Professional Documents
Culture Documents
How vulnerable is the device people use to store expedient data? In 2016 Symantec
delved to highlight that there were 18.4 million mobile malware detected. In 2017, this peril
escalated by 30 percent thus endangering Android App Store users. These data paves way for
the questions , ‘’What is mobile security ? What are the merits and drawbacks of mobile
phone users incorporating a measure to safeguard their details and private information? To
what extent does it affect our daily lives?’’ This document takes into account these questions
networks they connect to, from potential malware. Security threats in this context are
ubiquitous. These threats are forms of malicious software and spyware with the ability to
access a mobile device’s data with the owner oblivious to this activity. Examples of these
malicious codes include viruses, trojan horses, spyware, and adware. Has your phone ever
detected a virus and you wonder how it got infected? The following actions could ultimately
lead to a phone getting infected: use of unprotected Wi-Fi network,phishing scams which
involves clicking a malicious link while using email, installing of malicious applications,
network spoofing, hackers accessing the phone through spyware and lastly bluetooth
In the world of computer programming, various methods have been modelled to act as
negators to mobile phone security threats. The use of passwords is a common trend, with an
antiquity of 50 years. Personal identification numbers (PIN) are also renowned for securing
mobile data especially by telecommunication agencies. Many smartphone users are opening
up to the use of patterns to protect their phones. Though use of fingerprint sensors has flooded
the market recently, many have adapted it.The use of face recognition is also slowly creeping
into the market. It is of great importance to demistify how the aspect of mobile security has
explicated from the age of its introduction into the sphere of mobile device management
upto date.
BACKGROUND INFORMATION.
Robert Morris Sr. developed ‘’hashing’’ the process by which texts ,are changed into
numerical codes encapsulating the original phase. This was intergrated by unix- like operating
system.
remember for decipherment of Linear B dating back in the 1940s. It is now incorporated into
mobile security measures.Toshiba G500 and G900 are traced to be the first phones to feature
a fingerprint scanner. This was back in 2007. In 2011, Motorola Atrix was the first publicly
accessible device to encode a fingerprint sensor. iPhone 5s is attributed to be the first mobile
phone having a capacitative fingerprint sensor. Woody Blesdoe in 1964 pioneered facial
recognition technology. 53 years later iPhone X (10) was the first phone to feature its usage,
via the Apple.Inc at the World Wide Developer Conference. The history of these
contermeasures against mobile security threats are crucial in understanding how malware
developed.
The concept of mobile security is linked to the presence of mobile malware. June
2004, marks the date when the first virus was manufactured by ‘’29A’’, a group of virus
writers. They called it ‘Caribe’. It was designed to target the Symbian Operating system.It
the Kaspersky Lab. Interestingly ,at the request of its authors , the virus was sent to antivirus
companies . Unfortunately ,the publication of its source code on the internet, breeded its
emerged to replace system applications, and install Comwar. Its vector being Operating
understand its history in order to employ the relevant ways to curb it. Massachusets Institute
of Technology, in 1960 originated the term ‘’hacker’’, where extremely skilled individuals
Dennis Ritchie. At that period in time, ‘’phreakers’’, a group of mobile hackers came into
existence. They broke into phone networks making long distance calls. In the 80s, Robert
Morris, Jr.,deviced a worm on the ARPAnet to investigate its impact on UNIX systems. It
systems. In 1999, anti-hacking products were invented by security software vendors. The
TYPES OF MALWARE.
permeate and damage a computer without the owner’s authorization. The pioneering writers
of malware designed it to improve the security of every Operating System they developed
nevertheless, the malicious code spread to computers. Mobile malware as the name suggests,
attacks mobile devices which includes tablets, smartwatches and smartphones. The difference
between malware and mobile malware is , malware is more prevalent unlike mobile malware.
It is crucial to have a gist of the types of malicous software attacking our phones.
