connected devices which could otherwise compromise security.

With remote deployment apps, one can be confident that rogue apps are not downloaded, which may consequently result to malware. Unfortunately, most users take things seriously when it is nearly or too late. Regarding mobile safety, users are advised not to delay. Tablets and smart phones security should be emphasized to avoid needless pain and embarrassment (Mickens & Brian, 2005). By simply signing to 2X MDM account, a mobile device is secured from any malicious attack.

Mobile application security issues

Disadvantageously, numerous security issues are associated with mobile devices. Mobile devices and PC are the sanctioned objects under attacks. Such attacks harness the fragility associated to smart phones, which takes the form of disclosure such as the services of multimedia messaging multimedia (MMS), service of short message (SMS), Bluetooth, WI-Fi web browsers and the global standard for mobile communications (GSM). There are similar attacks that exploit software vulnerabilities from both the operating system and web browser, which are normally in conjunction with malicious software that frequently relies on the weak knowledge of average users (Becher, 2000).

Studies indicate that threats to mobile devices; inclusive of mobile-based viruses and company data leakage have been on the rise since last year. Spyware and malware are easily targeting mobile devices, leaving companies as a sitting duck to attacks (Becher, 2000). Generally, relating to matters of security, most mobile phones are the primary targets of most attackers. Security issues that are vulnerable to all mobile platforms include;

Most mobile devices lack enabled passwords

In most cases, mobile devices lack passwords to control access to stored data and authenticate users on the devices. Most devices possess the scientific application to lock screens for authentication, verify passwords and personal recognition patterns or digits (PIN). Other mobile devices are further incorporated with biometric reader to authenticate fingerprints (Hogben & Dekker, 2010). Nevertheless, data on anecdotal demonstrates that users infrequently use such applications.

Occasionally, if users incorporate PINs and passwords to their mobile phones, they opt for PINs and passwords that can easily be determined or bypassed. For instance, most users opt for common digits such as 0000 or 1234, hence increasing security issues. In the absence of digits or passwords, possible risk is posited that data on missing or pilfered mobiles might be retrieved by unwarranted users, who might contemplate private data and embezzle the mobile device (Hogben & Dekker, 2010).

Failure to substantiate two-factor while handling personal transactions on mobile devices

Recent research indicates that generally users apply steady passwords prior to the double-factor authentication when running wired delicate transactions using their mobile phones. Applying static passwords authentication posits security drawbacks such as; the password used can be eavesdropped, guessed, stolen, written down or forgotten. Double-factor application offers increased security levels that are very crucial for delicate transactions, than the traditional passwords (Guo & Wang, 2004).

Generally, two-factor is an authentication system whereby users are required to authenticate by at least using two different factors such as; something known well to the user or something possessed by the user. Mobile devices can be used as a second factor in some two-factor authentication schemes (Guo & Wang, 2004). A mobile phone can generate pass codes, or better still the codes can transmitted via a short message to the phone. Unescorted by the double-factor authentication, there is an immense risk whereby unwarranted users can retrieve personal data and embezzle the mobile phone.

Wireless transmissions are rarely encrypted

Such information as e-mails sent via mobile devices is usually not encrypted while in transit. Moreover, most applications fail to encrypt data transmitted and received over the network. Data can then be intercepted with much ease. Consider for instance, if a program is conveying information across an unencrypted Wi-Fi cable using http (instead of a secured http); it becomes very easy to intercept information (Halbronn & Sigwald, 2010). Additionally, if a wireless conveyance is unencrypted, information will easily be intercepted.

Mobile phones might entail malware

Users may download applications that contain malware. Malware applications are normally downloaded by users without their consent since it is often camouflaged as a security patch, games, utilities or any other applicable programs. It is challenging to distinguish between a programmed malware and a permissible application. For instance, an application can be repackaged with malware and a user can inadvertently download it onto their mobile device. This makes it easy to intercept such information. A wireless transmission if not encrypted, it can easily be intercepted by eavesdroppers, who main obtain unauthorized access to sensitive information (Dixon & Mishra, 2010).

Most mobile phones are deficient of security software

Most mobile phones are rarely installed with security program to preserve from malware-based attacks, malicious programs and spyware. On top of this, consumers hardly site security program, in section since mobile phones lack preloaded programs (Gendrullis, 2008). As much as such software may slow down the phone operations and reduce battery life on some phones, the lack of it increases the risk of an attacker effectively distributing malware such as spyware, viruses, spam and Trojans to attract users into revealing their passwords or other personal information.

