Authors: Rakesh Kumar, Dr. Anant Kumar Sinha, Dr. Narendra Kumar, Arif Md. Sattar
Certificate: View Certificate
The presented article provides an overview of related literature on the subject of mobile security. The issue was selected as a result of the increase in mobile applications and the underdeveloped discussion surrounding the security of those applications. Cell phones and tablets with mobile operating systems are regarded as mobile devices for the purposes of this essay. More specifically, these are BlackBerry OS (RIM)., iOS, and Android from Google, respectively Even though it\'s crucial to understand these concepts, the security flaws in the Android OS are the main subject of this literature review. Malware that changes to be somewhat different from the previous version is referred to as polymorphic. Although the malware\'s functioning is unaffected by the automated code changes, they may make traditional anti-virus detection technologies ineffectual. The method used to target a certain technology is the simplest way to define an attack vector (i.e. a path used to compromise a particular system). A group of \"zombies\" that are remotely managed for harmful or financial purposes makes up a botnet. Many times, a single botnet consists of hundreds or even thousands of devices. When the word \"vulnerability\" is used in this document, it refers to a weak point that makes a system\'s security more susceptible to attack. When three factors—a system weakness or flaw, attacker access to the weakness, and attacker capability to exploit the weakness—intersect, a vulnerability results.
As organizations start to rely on these devices for routine tasks, the need for mobile device security has increased. However, it has been determined that these gadgets have no security. Only 10% of the 86 million gadgets in use today, on average, are protected. The news has increasingly focused on the hot button issue of how to secure these mobile devices for both personal and professional use, but there has been little to no research on how to do so. As the number of Android devices has increased significantly over the past few years, Android security has received considerable attention. Device activations have increased by 250% just in the past year, and Google's "Play" market has seen more than 11 billion app downloads and still counting.
Android and iOS are the two most widely used mobile operating systems. Similar to how different iOS versions include iOS 13, iOS 12, iOS 10, etc., different Android operating systems include Nougat, Lollipop, and Marshmallow. Only 11% of Android mobile users have the most recent Android operating system, compared to 86% of iOS users. According to the Open Web Application Security Project's analysis of mobile hazards, insecure data storage and insecure communication risks are the most serious issues with mobile security. This paper outlines some key mobile device security issues and suggests some preventative measures.
II. SECURITY ATTACKS ON MOBILE
Day by day the security attacks on mobile devices are increasing and most of them are insecure data storage and communication. Some of the critical and conspicuous mobile attacks are summarized below:
4. Security from Malware Attacks: Without the user's awareness, malware or dangerous software is installed on their mobile device. Malware can propagate via insecure applications or the internet. Malware has the ability to collect and communicate sensitive information to attackers, giving them complete control of the mobile device. It can send messages to the entire contact list or to undesirable numbers.
Below is a list of the various categories of the most prevalent mobile malware.
a. Worms: Mobile worms replicate themselves and spread to other mobile devices in a manner similar to traditional computer worms. Without user engagement, mobile worms can propagate via SMS or other communication channels.
b. Trojan: When a user runs the trusted executable files that contain the harmful instructions (Trojan), the Trojan is triggered. Trojan can be used to steal data, disable some mobile device features, and allow an attacker to install other malware.
c. Spyware: The main goal of spyware is to steal and spread users' sensitive or personal information without their awareness.
d. Ghost Push: After gaining root access to a mobile device, this malware downloads malicious apps, changes them to system apps, and then loses root access permissions. Users may need to perform a factory reset on their mobile devices to get rid of these infections. This kind of malware can rob users of their private data.
