Sie sind auf Seite 1von 39

Security vulnerabilities for smartphone users:

A case study of the smartphone users in Thohoyandou

Masisi Mulalo
14014907

A mini dissertation submitted if partial fulfilment of an


honours degree in computer Sciences University of Venda

2015

Abstract
We live in a digital era where communication, information sharing and even
business transactions are exchanged on smartphones, which include cell
phones and tablet computers they have capabilities of transferring data at
rapid speeds and running numerous applications simultaneously. The new age
group of young people have never known a life without a cell phone with
internet capabilities. Smartphones are an integral part of personal and social
lives it is only logical that users should have awareness of security during the
use of these smart phones. Individuals and organisations have both been
beneficiaries on the rapid expansion of information and communication
technologies (ICTs) on smartphones.
Inevitably, however, these offerings by smartphones also bring about security
vulnerabilities which users in Thohoyandou are not aware of. According to
Lookout principal security analyst Marc Rogers, 2013, following simple
precautions like sticking to the Google Play Store can ensure the security of a
smartphone. This is rather not always the case as hackers and crackers make
use of trustful applications to distribute malware. This study intends to outline
security vulnerabilities and deliver clear recommendations on essential security
technologies and practices to help smartphone users in Thohoyandou. Correct
misconceptions or myths in order to bring about changes in attitudes and
usage behaviour.

Table of contents
Table of contents

ii

List of tables

iii

List of figures

iv

List of acronyms and abbreviations


1.

INTRODUCTION

2.

LITERATURE REVIEW

2.1

INFORMATION SECURITY

2.2

IMPACT OF SMARTPHONES ON INFORMATION SECURITY

2.3

MOBILE SECURITY THREATS AND VULNERABILITIES

3.

RESEARCH METHODOLOGY

4.

ANALYSIS AND RESULTS

4.1

ANALYSIS AND RESULTS

4.2

AWARENESS

5.

CONCLUSIONS, RECOMMENDATIONS AND FUTURE WORK

6.

REFERENCES

APPENDIX A TECHNICAL SPECIFICATIONS

List of tables
Table A.1: Definitions of concepts
Table A.2: Numbering of tables
Table A.3: Tables containing percentages
Table B.1: USB research proposal style sheets

12

List of figures
Figure A.1: Technical layout of a dissertation
Figure B.1: Styles in this template

11

List of acronyms and abbreviations

1. INTRODUCTION
1.1.

BACKGROUND

The abrupt rise of smartphone usage in Thohoyandou raises concerns


especially considering that users lack knowledge on how to keep their smart
phones secure.[1] The mobile platform has gained popularity in recent years
as shown by the mobile usage trends and purchasing statistics.[2], [3].
Using a smartphone has no age or gender restriction. Due to this gain in
popularity attackers have also developed an interest in developing threats
and exploits that target smart phones.[4] Security reports reveal that in
most countries for example China cybercrime towards these handheld
devices has risen to unbearable heights. This rise in crime against
smartphones is because some mobile operating systems like android are
open source, this essentially means that anyone wishing to develop for
them does not need a license and development tools are free and easy to
find. As a result everyone with little knowledge in programming can easily
develop applications and get to know the underlying structure of the whole
operating system thus making it easy for attackers to develop attacking
mechanisms that have a high success rate.[5].
For an attack to happen there needs to be an opportunity, vulnerability and
motive (modus operandi). In this case, attackers might have different
motives such as money and acquiring valuable information, or simply for
the fun of it, mobile operating systems are vulnerability on their own given
that they are open source and most smartphone users in Thohoyandou tend
to be ignorant when it comes to mobile security issues.
Thus, there is a need to improve awareness to smartphone users in
Thohoyandou. This research will Identify and publish vulnerabilities of
smartphones that are unknown to users in Thohoyandou and come up with
ways of mitigating risks that threaten to violet mobile security so that users
are well equipped to defend their devices and change their usage
behaviour.
1.2.