A virus is technically defined as, a code that self replicates at a high speed, through
modifying other programs in a device and eventually corrupts the data. It infects itself to
files by attaching itself. A worm is a another type of mobile malware.It reproduces itself
through network, inserting itself from device to device. It does not require any user interface
that is characterized by displaying the message’’ Caribe’’ whenever the phone is switched
on.Being unscrupulously fooled, into doing something can be very taunting. This is exactly
disguising its true intent and upon its installation, it wreaks havoc in the device. By 2016, 2
billion phones were infected by Hummer Trojan. The fourth type of malware is a rootkit. It is
a clandestine program that accesses and surreptitiously modifies the operating system. It has
malicious tools like keyloggers, banking credential stealers, password stealers, antivirus
disablers and bots for DdoS attacks(quora.com). Criminals are now using botnets to gain
financial access to the many who use phones for transactions. The term ‘’botnet’’ is the short
form of robot network. It is a group of internet-connected devices that have been malware
infected. This paves way for the botnet creator to remotely control the infected devices which
are then termed as’’ zombies’’. As technology evolves, software engineers have tracked how
VECTORS OF MALWARE
Propagation of viruses.
Similar to an observed spreading pattern in the context of influenza (3, 6, 7), SARS
(8,9 ) and the novel Corona virus, a Bluetooth virus infects Bluetooth- activated devices
within a radius of 10 to 30m. A Multimedia Messaging Virus (MMS), replicates itself to all
phones whose contacts are in the Log book of the infected device and within a span of 10m.
In a bid to understand the dynamics of infection, a study was conducted. Using the SI model,it
was considered that an infected user (I ), infects a susceptible user (S ), so that the number of
infected users evolves in time as dI/dt=βSI/N, where the effective infection rate is β=μ <k>
with μ=1 and the average number of contacts is < k > =pA=NA/Atower, where A=πr2 represents
the 3 bluetooth communication area and p= N/ Atower is the population density inside a tower’s
service area. (P.Wang, M. Gonzalez, A.Hidalgo pdf) . The parameter m was integrated into
this mathematical function to symbolize the market share of a specific operating system. This
is due to the fact that, the rate of infection strongly relies on the share of the market of the
handset. For instance, if m= 0.40 , 90% - 99.8% of vulnerable handsets are likely to get
infected by Bluetooth virus in a span of 7 days. Unlike a Bluetooth virus, an MMS virus in a
matter of hours reaches plethora. Nevertheless, the MMS virus is limited as it can only access
Propagation of worms.
replicate itself to the first susceptible handset it finds. In a British town it was researched and
found out that less than 10% of users turn on Bluetooth devices. This greatly diminishes the
indicate the pace of worm transmission. The parameters used were as follows β (t) to stand for
rate of infection at time, I (t) to symbolize number of infected devices at time, R (t)
representing number of devices immune before infection time, S(t) for number of vulnerable
dt dt
dR(t) = γI (t),
dt
dt
β (t)= βo [ 1 – I (t) ]n, N= S (t) + I(t) + R(t) +Q (t), hence 0≤ S(t), I (t), R(t), Q (t) ≤
This model overlooks the fact that infected devices can be upgraded to counterattack
the worm.
Websites that offer programs such shareware for free are the common vectors of
Trojan horses. They can be attached to files posted in a web , while the web operator is in the
dark. A trojan author can also create a website and deceive to offer legit services, for users to
download only to end up hacking into their operating system. A common trend has been
observed of Trojan horses infiltrating a phone as an email attachment. The authors of the
malware are crafty and pique one’s curiosity by disguising the attachment to be from a trusted
organization. This malicious code is also propagated through instant messaging services or a
chat room. A cybercriminal approaches potential victims and convinces them to accept a file,
of which upon opening it, transmits Trojan. NVP Trojan, IconDance Trojan, Destructive
trojan, Feliz Trojan, Joke Trojan and AOL4Free Trojan are examples of this taunting
malware. NVP trojan disrupts the system file when typing vowels they are not displayed on
the screen. Destructive trojan is the most dangerous since it completely modifies or wipes out
files. It is a relief that their presence can easily be detected. Feliz Trojan is very manipulative
in the sense that, it shows a warning image, to stop the user from running a program while it
deletes core files in the background. AOL4Free program was authored by Nicholas Ryan a
Yale University student. It functions by allowing users to access America Online through
evading the subscription fee. A hoax that AOL4Free program was a Trojan horse sent a wave
of confusion to AOL4Free program users. This fuelled the writing of AOL4 Trojan which was
propagated to America Online users. It clears every file and displays “Bad command or file
name.’’ Cybercriminals use this clandestine code to steal passwords. Once they obtain it the
thieves ,are able to masquerade and rob one’s account. Hey You Aol Trojan is received as an
email , with ‘’hey you’’ as the subject. It then sends one’s ID and password by email to the
hacker eventually it can block one from their own account. A remote access Trojan is more
difficult for a hacker to write than one that imitates a login screen to acquire passwords. These
cybercriminals use their intellect to study source codes of existing trojans in a bid to write
new ones. Open source projects such as UNIX, also provide a platform to change a legit
Propagation of rootkits.
