Tuesday, May 5, 2020
Research Report on Vulnerabilities on Mobile Platform Security
Question: Describe the Research report on vulnerabilities on Mobile platform Security? Answer: Introduction Mobile devices are not merely used for making or receiving calls, as it was done in earlier days. Users can use the device for different purposes like checking e-mail, online purchases, e-banking, and many others. These can be done with the help of a specialised application or web browser. The information entered by the users for e-banking is quite confidential in nature. As the nature of information that has been shared by the user is highly confidential, it has to be protected. At present, the OSs used by the mobile phones are quite untrustworthy in nature. This increases the risk of information being hacked by any unauthorised individual. Some of the problems that can be faced by the users include booting, sandboxing mechanism, and others. Such factors can affect the performance of the applications and increase the possibly of fraudulent activities. The platform vulnerability has to be analysed, as it presents the loop that is present in the security system within the device. Rega rdless of the effectiveness of the operating system, the loop present within the system impacts the security of the data that has been stored in the system. In this case, it becomes possible for the users to exploit the software and the information that has been stored within the system. There are possibilities that the system might not perform as it was expected to do. It is essential to analyse the factors that causes the deviations, as the correct measures can be taken to control the changes or security threats. With the help of the security platform, the control system can be analysed and corrective measures can be taken to implement the required changes. This would protect the data that has been stored within the system. Through the security control measures it is possible to restrict the access of important information that is stored within the system. This will encourage the users to make the best use of the application system, which is meant to simplify the process. Also, it becomes quite easy to access the data used for reading or writing that has been stored in a particular file. Thus, it is necessary to analyse different types of threats that can impact the system of information storing and will encourage the users to make the best use of the system. Besides this, the important information that needs to be shared between the users has to be highlighted as this will help in improving the quality of tasks that is being performed by the system. (Alavi, and Leidner, 2001) Literature review As per Aciicmez, et. al. (2008), the mobile operating system is considered to be quite complex, and this makes it quite challenging to introduce an effective security system. In many cases, the sand-boxing system provided by the OS is not in the uniform formal. This makes to it quite challenging to analyse the issue and implement an effective security measure. Apart from this, the system also shares codes with certain open sources that include Linux and GNU. However there are no security measures that have been introduced to secure the confidential information that has been entered into the system. With the help of effective security measures, it is possible for the company and the users to introduce an effective system that would detect the vulnerable factors. This is done after analysing the mobile device code that can affect the performance of the applications. Thus, the needs for introducing an effective isolated security measures has been felt by many users. The implementation process has to be done in an effective manner, as it is necessary not to break the trust that has been developed with the host application. In this case, it is imperative to find the type of security measures that needs to be introduced for securing the data that has been entered into the system by the user. The present Smart phones use an effective hardware support system that functions effectively. It easily isolates different types of execution environment that are related to the security features. (Becher Hund, 2009) Due to increase in the issues related to threat factors, the demand for different types of mobile applications has tremendously increased. This has also increased the need for implementing or introducing an effective add-on hardware system that will secure the security properties. The hardware system that exists in the handset performs different tasks that are associated with the execution of the security features that are considered to be necessary for protecting the information. Some of the features that are present within the handset are not good enough to protect the applications that have been downloaded by the users from various sources. It is quite essential to understand the relevance of the hardware and software system. Such factors basically concentrate around different stakeholders that include OEM, mobile network providers, device owners, and application developers. The carriers play a key role in integrating the platform that is used by the mobile