PROBLEM STATEMENT
1

While consumers recognize mobile security as important, they still do not


take the right precautions and measures, according to a survey by Sprint
and Lookout, 2013. Smartphone users in Thohoyandou have been victims
of several cybercrimes which include fraud, identity theft, scams,
phishing and back door attacks some of this are results of the human
factor problem. Companies like Apple, Samsung and Blackberry already
offer phone-finding and back-up features but all are not sufficient for
protecting against the increasing risk of phishing attacks and other types
of malware. Juniper Networks (NYSE: JNPR), 2013, found that enterprise
and consumer smartphones are exposed to a record number of security
threats, including a 400 percent increase in Android malware, as well as
highly targeted Wi-Fi attacks. Many people in Thohoyandou are
particularly vulnerable to smartphone threats and exploits, without
knowledge they end up giving out vital information to phishing attacks,
most users in Thohoyandou have been victims of mobile swindles that
promise them various rewards. Smartphone users tend to use the same
username and password across online services and they usually leave
applications logged on forgetting that the device can be stolen or
misplaced. We need to understand and measure the level of awareness
that of these mobile vulnerabilities that users in Thohoyandou are
exposed to, and mitigate the best and appropriate security measures of
smartphones to improve decisions making and usage behaviour.
1.3.

RESEARCH AIM
To investigate the level of mobile security awareness within users in
Thohoyandou.

1.4.

RESEARCH QUESTIONS

The main research question (RQ) we intend to answer in this research is: What
is the level of security vulnerabilities of smartphone users in Thohoyandou.
1. What are the security vulnerabilities in smartphone users in
Thohoyandou?
2. How can we mitigate smartphone attacks and internal threats?
2

1.5.

RESEARCH OBJECTIVES

1. Identify smartphone security threats.


2. Conduct an in-depth analysis of the current smartphone measures.
3. Identify steps to take if you are a victim of smartphone exploits
1.6.

SIGNIFICANCE OF STUDY

2. LITERATURE REVIEW
In this chapter, we present the theory that supports our work; we use this
platform to acknowledge what other researchers have done and to build our
understanding on the area of mobile security.
2.1 INFORMATION SECURITY
Information security is the act of protecting personal or
organisational information from unauthorized access, use, disclosure,
disruption, modification, perusal, inspection, recording or destruction, this term
applies regardless of the form the data may take.[6] It is essential to note that
information security does not only apply to information in desktop computers
but to any computing device including smartphone and tablets.[7]
The one frequent information security model is the CIA triad (confidentiality,
integrity and availability).[8] These three key principles should be well
balanced for a system to be considered secure. This principle is applicable
across the whole subject of information security regardless of what concept is
at hand be it access to a user's internet history or security of encrypted data
across the internet. If any one of the three can be breached or tempered with
then the parties concerned must expect unbearable consequences.

Fig 2.1 shows the CIA triad [9]


Confidentiality is the ability to hide information from non-unauthorised
individuals. One may view this as the most obvious aspect of the CIA triad but

it again suffers the most attacks. Attempts to ensure confidentiality include


cryptography and encryption. [10]
Integrity is the ability to ensure that data is accurate and unchanged that is to
say it is still in its original form. One type of security attack is to intercept some
important data and make changes to it before sending it on to the intended
receiver.[10]
Availability is the probability of a system being up and running every time an
authorised user needs to access it. It is important to ensure that the
information concerned is readily accessible to the authorised viewer at all
times. Some types of security attack attempt to deny access to the appropriate
users, an example is restricting access to a website.[6][10]
The DAD is the counter model that is used by attackers to try to breach the CIA
triad. Fig 2.2 below illustrates the relationship between the CIA triad and the
DAD triad.