In a three year period, between 2004-2006, statistical data revealed a 600% increase in
smartphones. Rootkit malware are designed to corrupt a number of interfaces such as voice,
messaging and Global Positioning System (GPS). Rootkits are in high use by hackers since
they spy on confidential conversation thus compromising the privacy of the end users.
Kidnappers use rootkits to track the location of a user using GPS. This malware does not
spare smartphone batteries.It exploits power – intensive smart phone services such as GPS
and Bluetooth, to exhaust the battery on the phone.(Jeffrey Bickford pdf. ) It is beyond doubt
Propagation of botnets.
Lastly, this detailed focus on mobile malware highlights the propagation of botnets.
Mobile nodes that become part of a botnet perform functions like sending text messages,
deletion of files,recording audio and taking photos. It is very difficult to detect and get rid of
this malware. It is devastating that 100,000 unique IP addresses can be developed by a HTTP
flood from a mobile botnet. In a bid to mitigate the malevolent software discussed above, the
possible threats to Operating Systems of mobile phones should be taken into account.
Many have come across Android smartphones, which are increasingly becoming
Alliance, their marketing being done by the renowned Google. Java (UI), C( core), and C++
is Android’s programming language. Despite its consistent growth in the market it is not
immune to potiential malware. Zimperium Labs revealed that a text message could infiltrate
95% of Android devices. This is not surprising attributing to open nature of the system, which
sets an ideal platform for hackers to carry out their activities. Its open-source model sets stage
for illicit Android Apps. In 2010 AndroidOS.DroidSMS.A was the first Android Trojan to be
developed. It auto-subscribed an Infected device to SMS services thus increasing the phone
bill without the handset owner’s authorization. As if that was not enough, in the same year,
TapSnake game app was a Trojan to deny end users location privacy via hacking into their
GPS. This nightmare grew in leaps and bounds and in 2011, DroidDream , a mobile botnet,
was modelled to gain access to unique identification information. This botnet functions only
while the owners were asleep thus its name. This unscrupulous activities spiked up to another
hacking activities in Android devices. These toolkits were bought at $ 3,000 by malicious
‘’customers’’ .This information does not imply that iPhone operating systems are immune to
attack. Unprecedented iPhone malware implantation has emerged. It operates by escaping the
iOS sandbox and starts functioning as a root. It communicates with a command and control
database, messages, key chains and displaying chat transcripts on the internet are among the
services it provides to its developers. This information implies that many unsuspecting
The rising number of incidents is a reflection of the widening security breach that is an
impendence. It is a foreshadow of the already tainted picture of mobile security in the future.
Telltale signs that a phone is infected is a valueable piece of information. Some of the sure
signs that a phone has a malware are as follows: Having an app that automatically
downloaded itself on a device , a phone that crashes frequently, the phone battery getting
exhausted faster than usual, a very high number of pop-up ads appearing on the screen,
illogical increase in data consumption, unreasonable increase in texting bills. Being keen is
The breach in mobile security evokes the question,’’ what are the countermeasures
against measures against these threats?’’ The pie chart below shows percent incidents by
breach type .
Breach types
stolen laptop
hack
web
Frauds
stolen computer
Disposal document
Snailmail
unknown
lost media
email
stolen document
lost drive
Despite the glaring menace of compromise in mobile security, various techniques can
be employed to narrow this gap. First, one should install apps only from reliable app stores.
This is very vital for Android users. Examples of these are: Amazon Appstore and Android
Market. In the same line one should research on the credibility of the developer of any app
downloaded. In order to check for any bugs in the application, one should read the users
reviews. Secondly, setting a password also plays a key role, in a bid to counter spyware.