Systems operation may be outdated

Certain security or fixes for operating systems of mobile phones are rarely programmed on mobile phones in promptly way. It takes a period of weeks or months before a security update is installed in the users’ device. The process of patching might entail most parties, and even get complicated contingent on the essence of susceptibility. For instance, Google creates updates on Android OS to tackle security susceptibilities, but device manufacturers need to design a particular update device to fix the susceptibility (Halbronn & Sigwald, 2010). This process can consequently consume time especially if proprietary modifications are required in the device’s software. After an update has been produced by the manufacturer, it is up to every carrier to test and transmit the updates to the users’ device.

Unfortunately, carriers can delay in the updates provision since duration is required to experiment if they confront with the programmed software or other elements of mobile device. Additionally, mobile phones that are older than two years may fail to maintain updates security since producers may cease supporting such phones (Halbronn & Sigwald, 2010). Most manufacturers cease supporting smart phones between twelve to eighteen months after their release. Such devices are exposed to increased risks, should manufacturers fail to develop patches for newly identified vulnerabilities.

Mobile devices software may be outdated

Applications on third-party security patches are rarely developed and released on time. Moreover, third-party mobile programs such as web browsers often fail to inform users on the availability of appropriate updates (Hogben & Dekker, 2010). Browsers applicable on mobiles are rarely updated unlike those webs used in traditional browsers. The use of outdated software widens the risk that a malicious attacker might exploit vulnerabilities associated with such devices.

The internet connections are not limited on mobile devices

Most mobile devices lack firewalls to minimize on internet connections. When a mobile device is connected to a wider range of network, communication ports are frequently used to connect it to the internet and other devices. Malicious hacker can then easily retrieve the mobile phone using unsecured port. The key functions of firewalls are to secure ports and enable users to select the connection preferred in their mobile device (Hogben & Dekker, 2010). The absence of a firewall exposes mobile devices to an open intrusion, through unsecured communications port, thereby enabling an intruder to misuse the device and access sensitive information.

Unauthorized modifications may be posited in mobile devices

Rooting or jail breaking is the procedure of modifying a mobile device to eliminate limitations so that users can add more features. This rooting process interferes with the management of mobile security, and can easily promulgate to security instabilities. Rooting enables users to access unauthorized software applications and functions into their devices. As much as some users may appropriate root their phones to specifically install security measures such as firewalls, other users may simply be searching for affordable or quicker method of installing desirable applications, which may not have much meaning (Bilton, 2010).

In the latter scenarios, users are exposed to security risks since they are bypassing the vetting application procedure designed by manufacturers, and therefore have limited protection against malware inadvertent installation. In addition to this, rooted devices may lack notifications on security updates from its manufacturer, and as a result might need additional effort from users to sustain software updates.

Unsecured Wi-Fi

Moreover, according to conducted research such as GAO, document that unsecured Wi-Fi network can result to the access of confidential information from mobile device by a malicious attacker (Mickens & Brian, 2005). Such a situation results to data and personal theft. Man-in-the-middle is a scenario of such attack, which exposes Wi-Fi networks. In this attack, the hacker avails at the centre of conveyance steam to steals information.

Consequently, it is normally challenging to trace device terminal since every time the terminal is retrieved by a connecting network, a new short-term identity (TMSI) is distributed to that terminal. TSMI can be applied in device terminal identification should similar network be identified again (Mickens & Brian, 2005). TSMI is normally delivered to mobile terminal inform of encrypted messages; but should the GSM algorithm encryption be altered, the attacker can intercept all unencrypted information made by the user’s mobile device.

Poorly secured communication channels

Communication channel such as Bluetooth functions when it is allowed to be viewed by other Bluetooth-enabled devices, for an effective connection. Opening such communication channels for connection in discovery mode enables a hacker to program malware or secretly activate a camera to eavesdrop user’s information (Mickens & Brian, 2005). Internet networks on Wi-Fi spots that are not secured and are used publicly encourages malicious attacker to fix the device and retrieve personal information.

Attacks derived from MMS and SMS management flaws

Some mobile devices models offer poor services in managing binary short messages. For instance, some mobile device used to send MMS to other phones with attachments. These attachments are normally infected with virus. Upon the delivery of the MMS, the user can opt to view the attachment. If the user manages to open the attachment, the mobile device will then get infected and the MMS virus infects the entire phonebook (Bilton, 2010).