Fig 2.2: The relationship between the CIA and DAD triads[12]
Disclosure is an attack on confidentiality where by unauthorized individuals
gain access to confidential information. Alteration is an attack on the integrity
part of security, data is modified through some unauthorized mechanism and
then Denial is directed on availability the attacker has an intent of rendering
5

system services unavailable authorized users cannot gain access to a system


for legitimate purposes. [11]

2.2 IMPACT OF SMARTPHONES ON INFORMATION SECURITY


Smartphones where initially developed as calling and texting devices (cell
phones). However due to advances of technology we have seen the birth of
smartphones, tablets, laptops and PDAs, these devices are no longer just
calling devices but have much more functionality than just communication,
smartphones are capable of running numerous applications simultaneously and
transfer a vast amount of data at rapid speed across multiple devices. Almost
everyone owns a smartphone, and originations in Thohoyandou have
implemented bring your own device to work, but when it comes to security
these devices are not easy to manage.
While the cell phone has long been a danger to be handed over before entering
secure areas, now the smartphone poses a set of problems exponentially more
challenging for everyone involved because these are now essential part or day
to day business processes thus owners cant be separated from their devices.
[13] These small devices have the capability to record audio, allow for
historically unprecedented clandestine photography and document
reproduction, copy and store files, and, of course, communicate with the
outside world, thus causing huge problems for those concerned with security
issues.
Smartphones form a larger part of networked devices.[14] Information security
has been tackled almost successfully in the past but challenges arose when it
came to smartphones, smartphones are challenging to secure because of
mobility of users, individuals own them and users are not well equipped with
information concerning information security.[15]
Smartphone usage is a cause of concern when it comes to information security.
Sensitive organisational and personal information can easily be lost, while the
bring your own device principle that is widely being adopted by organisation
causes more security vulnerabilities.[16] After the conception of BYOD and
6

support of mobile devices, all hell broke loose, this new principle led to the rise
of the number of new devices accessing corporate networks. Many of these
devices being employee-owned, unmanaged, and full of questionable
applications, users stated working on multiple devices and moving sensitive
data between different devices and online file-sharing sites.

2.3 MOBILE SECURITY THREATS AND VULNERABILITIES


Security threats are .. while vulnerabilities are
2.3.1 Malware
Malware is short for malicious software. Malicious computer users use
malware to disturb computer operations, gather sensitive information, or
gain unauthorized access to a computer system. This malicious software
can also appear in the form of a script or code. The term 'Malware' is used
to describe a variety of forms of hostile, intrusive, or annoying software or
code. We usually talk of viruses and worms, even though they do different
this they are both malware. Below I discus a few kinds of malware.[17]

Computer virus

Viruses are pieces of code that where created to model a biological virus.
They are self-replicating programs that spread by creating copies of
themselves then attaching them into executable code or documents. While
some are harmless, most computer viruses are deadly[14].

Worms

Like a virus, a worm is also a self-replicating program. They differ from a


virus in the sense that they do not need human interference to move but
can propagate through networks without attaching themselves to
programs[14][17].

Trojan horse

A Trojan horse is a program, which seems to be doing one thing, but is


actually doing another. A Trojan horse can be used to set up a back door in
a computer system so that the intruder can gain access[18], [19].
Unfortunately, there are many ways to get infected with malware; and there
is no particular way to identify that your computer has been compromised.
Anti-virus software might alert you that it has found a virus, but other forms
of malware may go undetected. Some of the ways you can get infected with
malware include email attachments, use of portable media, visiting
malicious, downloading files from untrusted servers, participating in peerto-peer file sharing services, instant messaging, social networking, social
engineering, not following security guidelines.

2.3.2 Botnets
Recently there has been an increase of reports on new botnets especially in
Asia. Unlike botnets that attack computers these seem to be well organized
and enjoy a large population of victims due to the rise in mobile usage. These
botnets are said to be centrally controlled meaning one person can control all
infected devices, what happens is that the attacker can send bulk SMSs using
the victim devices on the expanse of the victims. It is also possible to make
remote calls which are to be charged on the victim`s device. [20]
2.3.3 Ransom Ware
This attack is launched in order to demand payment from the victim to restore
their system to normal. One researcher a Rowland Yu discovered a very
dangerous ransom ware that has hit android. This ransom ware posed as an
antivirus by the name Android Defender what it does is to lock all application in
the computer then the app demands payment to restore access to the device.
Upon starting, it provides professional screens that will leaves a user
unsuspecting, the user is prompted to provide certain information which is then
used to lock all applications in the device. It disables such important
applications as calling, sending a sms and even locks the keypads. [21]
2.3.4 Bank Account Theft
8

