Isolated Mobile Malware Observation

The idea behind Bring Your Own Device (BYOD) it that personal mobile devices can be used in the workplace to enhance convenience and flexibility. This development encourages organizations to allow access of personal mobile devices to business information and systems for businesses operation. However, BYOD opens a firm to various security risks such as data contamination and the exposure of user interest to criminal activities. Mobile devices were not designed to handle intense data security and advanced security features are frequently turned off. Using personal mobile devices can also expose a system to various forms of security threats like malware. This research aims to analyze mobile network traffic from suspicious mobile applications and investigate data accessible to malicious applications on mobile devices. The research is further intended to observe the behavior of malware on mobile devices. A network with a wireless communication over a centralized access control point was built. The control access point serves as the centralized location for data monitoring, capturing and analyzing of transmitted data from all the devices connected to it. The research demonstrates a procedure for data capturing for analysis from a data collection point which does not require access to each application and allows for the study of potential infections from the outside of the mobile device

Are You Annoyed? The Effects of Mobile Device User Interface and Intrusiveness of Security Notifications on User Security Perceptions

Research on the behavioral-based security of information systems within organizations and for personal use has been common over the last decade, however little is known regarding how individuals perceive the security of their mobile devices. This study seeks to explore how the security notifications within a mobile application environment alter adoption and security-related beliefs concerning their device. We proposed a theoretical model based on the technology adoption and psychological theories, and conducted a set of controlled experiments with 351 subjects in six US universities. A structural equation modeling technique was utilized to examine the overall research model. The data analysis results demonstrate that the majority of our proposed hypotheses were significant. We find that disruptive mobile security notifications cause user irritation, which negatively impacts user perception about mobile security. Mobile device user interface also has compounding effects on users’ perceived usefulness and security with mobile devices

Secure Android Code Helper (Sach): A Tool For Assisting Secure Android Application Development

Mobile devices now store a lot of sensitive data. With many users adapting to the technical advancement of mobile devices, security of the user\u27s sensitive data becomes imperative. Security vulnerabilities in the mobile apps will lead to leakage of user’s sensitive data. The goal of this research is to propose a tool to help programmers create secure Android applications. The tool will warn developers about specific classes or methods that include security vulnerabilities such as data leakage and access control vulnerabilities. The tool analyzes Android source code using two approaches: 1) Parse the source code and XML to report vulnerabilities based on CERT secure coding rules for Android application development and 2) Run FlowDroid on source code, parse the output of FlowDroid and look for device ID, GPS location data being leaked to a log file or through implicit intent. The results from these approaches are combined into reports that inform developers of security vulnerabilities. The proof of concept of the tool has been implemented and tested. Future work includes completing implementation of the tool and running tests on a large number of source codes to evaluate its effectiveness

Future challenges and recommendations

Rapid advances in information technology and telecommunications, and in particular mobile and wireless communications, converge towards the emergence of a new type of “infostructure” that has the potential of supporting a large spectrum of advanced services for healthcare and health. Currently the ICT community produces a great effort to drill down from the vision and the promises of wireless and mobile technologies and provide practical application solutions. Research and development include data gathering and omni-directional transfer of vital information, integration of human machine interface technology into handheld devices and personal applications, security and interoperability of date and integration with hospital legacy systems and electronic patient record. The ongoing evolution of wireless technology and mobile device capabilities is changing the way healthcare providers interact with information technologies. The growth and acceptance of mobile information technology at the point of care, coupled with the promise and convenience of data on demand, creates opportunities for enhanced patient care and safety. The developments presented in this section demonstrate clearly the innovation aspects and trends towards user oriented applications

Secure Android Code Helper (Sach): A Tool For Assisting Secure Android Application Development

Mobile devices now store a lot of sensitive data. With many users adapting to the technical advancement of mobile devices, security of the user\u27s sensitive data becomes imperative. Security vulnerabilities in the mobile apps will lead to leakage of user’s sensitive data. The goal of this research is to propose a tool to help programmers create secure Android applications. The tool will warn developers about specific classes or methods that include security vulnerabilities such as data leakage and access control vulnerabilities. The tool analyzes Android source code using two approaches: 1) Parse the source code and XML to report vulnerabilities based on CERT secure coding rules for Android application development and 2) Run FlowDroid on source code, parse the output of FlowDroid and look for device ID, GPS location data being leaked to a log file or through implicit intent. The results from these approaches are combined into reports that inform developers of security vulnerabilities. The proof of concept of the tool has been implemented and tested. Future work includes completing implementation of the tool and running tests on a large number of source codes to evaluate its effectiveness

A New Learner's Security Behavior Model For M-Learning In Malaysian Higher Education Institution