users. (Genoulaz Mille t, 2005) Relevance of the knowledge sharing method In management application system, it becomes imperative to share knowledge or information that would help the users to find relevant information. Based on the features of the application method, the users would be able to use different applications that would help in gathering the required information. Also, the use of the supported devices, price, and support options play an important role in the execution of the task. In this case, the issues related to the security factors holds a major stand, as the users would want to secure the details that has been stored in the system. Users preferably use the handset for accessing and storing information for business purposes. In such a situation it becomes quite important to secure the necessary information from any unauthorised access. Users basically use the documents for sharing tools, which sends and store the sensitive data that is required. As per ====, it is important to research the type of security measures that needs to be impleme nted by the users depends upon various factors. The steps intended to be followed has to be planned to secure the details and data the confidential information. Security features basically concentrates on the documents or information that needs to be implemented by the company. (Christiaanse and Venkatraman, 2002) It is important to analyse the impact of the vulnerability has to be analysed in advance as this will help on handling the issues. The operating system present in the handset is considered to be responsible for handing different resources that is used for accessing the information. When the platform for vulnerability is manipulated, the key security control system helps in managing the resources. In this case, the resources are bypassed, which makes it possible for used to access the information with any authority. In the unusual process, the application method has certain limitations to the access of the information that is used for the resources. When the best security system is applied, it becomes possible to access the important information including the resources that is managed by the operating system. The issue is escalated as this will allow the malware functions to compromise with most of the sensitive data that are stored within the system. Also, the conduct of the other ma licious activities becomes quite possible. (Dai, et, al, 2010) Different types of threats There are different types of mobile threats that can impact the information that has been stored within the system. It is necessary to identify the same and use the details in the best possible manner. This will help in controlling the unknown and known threats that can directly impact the details that are stored with the system. Some of the different type of threats that can impact the mobile platform has been mentioned below Proximity attacks- In such type of issues, the attacks are basically performed through physical access to the handset. This increases the possibilities of vulnerabilities that can impact the details or the information that has been stored within the system. Jail-breaking In this process, the end users analyse the factors that causes the malicious malware functions. The prime objective for conducting the research for malware is finding the impact of the security measures. Through this system it is possible for the users to modify the system that has been used for partition in the installation of the unauthorised application. This can be also used for modifying the platform configuration that has been used for securing the details that has been stored within the system. Trojans - In this method, the type of malicious program that contains more than one exploits are taken into consideration. The process includes analysing the platform vulnerabilities that are basically used for jail breaking purpose are analysed. It also includes the exfiltration data has to be analysed. SMS phishing It basically includes analysing the type of messages that are used for linking to different websites that has been accessed by the users. In this case, the leverage vulnerability present in the browser and media readers is analysed. (Devaraj Kohli, 2003) The mobile vulnerability is related to the mobile threats that is associated with the proximity attach on the IOS device or system. This encourages the bypassing of the lock screen system that is being used for the security purposes. The attack basically has been classified into two types of Attack#1 and Attack #2. In this case, the effective steps have to be taken for protecting the mobile from platform vulnerability that can destroy the details or the information that is being used by the users. The device is being used for running some of the latest versions for firmware on the handset. Through this process, the firmware can easily update the close platform that has vulnerable features. In such a situation, the vulnerable charters leave the device in susceptible situation, which makes it easy to be exploited. Apart from this, it becomes necessary to take the necessary steps through which the security measures can be implemented