Android user should also be aware of applications that steal their


authentication details for accessing bank accounts. Usually a user receives a
message that his/her bank requires the installation of a new security
application that is an anti-fraud measure. This application is downloaded then
as if that is not enough it goes on to block the user`s account up until the
application has been successfully installed in the victim`s device. After
installation the victim is told to go through the application in order to access
their account, on doing this the spyware steal their login credentials.[22]
There is also another banking Trojan by the name Droidpack, this affects
windows PCs then if an android device is connected to the infected computer
the virus quietly moves to the device and installs without the user`s
knowledge. [23]
2.3.5 Phone Jacking
Due to the fact that android is open source and developers can easily distribute
applications a new breed of attackers have emerged, this new threat does not
have much dangerous effect on the victim`s device. It is called a crypto miner
what it does is to steal the authentication detail of a user and the author can
user the victims device anytime to run his applications and jobs just like in grid
computing. This has an effect of finishing the victim phone`s device and also
affect the lifespan of the battery and device due to over usage. [24]
2.3.6 BYOD
Vulnerabilities in mobile devices do not only expose users but also exposes
their organization especially with the growing trend of adopting BYOD but many
companies [25]. Companies that have introduced this advice employee to bring
their own devices to do work, this has its advantages such as improved user
experience, improved efficiency and mobility. However, it also comes with a lot
of disadvantages as if the device is compromised company information is at
risk, again company security policies cant be properly enforced on personal
devices thus making it difficult to manage activities in the organization.
2.3.7 Bluetooth Jacking
2.3.8 Wifi Hack
9

2.3.9 Firewall
2.3.10 Antivirus

10

3. RESEARCH METHODOLOGY
This section will give an overview of the processes and tasks that will be
completed to achieve the goal of the research.
Included is a research methodology section (9.1) where by we discuss the
research paradigm and method (e.g. qualitative, quantitative or mixed) you will
use, focusing on why it is suitable for your research.
This is followed by the research design where Ill give a description of the
methodological approach I will adopt (e.g. case study, interviews, survey,
mathematical modelling etc.), focusing on why that particular approach is
appropriate for my study.
The population sample section will give or described the type of people that I
will collect data from.
Then the research instrument section. Here I describe the actual instruments
(e.g. open questionnaire, interview schedule, mathematical model, conjoint
questionnaire) that I will use for my research, indicating how each part
addresses a specific issue in my research.
The analysis section gives a description of the analysis techniques that will be
employed.
Lastly there is a time plan.

11

3.1.

RESEARCH METHODOLOGY / PARADIGM

The research methodology that we will include both quantitative and


qualitative research. Qualitative research is a method of inquiry where by the
research aims to have an in-depth understanding of human behaviour and why
they behave that way. (Denzin, Norman K. & Lincoln, Yvonna S. 2005). While
Quantitative research usually involves manipulation of numerical values.

3.2.

RESEARCH DESIGN

This section presents the activities that were carried out to successfully
carryout this research. These activities included a preliminary literature review,
problem formulation, literature review, questionnaire survey, analysis and
presentation of results, conclusion and recommendations.
The first step was to present a literature survey in order to come into terms
with the mobile security field. We reviewed documents that present research
work on mobile security and threats to shape our topic based on what others
left out and to guide us apply the good aspects and findings as a guide as we
conducted our survey.
Based on findings we then formulated our problem narrowing it to our local
area (Thohoyandou). The problem then helped us to come up with a tittle and
then research questions that we constantly tried to answer as we went through
with our work.
We the problem and research questions in mind we then delved deep into
review of research documents. These documents included information security
documents, mobile security documents, mobile threats and other related
documents. As our main objective is to create an awareness there was need to
have proper facts and know what other researchers had found and presented
so that was the main aim of this review.
A questionnaire survey then followed. We created an online based
questionnaire which we then distributed by sending the link via email and

12

social media. The population was sampled from mobile device users in
Thohoyandou.
After meeting our target number of responses, we then did any analysis. Part of
the analysis was done by a web application that was coded to make certain
statistics and graphs based on responses so with this aid we successfully did
our analysis then presented the results.
We then concluded our work and presented a few tips that mobile user should
take in order to secure their mobile devices.

