The Smartphone Security Awareness Information Technology Essay

The Smartphone Security Aw atomic crook 18ness cultivation applied science EssayOver the past decade mobile phones bring forth wrick pervasive and fox evolved signifi sacktly from feature phones to refreshfulphones to fit the increasing needs of the competitive market and to meet consumers wants and needs. The purpose of this research paper is to provide appreciation and raise guarantor sense into the risks posed by un ascertaind smart mobile devices.Smartphones are ubiquitous devices and are comparative to the personal computer in terms of computational power, choice of operating placements, software with the equivalent ex exded features and the ability to support 3rd digressy software.Smartphones have enabled bloodlinees and their workforce the freedom to join and entrance organizational data 24 hours a day, 365 days a year.What has been done to defend individuals and vexationes from the ever increasing threat of mobile orientated attacks?permeative computing (al so called ubiquitous computing)Endpoint auspices antivirus/malwareenterprise in turnation infrastructuremobile information bail perspective pledge alertness training expert topics are egressside the scope of this researchIntroductionThe purpose of this document is to expose a condescension problem from a technological viewpoint. The subject of the business problem I have selected is on smartphone security alertness. This subject leave behind be analysed and critically evaluated, then expanded upon further to reflect the range of workable solutions and create a comprehensive guide for the benefit of the reader.1.1 MotivationThe motivation for this project was mostly due to my vocational role as an IT consultant. During the course of my employment over the past decade within the IT industry, I have noniced a substantial gap within businesses for the need of greater smartphone security and awareness.It was self-explanatory to me that along with the evolution and improved ca pabilities of cellular devices, established a greater risk for organisations.This thesis is the result of work I have personally carried out in various roles throughout my technological career amongst October 2004 and December 2010.1.2 Aims and objectivesThe following are my aims and objectives for this projectAimsCreate an authoritative document with recommendations to raise awareness and inform businesses for the need of greater mobile security within the business environment.Use insight to establish a research gap.Main objectivesAssess smart mobile devices before long utilize.Analyse security advantages and disadvantages of smart mobile devices.Establish what risks smart mobile devices are uncovered to.Evaluate impact of risk exposed by unsecure mobile devices to businesses.Examine mobile security currently available.Investigate responsibilityEvaluate current business policies and procedures for mobile devices and how these are enforced.Construct smartphone security guide wit h recommendations for businesses.1.3 Problem StatementThe problem is information and financial deviation due to information theft or inaccessibility from malicious software (malware), and the evil impact this has upon the business.There are umteen types of information that can be stored on smartphones for event, personally identifiable information in the form of contact detail (phone, address), email, GPS coordinatesInformation security has giveed significant value within the business domain over the past decade however this value remains subjective. Users have been make aware of the risks posed by malicious software whilst using their personal computer on the internet, now assistive engine room like smart mobile devices are becoming increasingly more powerful, functional and ubiquitous.Where personal computers have at least some(a) security software in place as standard, smartphones commonly have no security software installed and are susceptible to the same threats as perso nal computers.Businesses, professionals and personal use of goods and gainsrs now have a greater awareness for the need of personal computer security. This has been provided by media coverage, enterprise training or through personal experience. When using a personal computer or laptop for example, it is common to find a firewall and antivirus software installed showing that internet safety has now become a sociable normalcy.Examplehttp//www.bloobble.com/broadband-presentations/presentations?itemid=3397Data loss or inaccessibility due to a virus, data theft due toSmartphones are high specification mobile personal computers, and are subject to the same risks personal computers are open to.There are four to five billion mobile phones and we are approaching a billion smart phones. barely remember that these devices are more powerful than supercomputers were a few years ago, and we are putting them in the hands of people whove never had anything like it before. Google chief executiv e officer Eric SchmidtBusinesses need IT to function, IT adds value and to compete in todays economic climate.ITs purpose is to save time, time is money.Todays organisations rely heavily upon information technology in order to leave behind their business to function (Khosrowpour, 2001). This is fundamentally due to how intricate information technology systems are embedded into organisations. Enterprise architecture (EA) is a communication tool between IT and business (Zachman, 2004).EA is multifaceted (Wagter