Beruflich Dokumente
Kultur Dokumente
Masisi Mulalo
14014907
2015
Abstract
We live in a digital era where communication, information sharing and even
business transactions are exchanged on smartphones, which include cell
phones and tablet computers they have capabilities of transferring data at
rapid speeds and running numerous applications simultaneously. The new age
group of young people have never known a life without a cell phone with
internet capabilities. Smartphones are an integral part of personal and social
lives it is only logical that users should have awareness of security during the
use of these smart phones. Individuals and organisations have both been
beneficiaries on the rapid expansion of information and communication
technologies (ICTs) on smartphones.
Inevitably, however, these offerings by smartphones also bring about security
vulnerabilities which users in Thohoyandou are not aware of. According to
Lookout principal security analyst Marc Rogers, 2013, following simple
precautions like sticking to the Google Play Store can ensure the security of a
smartphone. This is rather not always the case as hackers and crackers make
use of trustful applications to distribute malware. This study intends to outline
security vulnerabilities and deliver clear recommendations on essential security
technologies and practices to help smartphone users in Thohoyandou. Correct
misconceptions or myths in order to bring about changes in attitudes and
usage behaviour.
Table of contents
Table of contents
ii
List of tables
iii
List of figures
iv
INTRODUCTION
2.
LITERATURE REVIEW
2.1
INFORMATION SECURITY
2.2
2.3
3.
RESEARCH METHODOLOGY
4.
4.1
4.2
AWARENESS
5.
6.
REFERENCES
List of tables
Table A.1: Definitions of concepts
Table A.2: Numbering of tables
Table A.3: Tables containing percentages
Table B.1: USB research proposal style sheets
12
List of figures
Figure A.1: Technical layout of a dissertation
Figure B.1: Styles in this template
11
1. INTRODUCTION
1.1.
BACKGROUND
PROBLEM STATEMENT
1
RESEARCH AIM
To investigate the level of mobile security awareness within users in
Thohoyandou.
1.4.
RESEARCH QUESTIONS
The main research question (RQ) we intend to answer in this research is: What
is the level of security vulnerabilities of smartphone users in Thohoyandou.
1. What are the security vulnerabilities in smartphone users in
Thohoyandou?
2. How can we mitigate smartphone attacks and internal threats?
2
1.5.
RESEARCH OBJECTIVES
SIGNIFICANCE OF STUDY
2. LITERATURE REVIEW
In this chapter, we present the theory that supports our work; we use this
platform to acknowledge what other researchers have done and to build our
understanding on the area of mobile security.
2.1 INFORMATION SECURITY
Information security is the act of protecting personal or
organisational information from unauthorized access, use, disclosure,
disruption, modification, perusal, inspection, recording or destruction, this term
applies regardless of the form the data may take.[6] It is essential to note that
information security does not only apply to information in desktop computers
but to any computing device including smartphone and tablets.[7]
The one frequent information security model is the CIA triad (confidentiality,
integrity and availability).[8] These three key principles should be well
balanced for a system to be considered secure. This principle is applicable
across the whole subject of information security regardless of what concept is
at hand be it access to a user's internet history or security of encrypted data
across the internet. If any one of the three can be breached or tempered with
then the parties concerned must expect unbearable consequences.
Fig 2.2: The relationship between the CIA and DAD triads[12]
Disclosure is an attack on confidentiality where by unauthorized individuals
gain access to confidential information. Alteration is an attack on the integrity
part of security, data is modified through some unauthorized mechanism and
then Denial is directed on availability the attacker has an intent of rendering
5
support of mobile devices, all hell broke loose, this new principle led to the rise
of the number of new devices accessing corporate networks. Many of these
devices being employee-owned, unmanaged, and full of questionable
applications, users stated working on multiple devices and moving sensitive
data between different devices and online file-sharing sites.
Computer virus
Viruses are pieces of code that where created to model a biological virus.