3.3.

POPULATION AND SAMPLE

3.3.1. Population
Mobile device users in the town of Thohoyandou

3.3.2. Sample and sampling method


Random sampling will be employed

3.4.

THE RESEARCH INSTRUMENT

3.4.1. Web based questionnaires


We will use a web based questionnaire service provided by survey monkey. This
tool allows us to design a web-based questionnaire which may contain both
open ended and closed ended questions. Our questionnaire contain a set of 10
multiple-choice questions that will be answered by checking radio buttons. To
distribute the questionnaire the URL will be emailed and shared via social
media to selected individuals.

13

3.4.2. Literature review


Research documents will be downloaded from the internet through such
services as Google scholar and online databases such as ebscohost among
others.
Then by reading through the documents, we anticipate gathering valuable
information that will help us structure our research and make better
conclusions.

3.4.3. Interviews
An interview is a verbal conversation between the researcher (interviewer) and
the respondent (interviewee). This tool will also be used to gather facts about
mobile user in Thohoyandou.

3.5.

DATA ANALYSIS AND INTERPRETATION

The collected data will be analysed in different ways. Firstly, the web-based tool
that we will use to host our questionnaire also comes with a statistical analysis
tool that will give us numerical values and present graphical models of
responses per question thus this will help us make proper conclusions.

LIMITATIONS OF THE STUDY


There are various constraints that will limit the proper success of study, these
include the ones listed below:
Financial constraints
Most people dont trust or like participating in surveys thus respondents
might be few
The time constraint (the time given to complete the research is limited)
People in general are not usually cooperative

14

Limited internet access

15

4. ANALYSIS AND RESULTS

Figure 4.1: Question one


The first question of this questionnaire require age information, these main reason for requiring this
information is so that we can establish which age group most uses mobile devices. The fact is that
age affects mobile usage, elders might be vulnerable to attacks because of less familiarity with
technology while very young users might also be at risk because of lack of knowledge thus attacks
on these age groups might not be caused by ignorance unlike the youth age group(16-40).
Response to this question reveal that most mobile device user fall into the 16-40 years age group,
thus if these people are still vulnerable to attacks its most because of ignorance given that they
grew up in the technology era and they most probably literate.

16

Figure 4.2 Question two


The question with the graph in figure 4.2 gets information about the occupation of each
respondent, the occupation of each respondent will help us establish what kind of attacks may be
directed to each class and also to what fatal consequences might result for each class if they are
vulnerable. Most respondents (56.3%) stated that they work for private organisations ; this might
be due to the fact that most private organisations have adopted the BYOD practice, this result
shows that most organisations are vulnerable because attacks on employees might most probably
ripple to the organisation thus causing serious damage to the organisation`s information system.
Then students contribute 25% of the population which is quite a number, cyber-attacks on students
might also be very fatal for example a malicious user might user a student`s device which is
connected to the university`s network and thus gain access to the university`s information system.
12.5% of respondents where government employees which is a quite disturbing statistic because
government organisations host quite sensitive and private information which is a risk if that
information falls into bad hands.
17

Figure 4.3 Question three


Deferent mobile operating systems give different levels of security, for example the android OS has
been reported to be very vulnerable to attacks[15] while iOS is more secure. Figure 4.3 shows that
Android is the most used operating system in our population as the number of respondents who
use android is 50%, this reveals that most users are vulnerable as android is less secure while the
most secure OS only attributes 6.25% and 18% uses windows which has better security compared
to android. This result shows that a significant portion of the population is susceptible to cyberattacks.

18

Figure 4.4 Question four


As a result of the availability of threats, mobile operating system and device providers have tried to
provide some form of security mechanisms to try a mitigate the level of risk. Common security
mechanism are passwords, patterns and antiviruses among other security mechanisms. The
results from our survey (Figure 4.4) shows that most mobile users 62.5% user password or
patterns as a form of security. Passwords go a long way in securing devices. however they are the
weakest form of security as they can be stolen, forgotten, shared and one big risk is that people
have a tendency of using the same password for many accounts thus if they happen to lose or
share it then they have compromised the security of a lot of their accounts. Only 25% of
respondents use anti viruses on their meaning the remaining 75% are vulnerable to cyber-attacks.
Then 18.75% respondents revealed that they do not use any security mechanism.