et al, 2005) and for the scope of the project I will be examining how the Security Architecture (SA) facet can benefit organisations to secure the Information Technology within the business against the increasing threat that unsecured mobile devices pose.There are many varied mobile operating systems for smart mobile devices requiring different security applications. I will analyse these systems and the risks associated. My intentions are to investigate what impacts smart mob ile devices can have on businesses, why these problems affect the organisation, and how they are overcome. eventually I will gather insight and make recommendations that businesses can use to foresee and prevent future unnecessary costs and risk.2 Literature criticism2.1 BackgroundThe subject I have proposed to use for this project is a very real-world business and information technology problem.Because smartphone security is still in its infancy, it is currently quite a challenge to source accurate and relevant information from authoritative sources such as Emerald without resorting to weather vane based research. However, the more this project advances smartphone security in the media is becoming omnipresent.The first documented computer virus was builded over 25years ago by two brothers named name 1 and name 2 in Pakistan, the virus was called the brain virusTimeline evolution of the mobile telephone (Malware)AnalogueCellularMobile History / Uses2.2 Current status/Development of theoriesInformation is all that needs to be secured. Malware is changing, smartphones are changing and businesses are changing.How far up the technological ladder are mobiles/feature phones/smartphones2.3 How this project fits in with the publications reviewI had chosen the subject then chosen the literature review method, thus tailoring the literature review to fit the requirements of the project.3 inquiry methods3.1 Introduction hypothesisThroughout my employment, I recognised a gap and need for smartphone security within3.2 Epistemologyhttp//www.learnhigher.ac.uk/analysethis/main/quantitative1.htmlOne of the methods of abbreviation I will to use is the conceptual method, this has been described by Beaney as a way of breaking down or analysing concepts into their constituent parts in order to gain knowledge.Conceptual analysis consists primarily in breaking down or analysing concepts into their constituent parts in order to gain knowledge or a better chthonianstanding of a particular philosophical issue in which the concept is involved (Beaney 2003). I have interpreted this to mean the compartmentalisation and analysis of data.The proposed project will be delivered using an analytical in-depth research structure. I have chosen this project structure as it will primarily be research based on the current business problem as previously stated. I intend to analyse this problem, propose possible solutions, test and enforce a well-documented solution with recommendations.Critical and creative thinking skills such as Edward.De Bono six thinking hats will be used to examine the problem domain. A review will be given on how the systems work and compare them to how they should work. I will then analyse the solution domain by examining which options are available to improve the system security along with an optimal recommendation and the benefits it would provide.3.3 Methodology public figureure research methodFor my project I will implement a triangulated, p ositivistic methodological approach, I have chosen this particular technique as it will provide me a balanced view of the subject area. I will incorporate some(prenominal) quantitative and qualitative primary research methods as recommended by Bryman (BRYMAN, 2006). However for the scope of this project I will be mostly using Quantitative based research as indicted in Fig 1 below..Bryman advises that quantitative data can be gathered by way of a survey and qualitative research collected from journals and interviews.Initially I will undertake primary research in the form of a survey questionnaire, and furthermore I will interview professionals in the field of smartphones and security such as police personnel, security advisors and mobile phone stool staff.The survey will be available to respondents in paper form and electronically hosted so any user with internet access may access it. I will design the survey to be concise and simple to maximise the amount of respondents and gain q uality information.My target survey participants are business managers, IT professionals and general smartphone users. I have chosen to target these particular users as I am trying to ascertain not only the perception of smartphone security but also what policies and procedures are put in place and how aware users are of these. I have proposed to target these users by using a prevalent internet based technological social news website named Reddit.Reddit has a daily turnover of over 850.000 unique users (Alexa, 2010). According to Alexa the average Redditor is male, between the age of 18 to 44, does not have children, is well educated and browses Reddit either from work or home, suggesting that the mass of Redditors are working professionals and due to being a technological social news website the average user is technologically aware (Alexa, 2010). This confirms my premise and establishes that Reddit would suit my proposed target survey participant.There are many options available for online survey software, from each one option has its benefits