Premium Essay

Mobile Security Threats

In: Science

Submitted By MulaloM
Words 2908
Pages 12
Title

A research proposal submitted by
Masisi Mulalo

Supervisor:
Moyo Benson

Computer Science
University of Venda
2014

ABSTRACT

We live in a digital era where communication, information sharing and even business transactions is exchanged on mobile devices such as laptop computers, palmtops, tablet computers, smartphones and cell phones. The new age group of young people have never known a life without a mobile device with internet capabilities. Mobile Devices are an integral part of personal and social lives it is only logical that users should have awareness of security during the use of mobile devices. Individuals and organisations have both been beneficiaries on the rapid expansion of information and communication technologies (ICTs).

Inevitably however, these offerings by mobile devices also bring about security vulnerabilities which users in Thohoyandou are not aware of. According to Lookout principal security analyst Marc Rogers, 2013, following simple precautions like sticking to the Google Play Store can ensure the security of a mobile device. This is rather not always the case as hackers and crackers make use of trustful applications to distribute malware. This study intends to outline security vulnerabilities and deliver clear recommendations on essential security technologies and practices to help mobile device users in Thohoyandou. Correct misconceptions or myths in order to bring about changes in attitudes and usage behaviour.

INTRODUCTION

The internet has transformed South Africa in just a drastic time, almost anything we see touch visualize is somehow connected to the internet. With systems that create, retrieve, process and manage information then distribute it across the world. We live in a digital era, where communication, information sharing and even business…...

Similar Documents

Premium Essay

Mobile Security

...WHITE PAPER Copyright © 2011, Juniper Networks, Inc. 1 MOBILE DEVICE SECURITY— EMERGING THREATS, ESSENTIAL STRATEGIES Key Capabilities for Safeguarding Mobile Devices and Corporate Assets 2 Copyright © 2011, Juniper Networks, Inc. WHITE PAPER - Mobile Device Security—Emerging Threats, Essential Strategies Table of Contents Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....

Words: 3536 - Pages: 15

Premium Essay

Mobile Application Security

...SECURING A MOBILE WORLD Introduction Today’s smartphones and tablets are more than communication devices. They are hip-mounted personal computers, with more memory and processing power than your laptop of just a few years ago. They are an integrated part of our lives… personal and professional. The information they provide is so vital that the Army is piloting their use as standard field issue to every soldier, complete with combat-focused applications [1]. However, smartphones and tablets raise new security issues. They are more likely to be lost or stolen, exposing sensitive data. Malware risks are increased because they connect to the Internet directly rather than from behind corporate firewalls and intrusion-protection systems. Security of mobile devices focuses on controlling access through the use of device locks and hardware data encryption. While this may be sufficient for individual users, it is insufficient for defense needs. Many documented examples exist of hacking of the device lock, as well as defeats of the hardware-level encryption. Once the device is unlocked, there is generally unfettered access to all apps and their associated data. Military applications require additional application-level access controls to provide data security. Unfortunately, there are gaps in the application-level security model of the two predominant mobile operating systems: iOS from Apple and Google Android. Our ongoing research1 looks to address these gaps by developing......

Words: 4009 - Pages: 17

Premium Essay

Security Threats

...Security Threats & Vulnerabilities As information technology grows also does the need to protect technology or information on the system. Before we can protect the information on a system we need to know what to protect and how to protect them. First must decide what a threat to our system is. A Security threat is anything or anyone that comprise data integrity, confidentiality, and availability of a system. Another security issue for systems is Vulnerabilities in software that can be exploited by people that want to do harm to a system. It’s up to the personnel or team that’s in charge of protecting the system from threats and vulnerabilities. The personnel that secure information technology systems are known as (ISO) Information Security Officer, (IASO) Information Assurance Security Officer, (ISM) Information Security Manager ect. No matter what name the personnel there job is the same to protect information systems. Security Officers will have to set policies that govern the system and create plan on how to handle security threat and vulnerabilities. Security threats can consist of any number issues ranging from physical attack, spoofing, password attacks, identity theft, virus attacks, and Denial of Service attacks, Social Threats, Espionage, malware, spyware, Careless Employees, and hackers. We will disuse all of these threats and ways to prevent them later in the report. In 2010 Kevin Prince, CTO, Perimeter E-Security "As these security threats are becoming......