19

Figure 4.5 Question five


There are different kinds of attacks that mobile devices are vulnerable to, in our survey we found
out, which is the most common attack in Thohoyandou, and we discover the result graphed in
figure 4.5. Topping the list is scam attacks with 50% reporting that they have experience them at
some point, then comes malware attack at 28.57%, phishing with 14.29% with the remaining
percentage experiencing other attacks. Most people are vulnerable to scams because of ignorance
and the love for money, most common scam attacks are ones in which the user is told they have
won some even, then due to ignorance user tend to fall into the trap.

20

Figure 4.6 Question six


About 53.9% of the people revealed that after an attack they did nothing. This shows that the
attacks where successful and the user are still vulnerable because they did not take measure to
avoid similar occurrences. Failing to take action might be due to lack of knowledge on mobile
security mechanisms thus users need to be given tips on how to secure their devices and what
action to take after an attack on their mobile devices.

21

Figure 4.7 Question seven


The fact that 57.14% of respondents use devices provided by their organisations or study
institutions is good news because most organisations and institutions have security policies to
protect their information system thus every one using their devices has to follows these policies
meaning security is better enforced. However almost the same proportion of people about 53% use
their own devices at work. Having such a huge population using their own devices at work is quite
a worrying statistic given that organisations cannot properly enforce their security policies own
private devices. Most mobile user are not aware of was of securing their devices thus this exposes
the organisation`s information system.

22

Figure 4.8 Question eight


About 50% of respondents stated that they have applications that use sensitive data while the
remaining 50% stated that they do not. Given the statistics of responses to other questions in this
questionnaire that reveal the low level of awareness and lack of implementation of mobile security
measures it means those that have these applications are vulnerable to attack. Some of the
applications that require the user to provide sensitive information might have malicious code that
sends this data to users that in turn use it to attack the owner (for example login details to an online
bank account).

23

Figure 4.9 Question nine


About 80% of our respondents always download content from the internet and given that a large
percentage of them do not use antiviruses the obvious fact is that our information system are at
risk since the level of mobile device penetration into world information system has become so
intense.

24

Figure 4.10 Question ten

According to the responses shown in figure 4.10 most people (66.67%) ignore
the terms and conditions and they also just accept permission requests for
every application they install without reading or researching about the
application. Usually applications with malicious code request for unnecessary
permissions for example one may find a simple reminder application requesting
for internet permission. The statistic revealed in figure 4.10 is quite alarming
because it mean only 13.3% are always alert when installing, given that most
of our respondents are working and a good part of them use their own mobile
devices at work it means most organisations are vulnerable.
25

26

5. CONCLUSIONS, RECOMMENDATIONS AND FUTURE WORK

5.1.

CONCLUSIONS

5.2. RECOMMENDATIONS
5.2.1. Lock your device Despite concern about online-based attacks, the
easiest way to lockout malicious user s from secretly manually
installing malware into one device is to physically secure the device.
Locking one`s device prevent anyone else from having access to the
devices and thus changing and installing unwanted applications.
Even though this measure might seem useless it is important
because when you happen to leave your device unattended to
malicious user might tack advantage and install malware into it
manually.
5.2.2. Set up message barring It is possible for android users to request
for call or sms baring services also known as premium-rate blocking
this package helps prevent unwanted outgoing calls or messages.
This effectively ensuring that if your device happens to be in wrong
hands no one can exhaust you airtime or bundles.
5.2.3. Download only from trusted sources Google has ensures that by
default all android devices block installation of application that are
not trusted; these are application that are not downloaded from Play
Store. Thus it is advantageous to make sure that this functionality is
not deactivated. To check this user can go to Setting
ApplicationsUnknown sources If the checkbox is checked non-Play
store application can be installed thus to stop this just uncheck it.
5.2.4. Closely analyse all permission requests by applications if one is
downloading an application regardless of whether from play store or
any other source user should check the application`s list of
requested permissions. Then check the developer`s site to see why it

27

request for such permissions and also have a tendency of looking at


app reviews to get feedback from other users.
5.2.5. Use anti-theft protection Android user can find software that allows
users to remotely wipe the data on their devices given that it is lost
or stolen. Some of these antitheft applications also provide tracking
capabilities and alarm ringing etc.
5.2.6. Use of reputable Anti-virus to scan all downloaded applications
given one is to download applications from another source they are
strongly advised to scan those applications using a trusted antivirus
before installing them. Scanning help to discover silent behaviour,
which are actions that are not stated on the actions list of the
application.