and weaknesses, I have carefully analysed these options personally and have chosen to utilise the cloud based option Survey Monkey to host my survey. The heedlessness limitations of Survey Monkey arethe survey itself has been designed to be logical with closed questioning andQualitative data has been sourced from reliable and authoritative resources. I have chosen journals from EmeraldPrimary research methods usedInterviewing mobile phone shop staff, police, business ownersI will critically analyse the results of my survey by canvas the answers given to a risk register.4 Results4.1 Presentation and description of resultsWho took part?A survey was conducted to establish the awareness for the need of smartphone security. Users were openly invited from technological backgrounds to extend to in the survey and assured of anonymity. A total of 758 people responded to the online survey from a possible 854,998 potential participants. The survey itself was open for one month during February and ring 2011.The results indicated that majority share with 82% of survey responders being male as opposed to the 18% that were female both averaging at 26 years of age, this confirms part of my original hypothesis as an average smartphone user.When asked, 53% of respondents report that they had used their smartphone solely for personal use as opposed to the 45% of sharers that describe they used their smartphone for both business and personal use, with just 2% reporting to use a smartphone solely for business use only as shown in Fig 2 combining a total of 47%.CUsersLeeDesktopUniUniversity 2010_11MikeDissertationDocumentsDissertationSurveySurvey monkey charts8 skylarksSM_Features_Line.pngFigure Smartphone use25% of respondents had only been using smartphones for the past six months, 17% were aware they had been using them for at least a year and a majority percentage of 59% had been using smartphones for m ore than one year.Only 12% of respondents opted to use the pay as you go payment facilities as opposed to the greater majority of 88% that have contracts.SMARTPHONE34% of respondents used an Apple IPhone, 58% reported to use Android smartphones, 13% used Blackberries and 6% (46) of respondents had Nokia smartphones.(GRAPHIC)87% of respondents had used calendar functions, 94% of respondents used email, 86% of used games, 87% of respondents used GPS features, 74% of respondents used instant messaging, 52 % of respondents used internet lingoing facilities, 66% of respondents used multimedia messaging service (MMS), 94% of respondents used the short messaging service (SMS) feature and 78% of respondents admitted to using social networking sites on their smartphone. A total of 756 participants responded and 2 participators chose not to answer the question.From a total of 758 respondents, 63% (476) valued the somatic smartphone above the 37% (282) whom valued the information more.Applic ations93% of survey partakers used 3G for mobile data communication, 59% of respondents used Bluetooth technology, only 4% of had used infrared frequency line of sight technology, 75% of respondents admitted to connecting via universal serial bus (USB), 94% of participators had used wireless for mobile data communication. Total of 757 participators answered this question and 1 partaker chose to skip the question.SecuritySurvey respondents considered smartphone security as beneficial but not essential as the majority answer with 64% (485), 21% (159) didnt not consider there to be a need currently for smartphone security software as opposed to 15% (114) whom considered smartphone security software as absolutely essential. A total of 758 of 758 responded to this question.87%Of participants stated that they do not use any smartphone security software.87% of participants reported that they did not use any form of smartphone security software such as antivirus as opposed to 13% that did. A majority of 92% (699) had not been advised of any security methods to protect them or their information from fraud, theft or malicious software. 8% (59) respondents agreed they had received adequate security advice. Everyone answered this.Malware95% (694) of respondents were aware of Adware, 27% had known just about Badware, 25% (181) of respondents were aware of Crimeware, 69% (504) had previous knowledge of Rootkits, Trojans(95%, 696), Spyware (95%, 697), and Worm (90%, 656)were the most commonly aware terms of malware from the malicious software list, the majority being virus (711) with 97% of respondents being aware of this type of malware. 731 respondents answered this question.62% of survey participants reported that they did not pay attention to licence agreements and permissions when installing applications on their smartphones 34% reported they did read the licence agreements and permissions. 4% of respondents believed that this question was not applicable to them for their smartphone use.Personal Computer81% of responders were aware for the need of security software for personal computers and 19% were not aware. All survey partakers responded to this question.94% (713) participants have connected their smartphone to a personal computer (PC), 6% (46) stated they had not ever connected to a PC. All 758 respondents answered this question.96% (728) respondents stated that they owned the smartphone, only 4% (30) of respondents had employer owned smartphones. All partakers responded to this question.ResponsibilityOut of the 758 respondents, 15% (115) were aware of policies within their place of business, with the majority of respondents 41% (309) unaware of any workplace policies or procedures particularly orientated toward smartphones. 