They are self-replicating programs that spread by creating copies of
themselves then attaching them into executable code or documents. While
some are harmless, most computer viruses are deadly[14].
Worms
Trojan horse
2.3.2 Botnets
Recently there has been an increase of reports on new botnets especially in
Asia. Unlike botnets that attack computers these seem to be well organized
and enjoy a large population of victims due to the rise in mobile usage. These
botnets are said to be centrally controlled meaning one person can control all
infected devices, what happens is that the attacker can send bulk SMSs using
the victim devices on the expanse of the victims. It is also possible to make
remote calls which are to be charged on the victim`s device. [20]
2.3.3 Ransom Ware
This attack is launched in order to demand payment from the victim to restore
their system to normal. One researcher a Rowland Yu discovered a very
dangerous ransom ware that has hit android. This ransom ware posed as an
antivirus by the name Android Defender what it does is to lock all application in
the computer then the app demands payment to restore access to the device.
Upon starting, it provides professional screens that will leaves a user
unsuspecting, the user is prompted to provide certain information which is then
used to lock all applications in the device. It disables such important
applications as calling, sending a sms and even locks the keypads. [21]
2.3.4 Bank Account Theft
8
2.3.9 Firewall
2.3.10 Antivirus
10
3. RESEARCH METHODOLOGY
This section will give an overview of the processes and tasks that will be
completed to achieve the goal of the research.
Included is a research methodology section (9.1) where by we discuss the
research paradigm and method (e.g. qualitative, quantitative or mixed) you will
use, focusing on why it is suitable for your research.
This is followed by the research design where Ill give a description of the
methodological approach I will adopt (e.g. case study, interviews, survey,
mathematical modelling etc.), focusing on why that particular approach is
appropriate for my study.
The population sample section will give or described the type of people that I
will collect data from.
Then the research instrument section. Here I describe the actual instruments
(e.g. open questionnaire, interview schedule, mathematical model, conjoint
questionnaire) that I will use for my research, indicating how each part
addresses a specific issue in my research.
The analysis section gives a description of the analysis techniques that will be
employed.
Lastly there is a time plan.
11
3.1.
3.2.
RESEARCH DESIGN
This section presents the activities that were carried out to successfully
carryout this research. These activities included a preliminary literature review,
problem formulation, literature review, questionnaire survey, analysis and
presentation of results, conclusion and recommendations.
The first step was to present a literature survey in order to come into terms
with the mobile security field. We reviewed documents that present research
work on mobile security and threats to shape our topic based on what others
left out and to guide us apply the good aspects and findings as a guide as we
conducted our survey.
Based on findings we then formulated our problem narrowing it to our local
area (Thohoyandou). The problem then helped us to come up with a tittle and
then research questions that we constantly tried to answer as we went through
with our work.
We the problem and research questions in mind we then delved deep into
review of research documents. These documents included information security
documents, mobile security documents, mobile threats and other related
documents. As our main objective is to create an awareness there was need to
have proper facts and know what other researchers had found and presented
so that was the main aim of this review.
A questionnaire survey then followed. We created an online based
questionnaire which we then distributed by sending the link via email and
12
social media. The population was sampled from mobile device users in
Thohoyandou.
After meeting our target number of responses, we then did any analysis. Part of
the analysis was done by a web application that was coded to make certain
statistics and graphs based on responses so with this aid we successfully did
our analysis then presented the results.
We then concluded our work and presented a few tips that mobile user should
take in order to secure their mobile devices.
3.3.
3.3.1. Population
Mobile device users in the town of Thohoyandou
3.4.
13
3.4.3. Interviews
An interview is a verbal conversation between the researcher (interviewer) and
the respondent (interviewee). This tool will also be used to gather facts about
mobile user in Thohoyandou.
3.5.
The collected data will be analysed in different ways. Firstly, the web-based tool
that we will use to host our questionnaire also comes with a statistical analysis
tool that will give us numerical values and present graphical models of
responses per question thus this will help us make proper conclusions.