5.3.

FUTURE WORK

28

6. REFERENCES
[1]

M. Rollins and R. Sandberg, The business of Android Apps Development.


2013.

[2]

10 Hot Consumer Trends 2014, 2014.

[3]

Android - Statistics & Facts, 2014. [Online]. Available:


http://www.statista.com/topics/876/android/.

[4]

Mobile security threats, 2014. [Online]. Available:


http://mobilemaketer.com/cms/news/strategy/14518.html. [Accessed: 11Oct-2014].

[5]

X. Qian, G. Zhu, and X. Li, Comparison and Analysis of the Three


Programming Models in Google Android, 2012.

[6]

C. Schaeffer, Richard, National Information Assurance ( IA ) Glossary,


no. 4009, 2010.

[7]

M. Wilson and J. Hash, Building an Information, no. October, 2003.

[8]

Fundamental Security Concepts, 2014.

[9]

K. B. Kelley, Databases, Infrastructure, and Security, 2014. [Online].


Available:
http://www.sqlservercentral.com/blogs/brian_kelley/2009/04/20/securitybasics-the-c-i-a-triad/. [Accessed: 09-Dec-2014].

[10] M. Whiteman and H. Mattord, Principles of Information Security Fourth


Edition. 2012.
[11] pei . yih Ting, Introducing Computer and Network Security Computer
Security Basics, 2014.
[12] J. E. Cannon, Security Defense Strategy Basics, 2014.

29

[13] David Brown, How Mobile Devices are a Bane and Boon to Information
Security, 2014. [Online]. Available:
http://news.clearancejobs.com/2014/06/29/how-mobile-devices-are-abane-and-boon-to-information-security/. [Accessed: 09-Dec-2014].
[14] T. Micro, Security in the Age of Mobility Trend Micro identified
approximately 5 , 000 new, 2014.
[15] F. Tchakount, P. Dayang, J. Nlong, and N. Check, Understanding of the
Behaviour of Android Smartphone Users in Cameroon: Application of the
Security, Open J. Inf. Secur. Appl., vol. 2014, no. 2, pp. 920, Sep. 2014.
[16] D. Research, THE IMPACT OF MOBILE DEVICES ON INFORMATION
SECURITY: THE IMPACT OF MOBILE DEVICES ON INFORMATION
SECURITY:, no. June, 2013.
[17] P. Ruggiero and J. Foote, Cyber Threats to Mobile Phones, pp. 16, 2011.
[18] G. Stoneburner, C. Hayden, and A. Feringa, Engineering Principles for
Information Technology Security ( A Baseline for Achieving Security ),
Revision A NIST Special Publication 800-27 Rev A Engineering Principles
for Information Technology Security ( A Baseline for Achieving Security ),
Revision A.
[19] USDA, FY2015 Information Security Awareness, pp. 142, 2014.
[20] C. Millaney, Billion Dollar Botnets, Symantec, 2013.
[21] R. Yu, Hey Android, Are you frightened of FakeAv plus ransomware,
Sopholabs, 2013.
[22] G. Cluley, Revealed: the top five android malware detected in the world,
Sophos naked Secur., 2012.
[23] F. Liu, Windows malware Attempts to infect Android devices, Symantec,
2014.
30

[24] V. Zhang, Mobile Malware mines Dogecoins and Litecoins for Bitcoin
Payout, Trend micro blog, 2014.
[25] H. Sohulze, BYOD & Mobile security report, 2014.

31

APPENDIX A
Questionnaire

32

33

Das könnte Ihnen auch gefallen