44% (334) responded that the question was not applicable to them. All participants answered this question.4.2 Discussion and interpretation of the results sentiency and concernCompare phones and age to security awarene ssBb were the most security aware groupInternet banking is true by smartphone antivirus is false and user is aware of computer antivirus need.Harris Interactive Tablet users more likely to transfer sensitive data than smartphone usersSerendipity, sagacity5 SmartphonesA mobile phone is a man-portable electronic device used to make and receive telephone calls. The mobile phone was first revealed by Dr Martin Cooper from the keep company Motorola in 1973, it was not until ten years after Dr Coopers demonstration that Motorola botherd its flagship mobile phone the DynaTAC, this was the worlds first commercially viable mobile phone (Motorola, 2009).Originally these devices were commercially targeted at businesses and upper chassis individuals as the cost of the device was very high and the actual usage was severely restricted, due to the technology limitations at this time shelling weight was 2kg (Motorola, 2009) and the battery duration would last a maximum of 30 minutes thus makin g the device impractical and available only to businesses and professional consumers.According to Moores Law, the number of transistors on a chip roughly doubles every two years. (Intel, 2005)As Moore stated over thirty five years ago, due to the patterned advance of processors, battery technologies and overall reduced power consumption, mobile phones have become lighter, smaller, more powerful and longer lasting. Due to these fundamental technological advancements mobile phones have been able to incorporate additional existing technologies such as camera units, sensors, speakers and often take advantage of JAVA based applications and features, thus coining the term Feature phone. Feature phones are more advanced technologically than mobile phones.SmartphoneThe term smartphone is ambiguous and many experts fail to agree on a suitable definition. roughly smartphone features are not exclusive to a particular category, this project does not intend to make that definition, however for the scope of this project I have listed unite definitions and compared current smartphone features as listed in Figure 3 below.Most vendors type moreGartner, a world leading authority in information technology research define smartphones as A large-screen, voice-centric handheld device designed to offer complete phone functions while simultaneously functioning as a personal digital assistant.(Gartner, 2010)Feature phones can have several of the characteristics as listed below in figure 3, however smartphones have the capability of providing all the capabilities. As a result, any mobile device meeting all conditions of each function in figure 3 can be considered a smartphone under this definition.Figure Smartphone characteristicsFunctionCharacteristicPhone size braid is compact and easily transported.Operating SystemOperating system that allows third party applications.Connectivity whatchamacallit provides multiple methods (wired and wireless) of connecting to both the internet and other devices and networks.InputThe device contains keyboard, or touchscreen keyboard.Storage capacityThe device has a large and expandable storage facility. might functionalityThe device provides the ability to perform basic office tasks such as email, take notes and word processing.CalendarThe device includes a digital organiser and calendar. synchronizationThe device supports synchronisation of information with fixed desktop or laptop devices, or online web services.Phone FeaturesThe mobile device executes voice, text and multimedia subject functions.SensorsAcceloratormeter, light, sound and movement sensors.A model to measure the maturity of smartphone security at softwareUnder this definition of smartphones or Smart Mobile Device (SMD) the following mobile platforms were includedApple iOSBlackberryGoogle AndroidSymbianWindows MobileThese mobile platforms were reported to be the top 5 mobile platforms used in 2010Figure (?) Storage expansion cardsSmartphones currently reside in the top tier of mobile communication technology.Third party operating systemAs previously stated there are many smartphone platforms available, each platform and brand bringing different benefits and functionality. These platforms or operating systems create opportunities for both businesses and personal users. For businesses this increased functionality provides the facility for added employee productivity.These opportunities exist not just for business and personal users as the opportunity extends to the bad guys too, I will continue to beg off further in the document.Smartphone DefinitionA smartphone is defined as A cellular telephone with built-in applications and Internet access (PCMAG, 2010)describes a smartphone as a and describes it asI have interpreted these descriptions and define smartphones as not feature phones basically.All smartphones have generalised functionality, such as input devices (keys, touchscreen) I will go into greater detail regarding the operating feat uresBotha, et al (2009) point out that early generations of cell phones and PDAs had relatively little storage capability. Johnson (2009) indicates that todays generation