by the users. This has to be done at the time of downloading the sources or the contents that is downloaded through the malicious applications. In some cases, the applications or the games that contains exploits from the platform vulnerabilities has to be analysed. This can impact the performance or the data that has been stored within the system. There are different types of application softwares that are downloaded by the users. This increases the possibility of downloading the malware that can impact the security system that has been implemented in the system. In some cases, the users basically use the system for storing the important information like e-mails and others. It becomes socially enabled knowledge application system. Some of the applications like the bloom fire usually accomplish the easy to use content that helps the users to use the creative and curated tools. Such tools can be used for various purposes. At the time of downloading the software or application it becomes imperative to adopt and implement an effective strategy through which the information can be secured by the users. Such applications are basically used for commercial purposes. Thus, it becomes imperative to introduce an effective system through which the information can be protected by the users. (King Marks, 2008) In this case, the current mobile platform system that has been used by the users has to be analysed. This includes evaluating different mechanism that would help in authenticating different types of information that are accessed by the users. It includes internal and external information that has been used by the users. The public portion is related to the signing the key information that has been stored within the device. This, the capabilities are analysed so as to check the OEM's and the carriers like the software devices, updates and assigning various identifies to the mobile. (Mabert, Soni Venkataramanan, 2000) Methods In this research study, there will have an attempt for the process to understand how an organization can create value through information security. Thus the research will depend on qualitative and quantitative methods. The majority of the study will depend on qualitative and quantitative method for successful analysis. Quantitative method: Quantitative research is the unstructured process that is used to gather the data and it will be helpful for data findings and conclusion will be based on the quantified data. The researcher will focus on interviews and other methods of data collection such as questionnaires and textual analysis. (Mouelhi, 2009) Qualitative method: It is the scientific method that helps to seek responses for the particular question and the findings are based on important collection such as in case of semi-structured methods, interviews and observations would be used for data collection. The open ended questions would be used for information gathering and the number of objectives will be restricted for the in-depth analysis and information. (Valero, 2014) Process: Sampling process is the method that helps to improve the accuracy and also increases the data collection methods. (Selwyn, 2002) Research questions: Does business create value with information security and security policy? What are the security issues on mobile devices? How could the organization manage the mobile threats? (Priem Butler, 2001) Hypothesis: H0: Does the organization create value through the use and implementation of information security and policy? H1: The organization does not create value through the use and implementation of information security and policy? (Jennings, 2014) Data collection methods: The researcher will focus on interviews and survey methods to collect the qualitative data from the respondents and this process is very lengthy that contains high time. In case of qualitative method, the data support the feelings of the respondent and the information is gathered via interviews, observations and online surveys as well as questionnaires. Interviews: It is the direct and face to face approach that helps to gather the data on the particular subject. It involves either a single person or a group of people. An interview is known to be the best method of data collection that deals with the information from the respondent. This states that interview is the meaningful transfer of information that achieves success and it helps to collect the valid and reliable data to respond to the objectives and research questions. (Ward, 2014) Questionnaires: Questionnaires offer primary data to support to the outcomes and it strongly is based on the correct data to meet the objectives by the questionnaire. The questionnaire is aimed to understand the views gathered by the information and the conclusion. This way, the questionnaires are designed to collect large amount of data that will be feasible as well as cheaper. Thus questionnaires that are poorly framed produces poor outcomes as the data collection will be irrelevant. The good questionnaire will collect reliable information that produces the more precise conclusion. Thus to compare the interview questions and methods are easy and the data collection is more