Setting a password on the lockscreen prevents unauthorized access to private data in the
phone. Many a times pickpockets have succeeded to withdraw money from victims account
due to lack of passwords. With the ever evolving sphere of technology ,other techniques in the
same line have been established. Use of fingerprint sensors and facial recognition are found to
be effective too. Thirdly, installation of malware protection is an effort worth the benefits. A
study conducted in America revealed that most people prefer to browse using their
smartphones rather than their computers. It is thus necessary to be on the look out for mobile
malware through downloading programs that enhance malware protection. Lookout mobile
mobile operating system, most procastinate it oblivious to the fact that it decreases mobile
insecurity. System developers brace themselves to always be ahead of malware and spyware
authors through updating their systems. Another effective measure is updating privacy
settings. This will ensure that location and conversation privacy is not compromised. Setting
up a two- factor authentication is also factor that ensures protection as one logs in a website
platform. It involes a multi-step login procedure—loging into a website using both a code and
a password—in order to flatten the curve of receiving trojan malware. With exponential
increase in use of Wi-Fi, exposure to malevolent malware has been a red flag.Precautions
should thus be taken before connecting a device to Wi-Fi. As most companies are embracing
to protect company data. The security risks accompanying jailbreaking are immense.
exposes sensitive data to malicious applications. All these measures are responsibilities of
mobile phone users. The operating system vendors, phone manufacturers, Information
technology departments and network service providers also have a role to play.
vary,it is important to understand how iPhone counters potiential attacks. The “Walled
garden’’ approach has been employed to enhance its security. This infamous approach weeds
out installation of malicious apps by users, through ensuring that apps are only downloaded
through the official app store. iOS thorughly scans every app submitted to it by app vendors
and turns down every malicious code. Sandboxing is also a technique in use to thwart attacks.
This ensures that any app one installs does not obtain any data from other apps. In the same
line , the administrator account is inaccessible to most apps, thus they can’t modify the
operating system. Lastly , their timely iOS update is effective in protecting their sytem against
mobile malware. All these provide an extra layer of apple phones security.
Phone manufacturers have also stayed guard to ensure security of their products. For
fixed, mobile, and loT devices.(Nokia.com) This technique detects malicious codes, and
downsizes its impact on the handset. This mechanism is capable of alerting the Nokia security
operations team, of threat intelligence on malicious work going on in their network. The
architecture of this system uses sensors in their host network to check on network traffic
between the internet and user endpoints, for confirmation of malware infection. It includes
malware command-and-control (C&C) traffic, hacking and DDoS activity. The security
alarms are centaralized to a reporting cluster, for analysis and storage. Interfaces link
that notifies the user and an auto-serve remediation portal are also features integrated into this
system.
Samsung mobile manufacturers are also initiating ways to thwart potiential attacks to
their products. They have refined their security strategies . A good example is Samsung Knox
which features a multilayered security technique. It has integrated a trusted root account
which enhances the integrity of any software loaded into the device. This averts the
infiltration of bootkit and rootkit attacks. In addition to that, since the keys are inaccessible
via software, subverting data encryption is a nightmare to hackers. The samsung developers
have incorporated a verified boot process. This is a build up on Android operating system,
which has a ROM-based primary bootloader to initialize basic hardware before secondary
boot software takes over. Conventionally, the bootloader preceeding the OS is called aboot.
Android ensures that aboot is cryptographically secured against subvertion. In the same
spectrum, Samsung devices are designed to boot verify through hardware root of trust
mechanism,which entails the bootloader software first obtains Samsung Secure Boot
Huawei vendors are also not left behind in this quest to breach mobile security. The
use of chip security solutions is strategized to embed the chip into the handset. Huawei’s inSE
This capacitates the smartphone’s system to withstand malware attacks. The incorporation of
EMUI( Emotional User Interface) operating system is another major milestone to enhance
Huawei’s security. EMUI supports the secure TEE ( Trusted Execution Environment )
operating system. It operates at four levels: system security via kernel security(Security-
Enhanced Linux access control) , data security via Huawei Universal Keystore , App security
via app sandbox and app threat detection and lastly communications security via blocks and
filters. Thirdly, Huawei’s mobile cloud services boost security for Huawei accounts, Hi cloud
and App gallery. Huawei has also ensured robust security in the products through obtaining
privacy and security certifications from relevant reputable institutions. These are the efforts
Transparency of the host network is fundamental to narrow the breach. To enhance end-user
device security, three main control measures are put in place: administrative control and
storage of sensitive data on servers with ‘’unique’’ passwords and devising secure
configurations for the network . This information depicts that different spheres are involved in
i. TO THE ECONOMY.
