Abstract
Smart devices like mobile phones, tablets, and laptops have become necessities in our lives due to the services they provide. However, in recent days, mobile applications have become a major threat for an attack. One of the most attractive features of smartphones is the availability of a large number of apps for users to download and install. However, it also means hackers can easily distribute malware to smartphones, launching various attacks. Each day, a mobile device attack is changing dynamically, and it is very difficult to represent a complete set of threats and vulnerabilities. Mobile phone security has become an important aspect of security issues in wireless multimedia communications. The development of mobile applications has increased drastically; hence, it is our responsibility to protect our devices and the data within them. Being aware is the first step to protect data. Thus, to prevent the mobile from the threats, efforts are required to form the application developer, app market administrator, and user to defend against the malware. This article explores those threats and vulnerabilities of mobile applications.
TopBackground
Based on the research, the chapter shows that the major attacks are phishing attacks, attacks based on the use of phone cameras, and a screenshot attack “capture me”. By this threat of the mobile application, the user credentials are stolen by an attacker. Several recent works have studied the issue of obtaining private information on smartphones using multimedia devices such as microphones and cameras if the camera is affected by malicious software. Moreover, most of the users have the impression that smartphones are just the phones installed with a variety of software and don't think of them as handheld computers that are more vulnerable to cyber-attacks. A recent survey reported that 267,259 malware-infected apps have been found, among which 254,158 reside on the Android platform (Daojing, 2015). It also suggested that the number of malware in apps has increased by 614% since 2012. The wide use of smart devices (phones and tablets) encourage the financial institution to consider mobile banking applications as a necessary service to their clients. This issue should be addressed by both preventive approaches and effective detection techniques. For preventing, the application developer should ensure this app by policies governing secure coding and privacy, which do not access any unnecessary information. Then the App market administrator should strictly verify every uploaded application and remove the suspicious app. Detecting techniques are based on signature-based or anomaly-based. In signature-based, the malware is identified by comparing the signatures with the known signature, and in anomaly-based, the normal behavior of the system is monitored and it checks for deviations from the normal behavior.
Key Terms in this Chapter
Spyware: An unwanted software that has the ability of stealing the sensitive data, without your knowledge.
Attacks: An offensive action that targets the system networks, infrastructures, or personal computer devices to steal sensitive information.
Trojan Horses: Refers to a type of malware that seems to be a legitimate application.
Vulnerability: Refers to a flaw in the computer system, which creates a way open to the attack.
Viruses: Malicious code that replicates itself to another program, file, or document, thereby changeing the process in the system.
Exploits: Refers to a piece of software that takes advantage of the vulnerability, thereby damaging the whole process of the system. It can occur in both the software and the hardware.
Malware: It is malicious software that can be in any file or a program.
Worms: Similar to viruses, but it replicates itself to spread to the other systems connected to the same network.
Threat: The uninterpreted event that causes a risk that leads to loss.
Encryption: Process of encoding the information in a different format that can be understood only to authorized persons.
Security: Refers to the activity of protection for the computer system in terms of usability and integrity. It includes both the hardware and the software.
Ransomware: A type of malware that can deny the accessibility of the system until the ransom is paid.
Obfuscation: Deliberate act of creating a machine or a source code that is not understandable for humans.
Authentication: Process of checking the identity of a person or a device.