accurate however, this method is more expensive. (Robey, Ross and Boudreau, 2002) Online surveys: The most important method of data collection is online surveys and these responses would be gathered by emails and the questionnaires would be prepared by email. This method will be the latest method and there will have sufficient time to complete the survey. Thus the manner of survey is interesting that attracts the respondents. These surveys are gathered by companies, employees and other organizations. There is no additional or financial cost involved and the cost effect is very low. (Grimsley, 2014) Observations: It is the very critical method of data collection that records every bit of information. The researcher collects all minor informations and happenings. The personal experiences would be included in the research study to make the research successful and the method of observation will bring an honest approach that is regarded as important information and offers better view on research solution. (Saunders, 2007) Quantitative method: The data collected in terms of figures and mathematical approach is the best form of data interpretation and is known as quantitative data. As per surveys, the research objectives and the analysis depend on resources and results. The survey will be based on the gathered form of questionnaires and the result will be the best mathematical as well as statistical approach. (Saunders, 2009) Validity and reliability: The term validity and reliability are the critical factors that help the research to be involved in the survey. Every process in the research has been developed with respect to guidance and the interview has been conducted with the guidance of the researcher. Every process in this research has been gathered the questions and the interview has been conducted with the individual responses and views provided by the participant to establish the validity. (Slack, 2007) Limitations of research (primary and secondary data) Every research has its own limits and the limitations of the research were primary and secondary research, thus the findings will strongly depend on secondary data. The secondary data contain certain limitations and the behaviour of the respondent plays an important role when the respondent is positive with the research question. Conclusion can be influenced by primary research and questionnaires filled quickly due to less time cannot be dealt as the valid information. Thus the evaluation of the questionnaires happens after the even just like any other research approach. There is a fair change that respondents might forget major problems. There can be a gap in accurate data and the data offered by the respondents. (Cropanzano, et.al, 2001) Research ethics: Every research follows certain ethics and there are many issues to identify the respondents. Ethics in a research helps to identify the responsibility of the assessor to gather the information. The researcher will point out the levels of ethics that needs to be followed to offer security to the respondents by offering personal details confidentially. The researcher is confident that the ethics has been followed and the respondent is motivated and encouraged to provide reliable information. (Slack, 2007) Results and findings In this section, the various results have been obtained from the surveys and questionnaires and interviews will be analyzed and presented in the form of tables and charts. The data relating to the business performance, proper information regarding value development, IS maintenance will be presented and analyzed. The sample size to collect the data is 192 members and they will hold the position of managers, employees and top level position in the companies. To collect the information successfully, quantitative methods has been selected and through data collection and the questionnaires, the result were gathered and obtained. (Rigo, 2014) Research result Age of Respondents Age Group No. of Respondents 21-25 19 26-30 22 31-35 35 36-40 116 Total 192 As per the above graph, the total number of respondents was 192 followed in the category of age group such as 19 belongs to 21-25 age group, 22 belongs to 26-30 age group, 35 belongs to 31-35 age group, 116 were from 36-40 age group. Participated Respondents' category and their Marital Status Male 116 Female 76 Total 192 With the help of table and pie chart, the researcher found that 116 members were from male category and 76 belong to female category. Income Slab Number of Respondents Percentage Upper middle 30 38% Middle 130 26% Lower middle 20 24% Lower 12 12% Total 192 100% (Wang, 2014) With the help of analysis, it has been found that 12% respondents were earning the lower income, 24% belong to lower middle class, 26% were from middle class and 38% were from upper middle class. Major issues in business performance: According to the above figure, it has been found that business generally faces security threats and challenges and major issues in business performance relates to technical implementation. As per the research, it has been found that 122 respondents believe that security issues are the major reason for low performance in business, 45 