A scenario of this attack is a virus on common warrior, which makes use of the phone book involving messaging multimedia service, to send an infected file to multiple recipients (Bilton, 2010). The user will then install the software as received through MMS, and the virus starts to deliver messages to recipients as taken from the phone book.

Conclusion and recommendation

As can be observed from above, mobile devices are exposed to various threats. IT managers are working hand in hand to address mobile security threats, which have increasingly become imminent. Until the entire security issue is put under control, it is paramount for companies and individuals to protect their data from spyware or malware, or any other dangerous hack attempts. Companies should draft rules, employees’ disaster recovery plan and rules to give the company more control measures and appropriate solutions in the event of a security breach occurrence. Users on the other hand should take some measures to ensure that their personal information is safe from attackers.

Some of the measures that can be taken to minimize mobile application issues include; firstly, users should authenticate their devices. With this, the mobile devices can be configured to entail PINs and passwords before gaining access. Password is further concealed to avoid unauthorized access. Secondly, users should very the authenticity of downloaded applications prior to downloading. Procedures can be implemented to ensure digital signatures of downloaded applications to confirm that they have not hampered with.

For sensitive transactions, consumers should utilize the double-factor authentication. For remote access, a mobile device on its own can be incorporated as a second factor in two-factor authentication.  A mobile device has the capacity to generate pass codes, or better still deliver such codes through a short message to the phone. Therefore, when carrying out important transactions such as financial transactions or mobile banking, it is paramount to always use a two-factor authentication.

Thirdly, users should install antimalware software. Antimalware security should be programmed to safeguard from the infected digital secure cards, programs, spyware, malware-based attack and viruses. These programs can further shield from unnecessary e-mail attachments, short messages and spam. Moreover, users should install security updates. Software updates can automatically be wired from the carrier or manufacturer directly to a user’s mobile device. Appropriate procedures should be taken to ensure prompt delivery of these updates.

Also, missing or pilfered devices ought to be remotely disabled. Remote disabling entirely erases the content or blocks the device. Fortunately, locked phones can be unlocked if they are retrieved by the personal consumer. Additionally, users should encrypt the information preserved on memory card or the phone device. Encrypting files ensures that sensitive information stored on memory cards and mobile device are protected. Most devices use the available commercial encryption or the built-in encryption capabilities. A policy should be enhanced to ensure mobile security. Such security policies should stipulate the principles, rules and practices that establish how a company treats mobile devices; whether for organizational or personal use.

As a result, mobile phones ought to be configured and controlled. Management on configuration ensures mobile protection against the introduction of improper modifications before, during and after deployment. Finally, risks assessments can be performed. Analyzing risks is helpful in identifying threats and susceptibilities, estimate possible harm from effective attacks on mobile phones and establish the possible attacks.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

References

Becher, M. (2000). Security of Smart phones at the Dawn of their Iniquitousness.                                     Manheim University. Retrieved October 12, 2014

Bilton, N. (2010). “Hackers With Enigmatic Motives Vex Companies”. The New York Times. P.                     5. Retrieved October 12, 2014

Dagon, D. & Martin, T. (2004)”Mobile Phones as computing Devices: The Viruses                                    are Coming!Pervasive Computing 3 (4):11. Retrieved October 12, 2014

Dixon, B. & Mishra, S. (2010). “Malware Detection in Smartphones”. International                                    Conference on Dependable Systems and Network Workshops. Retrieved October 12,             2014

Gendrullis, T. (2008). “Areal-world attack breaking A5/1 within hours”. Proceedings of CHES                      ’08. Springer. pp. 266–282. Retrieved October 12, 2014

Guo, C. &  Wang, H. (2004). “Smart-phone Attacks and Defenses”. ACM SIGCOMM                             HotNets. Association for Computing Machinery, Inc. Retrieved October 12,                         2014

Halbronn, C. & Sigwald, J. (2010). “Vulnerabilities and iPhone Security Model”.                                     Retrieved October 12, 2014

Hogben, G. & Dekker, M. (2010).  “Smartphones: Information Security Risks,                                          Opportunities and Recommendations” ENISA. Retrieved October 12, 2014

Mickens, J. & Brian, D. (2005).  “Modelling epidemic spreading in mobile                                                environments”. WiSe ’05 Proceedings of the 4th ACM workshop on                                       Wireless security. Association for Computing Machinery, Inc. pp. 77–86. Retrieved                        October 12, 2014

Mulliner, C.  (2006). Security of Smart Phones (M.Sc. thesis). University of                                              California, Santa Barbara. Retrieved October 12, 2014