The motivation to conduct this research came from the awareness that the mobile device exposes m-Learning to security threats and vulnerabilities. The most unfocused issues were the mobile security behavior on learners itself; despite statistically determined that the risks are developing each day on mobile application and devices. Literature has pointed out that learners’ security behavior required to be addressed to control the mobile security threats. This research proposes a learner’s security behavioral model for mobile learning in Malaysia Higher Education Institutions (HEIs). With the security behavior reflection, this model aimed to improve the implementation and management of mobile security in m-Learning taking consideration of the learners’ perspective. This research consisted of four phases, Planning phase, Data Collection Phase, Analysis Phase and Model Development Phase. Four mix-method studies were conducted to generate the dimensions for the model development. Review from the experts and risk based analysis approach confirmed the research findings and validated the practicality of addressing the learners’ behaviors in mobile security. This research contributed to better understanding of the learners’ complexity in mobile security. The research suggested that learners’ security behavior view is significant in preparing mobile security model. This model found to be compatible and qualified, providing the m-Learning learners’ perception within possible security threats that significantly controls to defend against malicious and non-malicious attacks. This approach can guide on what can be done to improve learners’ participation and responsibilities on securing m-Learning. This research also extended the existing knowledge of mobile security and m-Learning fields by focusing analytically on the intersection of both fields. New knowledge about mobile security in the m-Learning from the learners’ security behavior perspective was derived in this research

Vulnerability Analysis of Digital Banks' Mobile Applications

There is a rapid increase in the number of mobile banking applications' users due to an increase in smart mobile devices. Mobile banking is a financial transaction and service offered through mobile devices. Almost all financial institutions now provide mobile banking services to their customers. However, the security of mobile banking applications is of huge concern because of the amount of personal data and information they collect. If an attacker gets hold of personal information, they can access bank payment or card accounts. This research aims to analyze the vulnerability of the UK digital banks' applications to identify vulnerabilities in the apps and proffer countermeasures that can help improve the security of the bank applications. Androbugs, a vulnerability scanner, was used to analyze the vulnerability of six digital banks' android applications. Starling, Monese, Atom bank, Transferwise, Monzo, and Revolut were scanned. All the scanned digital banks' applications have vulnerabilities; however, some have more vulnerabilities than others. For example, Revolut's mobile application has the highest number of identified vulnerabilities. Therefore, there is need for more security in the digital banks' applications as well as other mobile banking applications.Comment: 12 page

Design and Analysis of Smartphone Application Development Methodology

Abstract— The use of modern Smartphone encourages by recent powerful devices such as Apple’s iPhone, Samsung‘s Note, Google’s Android devices etc. In general Smartphone application usage is rapidly growing & expanding throughout the globe. There are need set of emerging guidelines for how to build the new best possible Smartphone applications. Intelligence of mobile has created a wide range of opportunities for researchers, academicians, scientists, engineers, and developers to create the new applications for end users and businesses. Information technology industry enormously concentrates on how to best build smart phone based applications widely. There are various issues in Cutting-edge research and applications development on computational intelligence in mobile environment The mobile-based application development industry is increasingly growing up due to the huge and intensive use of applications in mobile devices; most of them are running on Android based Operating System. As such to develop, analysis and design research model for remotely accessing and control smart phone devices, object oriented strategy is one of the powerful among various traditional software development models. The Various object oriented intelligent development approaches contributes in addressing these issues, as well as discover other potential elements in the mobile paradigm. There are several issues & emerging guidelines that developers follows when building new business or social Smartphone based model.. The combination of mobile computing and computational intelligence focuses on learning model and knowledge generated by mobile users and mobile technology. Mobile technology covers various applications of computational intelligence to mobile paradigm, including intelligence, mobile data, security, mobile agent, location-based mobile information services, intelligent networks, mobile multimedia data access and control

Behaviour Profiling for Mobile Devices

With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life. The modern mobile handheld device is capable of providing many multimedia services through a wide range of applications over multiple networks as well as on the handheld device itself. These services are predominantly driven by data, which is increasingly associated with sensitive information. Such a trend raises the security requirement for reliable and robust verification techniques of users.This thesis explores the end-user verification requirements of mobile devices and proposes a novel Behaviour Profiling security framework for mobile devices. The research starts with a critical review of existing mobile technologies, security threats and mechanisms, and highlights a broad range of weaknesses. Therefore, attention is given to biometric verification techniques which have the ability to offer better security. Despite a large number of biometric works carried out in the area of transparent authentication systems (TAS) and Intrusion Detection Systems (IDS), each have a set of weaknesses that fail to provide a comprehensive solution. They are either reliant upon a specific behaviour to enable the system to function or only capable of providing security for network based services. To this end, the behaviour profiling technique is identified as a potential candidate to provide high level security from both authentication and IDS aspects, operating in a continuous and transparent manner within the mobile host environment.This research examines the feasibility of a behaviour profiling technique through mobile users general applications usage, telephone, text message and multi-instance application usage with the best experimental results Equal Error Rates (EER) of 13.5%, 5.4%, 2.2% and 10% respectively. Based upon this information, a novel architecture of Behaviour Profiling on mobile devices is proposed. The framework is able to provide a robust, continuous and non-intrusive verification mechanism in standalone, TAS or IDS modes, regardless of device hardware configuration. The framework is able to utilise user behaviour to continuously evaluate the system security status of the device. With a high system security level, users are granted with instant access to sensitive services and data, while with lower system security levels, users are required to reassure their identity before accessing sensitive services.The core functions of the novel framework are validated through the implementation of a simulation system. A series of security scenarios are designed to demonstrate the effectiveness of the novel framework to verify legitimate and imposter activities. By employing the smoothing function of three applications, verification time of 3 minutes and a time period of 60 minutes of the degradation function, the Behaviour Profiling framework achieved the best performance with False Rejection Rate (FRR) rates of 7.57%, 77% and 11.24% for the normal, protected and overall applications respectively and with False Acceptance Rate (FAR) rates of 3.42%, 15.29% and 4.09% for their counterparts