respondents believe marketing issues also affect the business performance followed with 25 respondents that believes operational challenges also impact the level of business performance. (Kapurubandara Lawson, 2006). Major mobile threats are: As per the above figure, it has been observed that the major mobile threats are based on network threats as it is supported by 60 respondents; the application based threats are the other parameter that is the reason for difficulty in information security which is supported by 56 respondents, the web based threats could also be the reason of challenge which is believed by 30 respondents followed with the 23 respondents who supported that privacy threats are the issues in information security in organization and 23 respondents believe that all the parameters have threats with information security so it should be taken care with best information. (Reed, 2013) Best technology for value development: As per the above diagram, it has been found that information security implementation would be the best technology for creating value and development. This is supported by 101 respondents and as per 45 respondents, it is believed that cloud will be the best technique for value development followed with 23 respondents who believes data warehouse management and decision support system would be the best technology for value development. (Reed, 2013) Conclusion: To conclude, it has been proved that the organization can create value through the use and implementation of best security system. This can be done via successful maintenance of IS, implementation of security policies in the organization etc. The performance of the company can be increased with the successful implementation of security system. This is required for handling the challenges that are related to competition in todays business scenario. The business requires different types of information and requires processing the same in the best possible manner. This would help in handling the challenges related to the production activities and other factors that are related to the business performance. With the help of the best information security system, the company would be able to process the required information in the best possible manner. Therefore, it is recommended that the business should implement the security system for possible success and performance. This will create hi gh values in the business. References: Aciicmez O, Latifi A, Seifert A, and Zhang X, 2008. A Trusted Mobile Phone Prototype, in Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE, jan. 2008, pp. 12081209. ARM Limited, 2009. TrustZone API specification 3.0. Technical Report PRD29-USGC-000089 3.1, ARM. Alavi M, and Leidner D, 2001. Review: Knowledge Management and Knowledge Management Systems: Conceptual Foundations and Research Issues, MIS Quarterly (25:1), 2001. Azema J and Fayad G, 2008. M-Shield mobile security: Making wireless secure. Texas Instruments WhitePaper. Becher M and Hund R, 2009. Kernel-Level Interception and Applications on Mobile Devices, Department for Mathematics and Computer Science, University of Mannheim, Tech. Rep. TR-2008-003, 2009. Bharadwaj A, 2000. "A Resource-Based Perspective on Information Technology Capability and Firm Performance: An Empirical Investigation." 24(1): 169-196. Brynjolfsson E and Hitt L, 2000. Beyond computation: Information technology, organizational transformation and business performance, Journal of Economic Perspectives (14:4), 2000, pp. 23-48. Christiaanse E, and Venkatraman N, 2002. "Beyond Sabre: An Empirical Test of Expertise Exploitation in Electronic Channels." 26(1): 15-38. Clarke, R. (2005). The path of development of strategic information systems theory: Porters strategic theory. Dai S, Liu Y, Wang T, Wei T, and Zou W, 2010. Behavior-Based Malware Detection on Mobile Phone, in Wireless Communications Networking and Mobile Computing (WiCOM), 2010 6th International Conference on, Sept 2010, pp. 14. Devaraj S, and Kohli R, 2003. "Performance Impacts of Information Technology: Is Actual Usage the Missing Link?" 49(3): 273-289. Dewan S, and Kraemer K, 2000. "Information Technology and Productivity: Evidence from CountryLevel Data." 46(4): 548-562. Ikebe Y, Nakayama T, Katagiri M, Kawasaki S, Abe H, Shinagawa U, and Kato K, 2008. Efficient Anomaly Detection System for Mobile Handsets, in SECURWARE 08: Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies. Washington, DC, USA: IEEE Computer Society, 2008, pp. 154160. Leyden J, 2009. Sign mobile malware prompts Symbian security review. 2009. Retrieved February 23, 2010 from https://www.theregister.co.uk/2009/07/23/sms_worm_analysis/ Jennings, R. (2014). Sources of finance and their advantages and disadvantages. Small business financing sources. Kapurubandara, M. Lawson, R. (2006). Barriers to Adopting ICT and e-commerce with SMEs in developing countries: An Exploratory study in Sri Lanka. University of Western Sydney, Australia. [online] Retrieved from https://www.collecter.org/archives/2006_December/07.pdf King W, and Marks V, 2008. . Motivating knowledge sharing through a knowledge management system, Omega 36, 2008, pp. 131-146. Klein G, Elphinstone K, Heiser G, Andronick J, Cock P, Derrin D,et al, 2009. Formal verification of an OS kernel. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), 2009 Koistiainen K, Reshetova E, Ekberg J, and Asokan N, 2011. Old, new, borrowed, bluea perspective on the evolution of mobile platform security architectures. In Proceedings of the first ACM conference on data and application security and privacy (CODASPY). Kulp S, Lee H, and Ofek E, 2004. "Manufacturer Benefits from Information Integration with Retail Customers." 50(4): 431-444. Levy, M. Powell, (2010). SME flexibility and the role of information systems: Small business economics. Vol. 11, pp. 183-196. Melville N, Kraemer K, and Gurbaxani V, 2004. "Information Technology and Organizational Performance: An Integrative Model of IT Business Value." 28(2): 283-322. Menon N, Lee B, and Eldenburg L, 2000. "Production of Information Systems in the Healthcare Industry." 11(1): 83-92. Miettinen M and Halonen P, 2006. Host-Based Intrusion Detection for Advanced Mobile Devices, in AINA 06: Proceedings of the 20th International Conference on Advanced Information Networking and Applications. Washington, DC, USA: IEEE Computer Society, pp. 7276 Mulliner C and Vigna G, 2006. Vulnerability Analysis of MMS User Agents, in Computer Security Applications Conference, 2006. ACSAC 06. 22nd Annual, dec. 2006, pp. 7788 Mulliner C, Vigna G, Dagon D, and Lee W, 2006. Using Labeling to Prevent Cross-Service Attacks Against Smart Phones, in Proceedings of the Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), ser. LNCS, vol. 4064. Berlin, Germany: Springer, July 2006, pp. 91108. Mouelhi, B. (2009). Impact of the adoption of information and communication technologies on firm efficiency in the Tunisian manufacturing sector: Economic Modelling. Vol. 26, pp. 961967. Priem R, and Butler J, 2001. "Is the resource-based 'view' a useful perspective for strategic management research?" Reed, K. (2013). Interview: Mime cast CFO peter Campbell. Financial director. Retrieved from Ruitenbeek E, Courtney T, Sanders W, and Stevens F, 2007. Quantifying the Effectiveness of Mobile Phone Virus Response Mechanisms, in DSN 07: Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Washington, DC, USA: IEEE Computer Society, 2007, pp. 790800. Schmidt A, Clausen J, Camtepe S, and Albayrak S, 2009. Detecting Symbian OS Malware through Static Function Call Analysis, in Proceedings of the 4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009). IEEE, 2009, pp. 1522 Shabtai A, Fledel Y, Kanonov U, Elovici S, and Glezer C, 2010. Google Android: A Comprehensive Security Assessment, IEEE Security and Privacy, vol. 8, pp. 3544. Sambamurthy V, Bharadwaj A, and Grover V, 2003. "Shaping agility through digital options: Reconceptualizing the role of information technology in contemporary firms." 27(2): 237-263. Saunders A, and Brynjolfsson E, 2007. Information Technology, Productivity and Innovation: Where Are We and Where Do We Go From Here? Center for Digital Business Working Paper, No. 231. Saunders M.; Lewis P.; Thornhill A.(2007). Research methods for business students (fourth edition), Pearson professional Limited. Saunders, M.N.K., Thornhill, A., Lewis, P. (2009), Research methods for business Students. England: Print hall. Selwyn, N. (2002). Defining the digital divide: developing a theoretical understanding of inequalities in the information age. Cardiff School of Social Sciences Occasional Paper. 49. School of Social Sciences, Cardiff University, Cardiff. [online] Retrieved: www.cf.ac.uk/socsi/ict/definingdigitaldivide.pdf Singh, D. (2010). Ethical and social impacts of information system: Knowledge store. Slack, N. (2007). Operations management: 5th edition. Harlow prentice hall. Stiroh K, 2002. Information Technology and the U.S. Productivity Revival: What Do the Industry Data Say? The American Economic Review (92:5), 2002, pp. 1559-1576. Tanriverdi H, 2005. "Information technology relatedness, knowledge management capability, and performance of multibusiness firms." 29(2): 311334. Teece D, 2001. Strategies for managing knowledge assets: the role of firm structure and industrial context, in Managing Industrial Knowledge: Creation, Transfer and Utilization, I. Nonaka and D. J. Teece (eds.), Sage Publications, London, UK, 2001, pp. 125144 Valero, C. (2014). Applications of qualitative and quantitative techniques of management in administrative decision making in institutions of higher education in Virginia. Vol. 2, No. 5, pp. 32-34 Von, E, 2005. Democratizing Innovation, MIT Press, Cambridge, MA, 2005 Wang, C. (2014). Secure and practical outsourcing of linear programming in cloud computing: IEEE explore. Ward, S. (2014). 5 disadvantages of cloud computing: Small business Wheeler B, 2003. "NEBIC: A Dynamic Capabilities Theory for Assessing Net-Enablement." 13(2): 125-146. Zahid S, Shahzad M, Khayam S, and Farooq M, 2009. Keystroke-Based User Identification on Smart Phones, in Recent Advances in Intrusion Detection, ser. Lecture Notes in Computer Science, E. Kirda, S. Jha, and D. Balzarotti, Eds. Springer Berlin / Heidelberg, 2009, vol. 5758, pp. 224243
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.