14
15
16
18
19
20
21
22
23
24
According to the responses shown in figure 4.10 most people (66.67%) ignore
the terms and conditions and they also just accept permission requests for
every application they install without reading or researching about the
application. Usually applications with malicious code request for unnecessary
permissions for example one may find a simple reminder application requesting
for internet permission. The statistic revealed in figure 4.10 is quite alarming
because it mean only 13.3% are always alert when installing, given that most
of our respondents are working and a good part of them use their own mobile
devices at work it means most organisations are vulnerable.
25
26
5.1.
CONCLUSIONS
5.2. RECOMMENDATIONS
5.2.1. Lock your device Despite concern about online-based attacks, the
easiest way to lockout malicious user s from secretly manually
installing malware into one device is to physically secure the device.
Locking one`s device prevent anyone else from having access to the
devices and thus changing and installing unwanted applications.
Even though this measure might seem useless it is important
because when you happen to leave your device unattended to
malicious user might tack advantage and install malware into it
manually.
5.2.2. Set up message barring It is possible for android users to request
for call or sms baring services also known as premium-rate blocking
this package helps prevent unwanted outgoing calls or messages.
This effectively ensuring that if your device happens to be in wrong
hands no one can exhaust you airtime or bundles.
5.2.3. Download only from trusted sources Google has ensures that by
default all android devices block installation of application that are
not trusted; these are application that are not downloaded from Play
Store. Thus it is advantageous to make sure that this functionality is
not deactivated. To check this user can go to Setting
ApplicationsUnknown sources If the checkbox is checked non-Play
store application can be installed thus to stop this just uncheck it.
5.2.4. Closely analyse all permission requests by applications if one is
downloading an application regardless of whether from play store or
any other source user should check the application`s list of
requested permissions. Then check the developer`s site to see why it
27
5.3.
FUTURE WORK
28
6. REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
29
[13] David Brown, How Mobile Devices are a Bane and Boon to Information
Security, 2014. [Online]. Available:
http://news.clearancejobs.com/2014/06/29/how-mobile-devices-are-abane-and-boon-to-information-security/. [Accessed: 09-Dec-2014].
[14] T. Micro, Security in the Age of Mobility Trend Micro identified
approximately 5 , 000 new, 2014.
[15] F. Tchakount, P. Dayang, J. Nlong, and N. Check, Understanding of the
Behaviour of Android Smartphone Users in Cameroon: Application of the
Security, Open J. Inf. Secur. Appl., vol. 2014, no. 2, pp. 920, Sep. 2014.
[16] D. Research, THE IMPACT OF MOBILE DEVICES ON INFORMATION
SECURITY: THE IMPACT OF MOBILE DEVICES ON INFORMATION
SECURITY:, no. June, 2013.
[17] P. Ruggiero and J. Foote, Cyber Threats to Mobile Phones, pp. 16, 2011.
[18] G. Stoneburner, C. Hayden, and A. Feringa, Engineering Principles for
Information Technology Security ( A Baseline for Achieving Security ),
Revision A NIST Special Publication 800-27 Rev A Engineering Principles
for Information Technology Security ( A Baseline for Achieving Security ),
Revision A.
[19] USDA, FY2015 Information Security Awareness, pp. 142, 2014.
[20] C. Millaney, Billion Dollar Botnets, Symantec, 2013.
[21] R. Yu, Hey Android, Are you frightened of FakeAv plus ransomware,
Sopholabs, 2013.
[22] G. Cluley, Revealed: the top five android malware detected in the world,
Sophos naked Secur., 2012.
[23] F. Liu, Windows malware Attempts to infect Android devices, Symantec,
2014.
30
[24] V. Zhang, Mobile Malware mines Dogecoins and Litecoins for Bitcoin
Payout, Trend micro blog, 2014.
[25] H. Sohulze, BYOD & Mobile security report, 2014.
31
APPENDIX A
Questionnaire
32
33