• ABC EFG¹ _, ABC EFG^2* and ABC EFG³

4. Security Challenges for Mobile Devices

Mobile device applications offer a level of convenience that the world has never think before it. Everywhere (home. Office, hotel, playground, road, parking, picture palace, travelling in different countries or each place of world) any mobile user can use applications to fulfil their daily needs like communicate, buy, search, payment, sell, entertainment, find general information of their use. This extreme level of comfort has brought with it an extreme number of security risks. Below describing some mobile device challenges, how the vulnerabilities and attackers reducing mobile applications freedom.

4.1 Insecure Data Storage

It can result in data loss for a user, after losing mobile devices an application is improperly secured and all user at risk. Some common piece of data store at high risk like personal information (Name, Address, Date of Birth, Banking information, Family information, Family picture, Social networking address, email address) ,working information (company name, working position, related some application, company contact numbers and official documents if any available).

4.2Physical Security

Physical security of any mobile devices is too difficult, but when mobile users are constantly using mobile devices, which is in always for 24x7x365 and user lose his mobile device then the task becomes seemingly impossible. Intentionally physical security is most concern for risk free mobile devices. If a person lost and misplaced or theft their mobile devices so it may be misuse user’s sensitive data, personnel information, email correspondence , any unsecured documents, address books, business data and files by the thief .

4.3 Mobile Browsing

Mobile browsing is the best feature for any mobile devices for providing best use of internet application but mostly in mobile devices user cannot see the whole URL or web address, least verify whether the web address or URL safe or not and user reach (browse) their way into a phishing related attack.

4.4 Multiple User Logging

Due to progressive growth of social media Single sign-on (SSO) in the mobile application ecosystem it is estimated 60% of mobile application insecure by using same login to multiple social networking application. Hackers who got login credentials for website or apps twitter , Facebook can possibly gain access to user’s profile page. Outmost use of social media single sign-on (SSO) is actually to facilitate social interaction at same time the developer also gain access to some of social information related to sign in user.

4.5Client Side Injection

The execution of malicious programs on the mobile devices over the internet medium by application or web browsing client side injection occurs. Html injection ,SQL injection or other newer attack(abusing phone dialer, SMS ) comes in the client side injection. Hackers could load text based attack and exploit targeted examiner. In this way any source of data can be injected including resource targeted files or application

4.6 Application Isolation

Mobile application is just about everything from transaction, business ,personnel and social networking. Before installing any application in your mobile devices clearly see the permission agreement, privacy and how to access your device with that application. It might be any application theft user sensitive data ,financial data, business data ,personnel data and other valuable file.

4.7 Mobile Device Coding Issues

In an application development it always happen some honest mistakes, unintentionally creating security vulnerabilities with poor coding efforts. It also happen for bad implementation of encrypted channels for data transmission or improper password protection. In this way every development process can have some vulnerability in the coding of mobile application or other application. Every developer cannot ignore this but needs to maintain proper coding so mobile application reach high security aspect.

4.8 System Updates

In a mobile device everybody wants latest version of application for using efficiently so venders always keen to provide latest update and patches designing to fix security issues for better use of application. But in this process other threats (hackers) mixed bad code with real application and provide to install application. It may affect mobile device but user doesn’t know why it’s happening. It is big drawback and commercial attack to application and venders.

4.9 Serious Threats in New Features

For mobile devices, newly added features and updates application are serious risk too. Every venders are making their own application related to their mobile operating system and giving new look, new features. Its comparison among that venders to defeat in the market so making related application and releasing some vulnerabilities for chasing market. So user should enquire first then use newly features so security remain consist in the mobile devices.

4.10 Sensitive Information Disclosure

Its trend that mobile user use their mobile in brad area like login credentials, shared secret keys, sensitive business logic , access token, application code etc. it is also possible these information being disclosed to an attacker by different technology. It should be remain consist security in sensitive information disclosure in mobile devices.

4.11 Improper Session Handling

For mobile devices, session handling is identified security concern for web application. Improper session handling indications to vulnerabilities that are pretty common in using internet applications over any platform like mobile devices or PCs. Session with long expiry time invite vulnerabilities in any case of using financial work. Poor session management can clues to unauthorized access through session hijacking in mobile devices.

4.12 Security Decisions from untrusted responses

For mobile devices, Some operating system like Android and iOS platform, some applications like as Skype may not continuously appeal consent from outside parties, it gives privilege for attackers that may occur in malicious application avoiding security. For this way, applications are vulnerable to data leakages and client-side injection. Always need for supplementary authorization or provide supplementary ladders to launch sensitive applications when supplementary authorization is not promising.

4.13 Weak Authentication and Brute force attack

It’s often seen many applications today rely on password based authentication, single factor. The owners of application do not enforce for strong password and securing valuable credentials. In that case user expose themselves to host of threats, stolen credentials and automated Brute force attacks (Brute force attack means systematically checking all possible password or keys until find exact one).

5. Mobile Threats and Vulnerabilities

This section provides a comprehensive overview of mobile threats and vulnerabilities, cyber criminals have focused their consideration to mobile devices nowadays [1]. Mobile devices are using many useful applications in the internet medium so it’s a prime target for the attackers or hackers to destroy security mechanism and spread threats vulnerabilities. The distance between hacker capabilities and an organization’s protection is widening day by day. These tendency underline the need for additional mobile device security awareness, as well as more stringent, better integrated mobile security solutions and policies.

5.1 Mobile Threats

Threats and attacks that proved magnificently on personnel computer are now being tested on unsuspecting mobile device user to see what works and with the number of mobile devices with protection increasing, there are adequately of easy targets. Attackers are definitely penetrating after the weakest point in chain and then improving in on the most successful scams. Mobile attacks are basically divided into four categories and listed below-

• Physical threats
• Application based threats
• Network based threats
• Web based threats

Physical Threats

Mobile devices are designed (portable) to proper use in the daily lives, and its physical security is an important deliberation [4]. Below describing some physical threats –

• Bluetooth
• Lost or Stolen Mobile Devices
• Computing Resources
• Internet Access

Application Based Threats

• Spyware
• Malware
• Vulnerable Application
• Privacy Threats

Network Based Threats

• Denial of service Attack (DoS)
• Network Exploits
• Mobile Network Services
• Wi-Fi Sniffing

Web Based Threats

• Drive by Downloads
• Browser Exploits
• Phishing Scams

5.2 Mobile Vulnerabilities

• Rootkit
• Worm
• Trojan Horse
• Botnet

6. Solutions and Precautions For Mobile Devices

7. Conclusions and Future Work

Acknowledgements

The authors would like to extend their sincere appreciation to the Deanship of Scientific Research at King Saud University for its funding of this research through the Research Group Project no. ABCDEFGH.

References

1. A Survey on Security for Mobile Devices, La Polla, M. ; Martinelli, F. ; Sgandurra, D. Communications Surveys & Tutorials, IEEE ,Volume: 15, Issue: 1,Publication Year: 2013 , Page(s): 446 – 471

2. M. Hypponen, “Malware Goes Mobile,” Scientific American, vol. 295,no. 5, pp. 46–53, 2006.

3. Reviews on Cybercrime Affecting Portable Devices, Seyedmostafa Safavi, Zarina Shukur, Rozilawati Razali, The 4^th International Conference on Electrical Engineering and Informatics(ICEEI 2013)

4. Mobile Devices Security: A Survey on Mobile Device Threats, Vulnerabilities and their Defensive Mechanism, Shujithra. M, Pasdmavati. G, International Journal of Computer Applications (0975-8887) Volume 56-No.14, October 2012