With the rising tide of mobile malware, the cybercriminals are draining the economic
sector globally. Since mobile phones have a built-in billing system unlike computers, mobile
related crimeware attacks, are generally escalating for money gain by hackers.This simply
implies that basic things like texting and making phone calls are potential gateways to
Statistical data compiled by Verizon Data Breach Investigation in 2018, reveals that 58% of
malware crimes affected small businesses. One of the negative impacts of malware on a
business includes interruption or even worse, debilitation of the quality of services offered to
clients. This is linked to the fact that, malicious codes can easily break the network of
organization and compromise the effectiveness of the services. This is eventually detrimental
identity theft . This descibes a notorious code obtaining passwords and identification number
details and sending spam e-mails to disrupt activities of other devices in an organization . This
is action achieved through the hacker ordering the code ,to impersonate the victim. A glimpse
of how specific industries have been affected is able to give a deeper cognizance of these
adverse effects.
The healthcare industry is ranked to have the highest cases of malware crimes.
Research findings, accentuate that one in every eight Americans have their health data
exposed. The stolen records are utilized to gain access to medical services or prescribed
dosages. The Anthem medical data breach, is an occurrence that will forever be scribed as the
most adverse in the history medical related malware crime. It is reported that 37.5 million
records were stolen with 78.8 million details on personal identification directly affected. The
New York times stated that approximately 80 million company records were attacked by these
scoundrels. The Anthem settled the lawsuits filed against them at a dear cost ,amounting to
$115 million . The stolen medical data is believed to be used as a commodity in the black
market. This incident is an example of how the health sector is affected in context of malware
crimes.
The accomodation industry is also facing a nightmare due to the uprise of malicious
programs infiltrating the market. The tourism sector is one of the most vulnerable targets for
breaches remain obscure months after the attacks are accomplished. These crimes are mostly
linked to hotels’ insiders acting as accomplices to cybercriminals. The hotel staffs leak
sensitive data to hackers for them to subotage the organizations’ database and gain access to
the innocent tourists’ credit cards data. For instance, 500 million Marriott Hotels guests had
their data -that was provided to the hotel’s database- stolen. It took two years for the incident
to be disclosed. This put the company’s image in the bad books of malware crimes.
The retail industry has also been found to be subject to malware attacks. It is estimated
that, 50% of US retailers are victims of this unscrupulous activity. This is a target due to
mobile security vulnerabilities especially during financial transactions. In 2013, 110 million
clients of Target retail chain in America,had their contacts and credit cards data stolen. This
Financial institutions are deemed to invest highly in tightening their security measures.
Despite their efforts, breaches still occur in this sector. What is the loophole? Since most
clients use mobile banking services, the cybercriminals use malicious websites to intrude their
account details. It was published that banking trojans spiked up by 300% for Android users in
the recent years. This threat has emptied the accounts of many, if not drowning them into
bankruptcy. Ransomware is also a red flag in this sector. This is a tool used by blackmailers to
ask for a hefty ransom in order to release stolen banking credentials. These malware attacks
propagate via URLS in malicious apps. The financial losses incurred lead to layoffs.
platforms like Facebook have exposed private texts , photos and expedient data of malware
crime victims. The World Health Organization states that the prevalence of depression is
more than 264 million individuals. One of the factors attributed to this, being adverse events
like unauthorized exposure of private data to the masses. For instance, many teenagers have
undergone the trauma of being trolled on social media platforms after their privacy is
compromised through malware crimes. It is alarming that the rate of suicides tends to peak as
more are battling with cybercrime related trauma. This is due to the decrease in self esteem
and self confidence as an aftermath of mass crictisms on divulged personal info. It simply
Escalated intensity of layoffs points out to the number of employees who fall victims
of the hackers. Sole breadwinners of families, have been forced to down their tools after being
blamed unjustly for stealing money yet, it was but a cybercrime. The reputations of these
victims has been subotaged as they have been perceived to be scoundrels yet they are not.