Words: 2408 - Pages: 10

Free Essay

Top Security Threats

...Top Security Threats Craig Gagne’ IS317: Hacker Techniques Tools and Incident Handling 12/15/2013 Hany Othman The report highlights dramatic increases in targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices. Targeted attacks Targeted attacks such as Hydraq and Stuxnet posed a growing threat to enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks leveraged zero-day vulnerabilities to break into computer systems. Stuxnet and Hydraq teach future attackers that the easiest vulnerability to exploit is our trust of friends and colleagues. Stuxnet could not have breached its target without someone being given trusted access with a USB key. Meanwhile, Hydraq would not have been successful without convincing users that the links and attachments they received in an email were from a trusted source. Social Networks Social network platforms continue to grow in popularity and this popularity has not surprisingly attracted a large volume of malware. One of the primary attack techniques used on social networking sites involved the use of......

Words: 727 - Pages: 3

Premium Essay

Mobile Phone Reliability and Security

...Mobile Phone Reliability and Security EMP5169 Mobile Phone Reliability and Security EMP5169 Haotian Zhang 7436928 Haotian Zhang 7436928 Table of Contents Abstract 2 1. Introduction 2 2. Mobile Phone Security Issues. 3 3. Mobile Threats and Vulnerabilities 6 3.1. Mobile threats 6 3.2. Web-based Threats 8 3.3. Network-Based Threats 9 3.4. Physical Threats 10 3.5. Mobile Vulnerabilities 11 4. Protection Method And Corresponding Vulnerabilities 13 5. Conclusion 17 6. Reference 18 Abstract Mobile phones especially smart phones have played an important role in nowadays business work. They are one of the most popular platform for people to transfer and exchange data for communication. With the development of technologies, now mobile phones also get involved in area like banking, remote control, m-commerce, internet access, entertainment and medical usage. However, there are more and more security issues along with the smart phone development. It is necessary to find a reliable and convenient way to prevent mobile phones from unauthorized access and diverse attacks. It is suggested that biometrics security technology is best way nowadays and the reliability of wireless services should be improved. This article will introduce many kind of threats and vulnerabilities which affect the mobile phones followed by a biometrics solution to secure the mobile phones. Introduction Mobile phones are booming since 21th century, with global...

Words: 3521 - Pages: 15

Free Essay

Security Threats

...attacks, social networking, attack kits, mobile threats, zero-day and rootkits. These targeted attacks are exactly what it says, they target what they are designed to hit, whether it is a company (small or large), and individual or a specific machine. [ (Symantec, 2011) ] Symantec recorded over 3 billion malware attacks but yet Stuxnet stands out more than the others. However, lets us not forget Hydraq. Each one was highly sophisticated and was tailored for specific targets. Although Hydraq was old-fashioned, what made it stand out was what and whom it stole. Of course targeted attacks didn’t begin until 2010, and it won’t end. Once inside, the attack attempts to avoid detection until its objective is met. [ (Symantec, 2011) ] In 2010, the volume and sophistication of malicious activity increased, the Stuxnet worm became the first with the ability to affect physical devices while attempting exploits for an unprecedented number of zero-day vulnerabilities simultaneously. Although unlikely to become commonplace, Stuxnet does show what a skilled group of organized attackers can accomplish. [ (Symantec, 2011) ] Although providing a look at the security threats that are out there on the internet that us as users face on a daily basis, unless we know what we are dealing with, there is no way to defend against it. This is why it is important that we keep our software updated to help prevent attacks. [ (Symantec, 2011) ] Implementing security measures such as isolated......

Words: 340 - Pages: 2

Free Essay

Security Threats

...Control Fundamentals and Security Threats To: John Smith, Business Manager From: your name Date: n/a Subject: Security threats and the need for security measures The need for security measures is vital to the company. The risk of not protecting against known security threats can be catastrophic. For example, an insider attack can obtain business advantage (long-term business benefits), financial gain, and sabotage which can disrupt performance and corrupt data. Computer criminals known as hackers can obtain secure company information or even create malicious software to harm the system. We must implement ways to make the company more secure by installing firewalls, virus protection, spyware, and other malware protection. The following are three specific social engineering techniques and how to best prepare employees for each potential attack. • Dumpster diving a social engineering attack in which malicious users search through the organization’s trash in the hope of retrieving useful inside information. We must ensure documents and data are properly destroyed before disposing such as using a shredded for hard copies. Providing training and educating employees on guidelines on how to safely dispose of information. • Tailgating is an attack in which a malicious user follows closely behind an authorized user to bypass a security access point. Malicious users can also persuade someone to grant them access to an area without authorization by claiming to have lost or......

