Sunteți pe pagina 1din 13

SREENIDHI INSTITUTE OF SCIENCE AND TECHNOLOGY

A Technical Seminar Report


Submitted in Practical Fulfillment of the Requirements
For the award of the Degree of

Bachelor of Technology in
Electronics and communication Engineering (ECE)

BY
Muddasani Kusumasri
19311A04M1

Under the Guidance/Supervision of


DR. VIKRAM PALODIYA
Department of Electronics and Communication Engineering (ECE)
November 2019

1
SREENIDHI INSTITUTE OF SCIENCE AND TECHNOLOGY
(AUTONOMOUS)

DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING (ECE)

CERTIFICATE
This is to certified that the technical seminar report titled “MOBILE SECURITY”, submitted
by MUDDASANI KUSUMASRI bearing 19311A04M1 , towards partial fulfillment for the
award of bachelor degree in electronics and communication engineering (ECE) from
Sreenidhi institute of science and technology, Ghatkesar, Hyderabad, is a record of bonafide
work done by him/her . the results embodied in the work are not submitted to any other
university or institute for award of any degree or diploma.

Dr. Vikram palodiya Dr.P. VENKAT REDDY


Asst. Prof Prof & HOD
Dept of ECE S&H Dept
Coordinator

2
ACKNOWLEDGEMENT

I take immense pleasure in thanking Dr. P. Narasimha Reddy, Executive Director, Dr.Ch.
Shiva Reddy, Principal and our HOD Dr. P. Venkat Reddy, for having permitted us to carry
out this technical seminar work.
I wish to express immense gratitude to our coordinator, DR. VIKRAM PALODIYA Assistant
Professor, ECE Department, for his able guidance and useful suggestions, which helped us
completing my technical paper writing and seminar in time. His valuable suggestions and
comments towards this technical seminar have been very much helpful in tracking various
obstacles and accomplishing the major tasks.
Last but not least we would like to express our heartfelt thanks to our beloved parents for
their blessings, friends, and classmates for their help and wishes for the successful of
technical seminar.

3
DECLARATION

This is to certify that the technical seminar report titled “MOBILE SECURITY”, is a record
work done by me in the department of Electronics and Communication Engineering,
Sreenidhi Institute of Science and Technology, Ghatkesar, Hyderabad.
This report is based on the seminar work done entirely by me and not copied from any other
source.

MUDDASANI KUSUMASRI
19311A04M1

4
SREENIDHI INSTITUTE OF SCIENCE AND TECHNOLOGY
Yamnampet,Ghatkesar,Hyderabad,Telangana-501301.

DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING

MOBILE PHONES SECURITY SYSTEM


ABSTRACT:
Smartphones becomes the most typical and popular mobile device in recent years. It combines
the functionality of mobile phone and PDA. Besides, it provides many computer’s functionality such
as processing, communication , data storage and etc. It also provides many computer’s service, such
as web browser ,portable media player , video call , GPS , Wi-Fi and etc .
This seminar contains depth description of security models of modern mobile operating
system like Android , ios and Windows phone . These security models are cornerstones of security
on current platforms. This seminar also contains the most discussed security problem of now a day’s
malware. However , modern operating system has strong protection against viruses and other types
of infection through it’ s security model , the weakest point of mobile devices are still users . This
seminar comes up with a few protection methods against this type security threat .

PROJECT CO-ORDINATOR By
Dr.Vikram M.Kusuma Sri
HOD- Venkat reddy sir Roll No- 19311A04M1

5
Index:
1) Introduction……………………………………………………………………………………………………………… 3

2) What is Mobile Security? …………………………………………………………………………………………. 3

3) Mobile Security Vulnerability …………………………………………………………………………………… 4

4) Threats and security Risks for mobile devices …………………………………………………………… 5

a) Insecure Data Storage………………………………………………………………………………………….. 5

b) Weak server side control in third party applications ……………………………………………. 5

c) Weak Transport layer protection …………………………………………………………………………. 5

d) Client side injection …………………………………………………………………………………………….. 6

e) Poor authorization and authentication ………………………………………………………………… 6

f) Inefficient session control ……………………………………………………………………………………..6

g) Sensitive information could be leaked and revealed to be exposed or misused …… 6