III. LITERATURE REVIEW
When a user opens an infected attachment file, a virus is installed, infecting the target phone and putting it under the attacker's control. For each of the four scenarios, the following reaction mechanisms have been evaluated:
a. Scanning all MMS attachments at MMS gateways for viruses detection;
b. Promoting user education to increase user awareness;
c. Immunizing devices with software patches;
d. Keeping an eye out for unusual behavior; and
e. Creating a blacklist of suspected infected phones
The outcomes of their experiments demonstrated that any reaction mechanism must be swift enough to react quickly to viruses that are propagating. Although the authors' work is quite persuasive, they stated that an ideal virus response strategy must be able to address a variety of virus behavior and that their work may be improved upon by evaluation extensions.
The aforementioned Android Security concerns don't have any obvious answers. All cryptology (or information security protection) relies on two elements: something you know while something you possess. The ideal representations of this circumstance are an access card and a password. Many times, only one of these things is required, and occasionally, in the most secure locations, both are required. The demand for a quick but reliable biometric solution has increased dramatically since mobile computing has turned into a repository for all personal things including bank accounts, email addresses, and phone numbers. Additionally, malware detection services now have a larger battery consumption than the majority of programmes, which forces consumers to turn off any previous security measures. Users are more inclined to leave these security services on if malware prevention was more battery-efficient and energy conscious.
In the PC industry, polymorphic malware has a notorious reputation, and it seems like new malware detection and prevention techniques are created every month. Polymorphic malware classification is a persistent, continuous challenge. As new techniques are created to combat polymorphic malware, fresh concepts are generated on how to defeat the new detection techniques.
Particularly when it comes to polymorphic and botnet security, there seems to be a notable dearth of material on Android security. The amount of articles written has greatly increased, although not by as much as may be anticipated given the increase in mobile smart-phone usage globally. Last but not least, the Android Security problems are not clearly addressed, leaving room for further scientific investigation. of malware attacks. Security tool manufacturers concur that it is very challenging to safeguard the complete spectrum of goods because risks are dispersed and not concentrated in one area. They suggest a few standard precautions to guard against security lapses. There is need of intense research pertaining to security of mobile storage and communication.
 N. Leavitt, \"Mobile security: Finally a serious problem,\" Computer, vol. 6, no. 44, pp. 10-15, 2011.  K. Marko, \"Rise of android botnets.,\" Informationweek - Online, 2011.  \"More mobile security glitches,\" Computer Fraud & Security, no. 7, p. 3-4 , 2011.  Khan, J., Abbas, H., & Al-Muhtadi, J. (2015). Survey on Mobile User\'s Data Privacy Threats and Defense Mechanisms. Procedia Computer Science, 56, 376-383.  Cifuentes, Y., Beltrán, L., & Ramírez, L. (2015, August). Analysis of Security Vulnerabilities for Mobile Health Applications. In 2015 Seventh International Conference on Mobile Computing and Networking (ICMCN 2015).  Chatzikonstantinou, A., Ntantogian, C., Karopoulos, G., & Xenakis, C. (2016, May). Evaluation of Cryptography Usage in Android Applications. In proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies, pp. 84-91.  Shukla, V., Chaturvedi, A., & Srivastava, N. (2015). A new secure authenticated key agreement scheme for wireless (mobile) communication in an EHR system using cryptography. Communication on applied electronics (CAE), 3(3), pp. 17-22.  Choo, K. K. R. (2014). Mobile cloud storage users. IEEE Cloud Computing, 1(3), 20-23.  Agasi, O. (2015). Encapsulating mobile security. Computer Fraud & Security, 2015(6), 10-12.  Cheng, J., Wong, S. H., Yang, H., & Lu, S. (2007)“Smart-siren: virus detection and alert for smart-phones”, In Proceedings of the 5th international conference on Mobile systems, applications and services, pp. 256-61.  Van Ruitenbeek, E., Courtney, T., Sanders, W. H., & Stevens, F. (2007). Quantifying the effectiveness of mobile phone virus response mechanisms. pp. 790-800, In 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Copyright © 2022 Rakesh Kumar, Dr. Anant Kumar Sinha, Dr. Narendra Kumar, Arif Md. Sattar. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.