Words: 360 - Pages: 2

Free Essay

Security Threats to Companies

...Final Essay- security Threats for companies | Security Threats for Companies | Focusing on Employees | | Meadows Steven A CTR SITEC United States Special Operations Command | 4/17/2014 | American Military University TABLE OF CONTENTS Introduction 2 Chapter 1 4 External Threats 1.1 4 Malicious Code 1.1.a 4 Firewalls 1.1.b 6 Chapter 2 7 Physical Threats 2.1 7 Structure Outside 2.1.a 7 Structure Inside 2.1.b 7 Chapter 3 9 Internal Threats 3.1 9 Employee Access 3.1.a 9 Employee Attitude 3.1.b 10 Employee Training 3.1.c 11 File Permissions 3.2 11 Least Access 3.2.a 11 References 12 Introduction The internet has become a global resource for the working companies. Those who utilize the internet have near endless resources at their fingertips. This gives companies large advantages that those that don't utilize the information available to them on the internet. However, with great advantages, and information, comes great responsibility, and risks. The internet is also full of those who want to hurt companies, for reasons unknown to the company or for reasons that the company may be aware of, but is unable to prevent. Companies will never be able to eliminate the human factor from the work place. Even as self-automation and computers take over the human bodies for work and productivity, the human factor is still there. Someone, somewhere has to have access to the systems in order to maintain accountability, control, quality, and......

Words: 2691 - Pages: 11

Free Essay

Security Threats

...Security Threats Vulnerability can be defined as “a security exposure that results from a product weakness that the product developer did not intend to introduce and should fix once it is discovered” (Microsoft TechNet, 2014). There are possibility that the two databases could have vulnerabilities such as a weakness in the technology, configuration or security policies. The vulnerabilities can lead to potential risks in the personnel records systems. Security risks can be described as actions that could cause loss or damage to computer hardware, software, data or information. Potential security risks to milPDS and Remedy are computer viruses, unauthorized access of systems, personal information theft, personally identifiable information (PII) being compromised or violated, and system failure. These vulnerabilities and security risks can result in serious issue to the center. As a center that has a main purpose of managing personal records, any compromise, whether it is information stolen or a database system losing information can be disastrous for many different reasons. After threats and vulnerabilities have been identified, an assessment should be processed to figure out how the threat and vulnerability affected the system(s). This will assist in determining what measures are needed to ensure the vulnerability is handled. There are policies, Air Force Instructions and procedures in place if threats and vulnerabilities have been detected. The Commander......

Words: 474 - Pages: 2

Premium Essay

Security Threats

...PC Security Threats DeVry University Professor Andino SEC 280: Principles Info Sys Security Computer security is not an issue for organizations alone. Anyone whose personal computer is connected to a network or the Internet faces a potential risk of attack. The Internet continues to grow exponentially which I believe makes us less secure since there is more to secure. Information security is concerned with three main areas: Confidentiality - information should be available only to those who rightfully have access to it. Integrity -- information should be modified only by those who are authorized to do so, and availability - information should be accessible to those who need it when they need it. These concepts apply to home Internet users just as much as they would to any corporate or government network. You wouldn't let a stranger look through your important documents. In the same way, you may want to keep the tasks you perform on your computer confidential, whether it's tracking your investments or sending email messages to family and friends. Also, you should have some assurance that the information you enter into your computer remains intact and is available when you need it. Some security risks arise from the possibility of intentional misuse of your computer by intruders via the Internet. Others are risks that you would face even if you weren't connected to the Internet; hard disk failures, theft, power outages. The bad news is that you probably cannot plan......

Words: 786 - Pages: 4

Free Essay

Common Information Security Threats

...The purpose of this paper is to identify three information security threats, potential risks, and the related vulnerabilities to an organization. We will go in depth to identify these harmful threats and describe each potential risk an organization may have to endure. We will also discuss three major information security threats dealing with SunTrust Bank. SunTrust bank headquartered in Atlanta, Ga operates 1,497 branches and over 2, 200 ATMs in the South and some in the North. SunTrust bank has over $175 billion in assets in the US and the money is increasing even more. The major assets that SunTrust has invested needs to be fully protected against potential information security threats from people trying to steal money or do harm to the organization. One of the major threats that SunTrust bank and other banks have to be cautious of is distributed-denial-of-service attacks or DDoS. A DDoS attack is designed for an attack on a single target by a group of compromised system infecting the target with a Trojan. There are two types of attacks associated with DDoS attacks, which are network-centric and application layer attack. There are two types of DDos attacks a network centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls (Rouse, 2013). The most well known DDoS attack was committed by the Izz ad-Din al-Zassan Cyber fighters in 2012. These attacks were distributed in two......