h) Password protection is unavailable ………………………………………………………………………. 7

i) Wireless transmission is not secured or encrypted ………………………………………………..7

j) Lack of security software for some operating systems ……………………………………………7

i) Out of date security software …………………………………………………………………………. 7

ii) Out of date OS ………………………………………………………………………………………………… 8

k) Unauthorized modification “Jail breaking” or “rooting” ………………………………………. 8

l) Malware attacks …………………………………………………………………………………………………… 8

5) Solutions to enhance mobile security ………………………………………………………………………… 10

6
Mobile computing is an increasing industry. The challenge has started when
mobile devices replaced regular computers and laptops to do multitasking,
social communicating, and business management
through these tiny devices. Security have always been an issue with
computers, laptops or desktops. With the increase number of mobile devices
communication around the clock, Cyber attacker have drawn their eyes and
targets on mobile devices. Nevertheless, open source programming platforms
for these devices have made them an easy target as well, with such many
vulnerabilities and risks. Users should be educated on mobile security: What is
it? What is mobile security vulnerability? Also, the should be warned about the
risks and threats that could affect it. How mobile security could be increased or
enhanced to prevent such attacks?
1) What is Mobile Security? Mobile security is the protection of portable
devices such as, smartphones, tablets or laptops. In this context the
focus will be on smart phones, which are the widely owned compared to
the other two. Regardless of the operating system of the device, threats
are made against them are increasing which affect users’ and
organizations’ security. Threats could be malware, eavesdropping,
unauthorized access ,device theft..etc. In Symantec annual report for
2013, the company numbers states that an increase of 42% in target
attacks has been countered. 1 This increase in cyber attacks, with the
increase increased selling of portable devices make the mobile security
very important and very vulnerable as well.
2) Mobile Security Vulnerability: Smartphones and mobile devices are
exposed to a higher number of threats than other devices like laptops.
Also, they are targeted by Cyber attackers more than before. This is
mobile devices vulnerability. Mobile devices are considered venerable
especially now more than ever for various reasons. First, Mobile devices
are used for daily social media interaction and for associated business
tasks.

7
It contains huge amount of personal information that could be easily
misused. Not only user should be worried about their personal details, but
organizations should too. In today’s business world, with the cloud the new
venture is dominating organization’s technology. BYOD ( Bring your own
device) is considered one of many challenges for mobile security.
Second, their portability, which allow the user to connect to various networks
in or outside safe or secured network parameters mostly all the time. Safe and
secured network examples are home tightened network, or organization’s
highly secured networks. This connection to these networks opens more end
point to the network and the other devices connected to it which make it an
easy gate for attackers to follow and spam. Moreover, connecting to outside or
public network could eliminate the usability of bug fixes and regular
maintenance and updates either to the connected device or to the secured
networks connected to it. That is caused by being exposed to malware and
Trojans outside that network which could infect other network and other
network’s users. Third, the increase of usage of third party apps and malicious
software are one of the most common ways to attack a mobile device. Based
on the Cyrene’s security report in their security yearbook for 2013, The
company noted a noticeable increase in Android malware with
173000 unique variant of it each month.2 . Malware attacks are increasing by
the day. This has been most effect in open development systems such as
android. Although, iOS has it’s share of malware attack too. Based on a 2014
Symantec report, malicious attacks were found in Android was 79% of the total
threat were found by it’s software. While android got the lion’s share, ios did
not encounter any.3 Does that means that iOS users are totally safe? Apple
platform has the most documented vulnerabilities by 82% based on the same
report.

8
3) Threats and security Risks for mobile devices:
a) Insecure Data Storage: As we mentioned before, having mobile phone as a
way to communicate and run daily tasks lead users to save sensitive and
personal information in it. Such information could be a target to get to the
users. These information could include user names, Passwords, Authentication
information, location services data, personal data ( DOB, Social security
number, addresses, credit card and financial information).
b) Weak server side control in third party applications: This is the responsibility
of app developers. Each application should have security standards to prevent
unauthorized access to the server or the application database. Furthermore, to
prevent leakage on user information about usage of such applications.
c) Weak Transport layer protection:
This lack of protection could expose information to be viewed while
transmission which threats the security of such connection.
d) Client side injection:
This kind of act o the user’s device could be an SQL injection. The code for such
apps is saved on the user’s device which could be altered or controlled from
within to expose other users use the same application and out them in danger.
e) Poor authorization and authentication:
the lack of two factor authentication means that the user’s account could be
easily corrupted and hacked. While the use of proper authentication will help
identify unauthorized code, users, or software to be recognized and blocked.
f) Inefficient session control:
In this threat, if the session was not securely handled and an open session
stays open until the users ends it, is bad security. An example of good session
handling is online banking session, if the user was not active for few minute
the session times out and the application sign the user out and close itself.
Poor session handling will be an open unchecked out transaction with related
information awaiting for the user’s response.
9
g) Sensitive information could be leaked and revealed to be exposed or
misused:
That will leads straight to no.1 threat, which is insecure data storage. This
information considered valuable to cyber attacker to be manipulated or used
against users or the organization’s employees. We have to note that sensitive
information is not only personal information, but it could also be a strategic
organizational information that could cause huge loses. Especially with the
growing trend of BYOD( Bring your own device and outsourcing data to the
cloud. This new policy helps company’s to be ahead of it’s competitors and
increase employees productivity, but having these devices connected to
different networks away from IT security eyes could cause a jeopardy to the
business and network security.
h) Password protection is unavailable:
Some devices does not have tight password security software. Furthermore,
some user do not use password locks on their devices or apps. Even when
users do enable password protection, they do not use sophisticated or hard to
predict passwords. It could also be written, seen, stolen or eavesdropped. As a
result, a hacker could easily guess or make assumption about it.
i) Wireless transmission is not secured or encrypted :
Portable devices connects in public and private networks. Public networks
usually are not encrypted therefore they are not limited to specific users. That
means that data transmitted through it is not encrypted and could be easily
exposed and disclosed. For that, they are considered very vulnerable and put
all devices connected to it at risk.
j) Lack of security software for some operating systems :
This is considered a huge risk. The lack of security software I would say like a
house without a door. If the device doesn’t have an upfront protection,
malware and cyber attacks detection, how it could be protected?Under this
threat there two kinds of risks:

10
1.Out of date security software: If the software is not up to date it’s database is
old and not refreshed. The software will not identify new malware attacks.
The vulnerability of the device at that moment increases and the security will
be at lowest point.
ii) Out of date OS:
The regular updates of OS are usually bug fixes and security concerning
updates. If the system was out of date, it will have easy point of access for
criminals and it will be easily attacked.
k) Unauthorized modification “Jail breaking” or “rooting”:
Doing so, will change the role of the application and give it an administrative
right for editing and modifying the system. That means it was granted a
permission to deal with the applications as they come and go. With application
authentication edited and altered, attackers can easily attack a device by
playing with the rooting application. For example, for iOs apps, jail breaking
makes apple devices are remotely controllable, which is widely open door for
attackers.
l) Malware attacks:
Malware an malicious software could do a severe harm to mobile devices.
Start from SMS text messages spam, spam ads, fake phone calls, on the user
cost calls and transactions, fraud transaction to controlling the whole device or
shut it down. Malware are dangerous and could do harm that could resulted to
be:
(a) Denial of service attacks:
When the network becomes unavailable for the devices and users because
of the malicious attack.
(b) Unauthorized access:
When the malware grant permission to unauthorized users to log in a
network and have access to it’s resources.

11
(b) Masquerade:
When a malicious software act as a permitted software in a network or a
device. In other words, Put a mask to act and look like it’s the authentic
application behaving.5 The malicious software steals the identity of the
other agent and act like it. Example of that is spam messaging that could
looked like it’s from a certain retailer with it’s retailer name, but originally it
was originated by the malware.
(c) Eavesdropping:
Eavesdropping happens when there’s an intersection in a secret or
encrypted communication between two sources. It is easily done by mobile
phones because they are not only watched through communication, but
that extends to the history of each and every action or task the device
performs.
(d) Alteration:
In the “NIST report of Mobile Agent security”, the authors explain
alteration as modification that is made to the code of the software or the
application. They stated “When an agent arrives at an agent platform it is
exposing its code, state, and data to the platform. Since an agent may visit
several platforms under various security domains throughout its lifetime,
mechanisms must be in place to ensure the integrity of the agent's code,
state, and data.”

4) Solutions to enhance mobile security:

For organizations, they can increase mobile security by unifying the


architecture of the network system. They can unify wireless network, wired
network and (VPNs) into one centralized. Highly secured, encrypted
infrastructure. That will help monitor the network more closely, who in and
who out. It will also help them detect threat faster than if it was
decentralized. They can perform performance test using ethical hackers7 .
In addition, Transport layer could be encrypted with a PKI(Public Key
infrastructure) to ensure the proper authentication and authorization is
performed.
12
Workshop, and training programs are necessarily for employees to help
increase such security.
For individual use, a user can obtain a higher security by following the next
tips: Users should use password protection to unlock the device, change
password frequently, and should avoid using common used passwords.
Moreover, users should install anti malware, Anti spam and on device
personal firewall to minimize the device vulnerability. Moreover, installing
such software will help fight against SMS/MMS communications attacks.
Phones should have locked back up ,and should be backed and restores
remotely and regularly .Also, There should be monitoring tools that a user
could take advantage off, to monitor the device activity for any leakage &
inappropriate use of information. The device speed, it’s functionality, and
the speed of network connections could be signs of malware if it happened
suddenly.
All in all, mobile devices provided convenience, and increased productivity in
today’s industries. They are a big exposure to information that could not be
easily exposed otherwise. With care and captiousness, all above threats could
be prevented, managed, or at least minimized. With the increase advantages
of using third party application, user’s review is always a good way to check the
application authenticity.

13