This has been detrimental to the careers of many skilled labourers, with their families being
forced to live from hand to mouth.The moral decadence levels have also been on the rise due
to these malicious links sending numerous pornographic files. The social ethical standards
Government data is leaked for espionage and financial opprtunities by the hackers. In Jan ,
2019, sensitive data was leaked to Twitter containing personal info of politicians, public
figures and celebrities in Germany. The stolen data included: phone contacts, private chats
and credit cards data. Frank-Walter Steinmeier, the German president was also among the
victims. This greatly compromised the integrity of the Herman government. Most
international wars are carrying out on the basis of using spyware to obtain military
information . The widely known Russian spies have used this technique to target USA.
The coin of mobile insecuruty is two sided, the advantage of mobile insecurities is
existant too.For instance ,many teenagers have dreaded taking nude videos and photos in fear
of them being hacked and posted on social media. This implies that mobile insecurity has
In the same line, many opportunituies have been created by malware crimes ,for
antivirus companies to have a share of the market. This would not have been possible for
renowned antivirus agencies like Kaspersky were it not for the widening breach in mobile
security.
The argument brought about here is that mobile security has a wide gap which has
both merits and demerits. According to the findings laid out on these paper the demerits
DATA COLLECTION
In our quest to establish whether mobile device users were knowledgeable on the
security aspect of their mobile phones, we carried out interviews on sample device users. We
sampled interviewees randomly and contacted them by way of phone. We limited the
The interview was well structured and the questions were as listed below;
ii. Whether one possesses knowledge on mobile security, if yes to what to what
extent?
iii. Any experience of mobile insecurity from the listed forms of insecurity, if yes
iv. Are there any measures one has taken to protect the device against future
v. Is there any vulnerability that you suspect your device may be susceptible to?
vi. How has this aspect affected your usage of mobile devices in day-to-day life?
How? Also was to rate from a scale of 1-5 with one less modification and five
greater modifications
RESULTS
Type of Device and Mobie Insecurity
Type Of Device
Experience of insecurity
0 2 4 6 8 10 12 14 16
Numericals
Android Iphone
MODIFICATION OF BEHAVIOUR
SCALE 1
SCALE 2
SCALE 3
SCALE 4
SCALE 5
0 2 4 6 8 10 12 14 16
YES NO
DISCUSSION
experienced this malice or both. Such a group out of insight or knowledge is usually forced to
change its behavior majorly socially and economically. A larger percentage of the users prefer
the android based devices, a further probe revealed it was due to their range of services
offered and affordability compared to iOS who have restrictions such as not permitting
externa storage. More than half of both these groups have experienced insecurity incidents on
their devices. iPhone users believe that iOS is secured extensively and have no need of taken
security steps, this though is combined to the fact a higher percentage have no knowledge on
it.
The area of focus was how this has affected behavior and normal day-to-day life. 80%
of the users have been forced to modify their behavior (social and economic application of
their behavior). Most of the correspondents were in the 4-5 scale as an increase trend was
posted. They affirmed the fact that for example they had been forced to change their way of
storing data; most of the group preferred physical storage of information like passwords,
credit card details etc. Sometime back one interviewee had the same password almost in all
arenas, this coupled with backing up passwords in browsers led to siphoning of funds from his
accounts, his social media platforms were also intruded and naughty stuff posted that had him
Most of the users of iOS believe the system cannot be hacked. Apple though at one
point had admitted that it had taken them long to remove a high utility app. This app had been
gathering information from users and sending the details to a base in China. No need to say
Android users had no surety of security in whatever aspect in their devices. They have
the highest number of users who have been forced to change their way of operation. Students
do not prefer portable mobile phones for online classes as this may lead to them attracting
some viruses from sites. This young population has also reduced their visits to pornographic
sites as they post the highest dangers of infecting devices, this is a positive note though.
CONCUSION
In conclusion, Android developers should cease using the open source method , in
order to seal all loopholes for malware infection to Android end users.Sensitive data like
passwords, credit card data and IDs should have back up configurations so that hackers are
blocked from accessing personal email and bank accounts.The masses should be educated on
ways to prevent malware crime attacks.Bank clients should decrease the use of mobile
banking services to lower chances malware frauds.A single well protected server should be
hacking activities in time. This helps maintain our adapted way of our life.
References