of devices can be quickly and easily upgraded by adding additional storage cards.http//mobileopportunity.blogspot.com/2007/01/shape-of-smartphone-and-mobile-data.html5.1 AppleThe Apple Iphone was the original smartphone (), first released in June 2007.Popular, perceived security (apple store, scans for malware?)Simplistic designLimitations NO support for flash5.2 AndroidOpen source, will be biggest5.3 Blackberry (RIM)Security architecture built upon military specification, perceived most secure as email encryption (tunnelled) through CanadaBanned in UAE5.4 SymbianOwned by Finnish giant Nokiaopen sourcing the software opens up the availability of the spring Code to syllabusmers, who can then develop, modify and distribute as they see fit meaning a richer and hopefully what becomes a considerably improved OS very q uickly thanks to developer input. http//blog.mobiles.co.uk/mobile-news/symbian-os-goes-open-source/http//blog.mobiles.co.uk/wp-content/uploads/2010/02/symbian.jpgMost popular globally, acquired by Microsoft?5.5 Windows mobileNewest player, least perceived secure device6 Smartphone role within business environment6.1 Email7 Malware definedContinuously evolving, changing creativeVirologyMalware encompassesDefine Malware (Family)Malware, short formalicious software http//en.wikipedia.org/wiki/Malware Grimes (2001) defines malware as any software program designed to move from computer to computer and network to network to intentionally modify computer systems without the consent of the owner or operator. Etsebeth, V. (2007)Sensory malware soundminer, a stealthly Trojan with innocuous permissions that can sense the context of its audible surroundings to target and extract a very small amount of HIGH-VALUE DATA. translate example7.1 BadwareGive example7.2 CrimewareCollecting company se crets for profitCrimeware is malicious software that is covertly installed on computers. Most crimeware progams are in fact Trojans. There are many types of Trojans designed to do different things. For example, some are used to log every key you type (keyloggers), some capture screenshots when you are using banking websites, some download other malicious code, and others let a remote hacker access your system. What they each have in common is the ability to steal your occult information such as passwords and PINs and send it back to the criminal. Armed with this information, the cybercriminal is then able to steal your money. http//www.kaspersky.com/crimewareGive example7.3 GreywareAdwarespywareGive example7.4 jeopardywareGive example7.5 RootkitsiPad and smartphone rootkits demod by boffins http//www.theregister.co.uk/2010/02/23/smartphone_rootkits_demoed/Give example7.4 ScarewareGive example7.5 TrojanGive example7.6 VirusGive example8 Define Risk to business or individualMobile banking8.1 Define Legal implicationshttp//www.oucs.ox.ac.uk/its3/seminar-notes/2005-05-18-DataSecurityLaw.pdfComputer related crimeDishonestly obtaining electronic communication serviceSection one hundred twenty-five of the Communications Act 2003 creates an offence in relation to dishonestly obtaining use of an electronic communication service with intent to avoid payment of the charge applicable to that service. This offence reflects the continual advancement of technology, thus covering all the diverse types of services availableTheft of informationOxford v Moss (1979)Unauthorised use of a computer theft of servicesTheft Act 1968, s. 13 dishonestly uses without due authority, or dishonestly causes to be wasted or diverted, any electricityCriminal damage Intangible (Computer Misuse Act 1990, s.3) unauthorised modification to impair the operation,prevent or hinder access or reliability refutation of service The Caffrey problem Case law insiders Whitaker (1993) Lindesay (2000) v irus writers e.g. Pile (1995), Vallor (2003)8.2 ResponsibilityExamine who is responsibleDefine SolutionsEffects and results of infected device on company with each malware type9 SecuritySecurity doesnt exist in products and verbiage alone it requires a process, people, policies, education, and technologies working together. http//www.informationweek.com/news/showArticle.jhtml?articleID=65029979.1 ISO270029.2 COBIT 5Schedule to release in 2011, COBIT 5 will consolidate and integrate theCOBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draw significantly from the Business Model for Information Security (BMIS) and ITAF. http//www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspxSecurity updates?9.3 Smartphone security solutionshttp//www.networkworld.com/news/2011/020911-ibm-juniper-mobile-security.html10 ConclusionsMoores Lawhttp//venturebeat.com/2010/08/13/moore%E2%80%99s-law-hits-a-wall-trouble-for-mobile-growth/disqus_thread10.1 Summary10.2 Future workMobile wallets custome rs will be able to transfer funds from their bank account/paypal using their phones via text message (http//www.cs.virginia.edu/robins/Malware_Goes_Mobile.pdf)http//en.wikipedia.org/wiki/NirvanaPhone future smartphonesymbiant acquisitioned by Microsoft (biggest os for pcs) newest player to smartphone market.As Sensor-rich smartphones become more ubiquitous, sensory malware has the potential to breach the secrecy of individuals at mass scales. https//www.cs.indiana.edu/kapadia/papers/soundminer-ndss11.pdf11 GlossaryPC Personal computerPDA Personal digital assistantProsumer Professional + consumer = advanced consumer (Cisco, 2008)http//www.cisco.com/web/about/ac79/docs/wp/Prosumer_VS2_POV_0404_FINAL.pdf