Words: 1269 - Pages: 6

Premium Essay

Case Study: Mobile Device Security and Other Threats

...Case Study: Mobile Device Security and Other Threats Strayer University Authors Note This paper was prepared for CIS 502 – Theories of Security Management Abstract Mobile communication and computing devices are integral part of today’s business. This provides the executives the opportunity to work from virtually anywhere anytime and became one of the most valuable tools to make business communications. However, due to the nature and size of the device and communication methods, the devices are prone to be lost or compromised and can fall into the hands of unauthorized persons, which makes these devices a very big security concern for the businesses. In this paper the nature of IT related threats faced in 2014 are discussed along with the security issues of mobile devices. a) Security threats presented within the “Security Threat Report 2014” report: The security report of Sophos (Security Threat Report 2014 Smarter, Shadier, Stealthier Malware. (n.d.). Retrieved August 19, 2014, from http://blackboard.strayer.edu/bbcswebdav/institution/CIS/502/1144/Week8/sophos-security-threat-report-2014.pdf) highlights the emerging security risks in the world. It the report, they have identified the following concerns for 2014: a. More efficient Botnets: The botnets become more resilient and stealth by the year 2014. Along with many known attributes, the sharing and copying botnet codes have resulted in emerging new botnets which are being used for various......

Words: 1993 - Pages: 8

Premium Essay

Security Threat

...Security Considerations for Pro Trans Brian Smith CMGT/400 July 27, 2015 Professor Iwona Rusin Security Considerations for Pro Trans To identify any of the vulnerabilities that may be associated with Pro Trans, I would first conduct a detailed risk analysis report that would include data related to variable aspects of the business. First, all of the possible risks will need to be evaluated. How those risks are being controlled will need to be assessed. It will be important to identify any assets that belong to the company that can be tampered with or stolen. The past and possible threats will also need to be documented. Simulated attacks can provide information on the possible impact they would have on the company. This data includes SLE or Single Loss Expectancy rating and an Annualized Loss Expectancy rating with monetary values for both. How much control the company has over specific and general attacks is important also. This data will reveal how safe the system truly is. Conducting interviews with each department staff leader will also be a key step in assessing risk. This would give a general idea of how day-to-day operations are run, how many employees have access to the system, and how many remote locations they have. Since the servers used for data storage are connected to the same network as the servers used for software and Internet programs, there is a serious risk when using web components. For example, all of the employees in the accounting......

Words: 2340 - Pages: 10

Premium Essay

Mobile Security

...Block Storage), or other data repository (such as an Amazon SimpleDB). • Pro: You also have the ability to connect to the underlying VM (i.e. Linux console or Windows Terminal Services) to perform deep interrogation of the machine. Therefore, many of the “traditional” processes associated with forensics can be observed (such as querying system state). Also, many of the IaaS providers support snapshooting a running VM. So, you can also capture the state of a running host quickly (via API that shoots a host after system monitoring detects an abnormality). Con: To do this level of investigation, you’ll need some robust connectivity to the Internet (or provider’s network) and therefore it’s plausible that you can have a similarly hosted “security cloud” that has loose coupling (and robust connectivity) to your “production cloud” where you can pull disk images, system state, etc. . BY Emma Webb Hobson (Senior Digital Forensic Investigator, QinetiQ): Jurisdiction is definitely a problem. I attended a conference recently where a techie chap from Microsoft was presenting, and he was asked the question "Is Microsoft planning to build data centres in the UK, on the basis that for legal reasons in some cases, and also for preference, UK companies need or want to store their data in the UK?" (Microsoft's nearest data centre is in Ireland). The answer was no, Microsoft is not planning on building UK data centres; in usual MS fashion, they are talking to the EU to try to get the laws......

Words: 2234 - Pages: 9

Premium Essay

Security Threats

...Project Part 1: Current Security Threats The top three security threats that Aim Higher College faces are the following: * Mobile devices connecting to the network * Social Media * Compromised routers intercepting sensitive information These threats are the most common that any college faces. The threats have remained at the top of the list every year for a variety of reasons. This list of threats is also unique to college campuses. I will discuss each of the threats in this report. College students love new technology and each year smaller and more powerful devices are hitting the market. Students on the campus have a variety of devices ranging from cell phones, tablets, and laptops. These devices connect to the campus network and are used by students to check email, class schedules, get grades, and many other uses. The challenge is to allow these devices the necessary access and still have a secure network. Each device has to be checked for viruses, spyware, and other types of malware while still maintaining the C-I-A triad. A balance must be found between usability and security. Each time a remote device is connected to the network there is a possibility that the network can be compromised by one these devices. Every device should be authenticated, scanned, and identified. The use of social media has increased in recent years. Students and teachers both use things like Facebook, Myspace, and others. These applications have the potential to transmit......

Words: 589 - Pages: 3