International Journal of Information Technology & Computer Science ( IJITCS )
Smart Phones have been pervasively and ubiquitously penetrating and integrating into an organization’s Information and Communication Technology (ICT) environment at a speedy rate. However, sensitive data such as instant message conversations, emails, credit card numbers, passwords and corporate private data made its ways into these devices. Smart Phones thus have become attractive targets to hackers, crackers, scammers and others. This paper is a part of a comprehensive study of Smart Phones and IT security dilemma from the employees’ and their organizations’ perspective. The paper employs a survey method to investigate if employees who are using their smart phone devices in the organization’s IT environment are aware of security threats emerging from the use of mobile devices and the mobile security policies in place. Results revealed that nearly 42% of the sample (171 participants) studied confirm that their organizations allow personal mobile devices to be used inside the organization and more than 60% of respondents report that they have not used any mobile ant-virus and anti-theft products or software on their mobile devices, although the majority is aware of the security threats. Meanwhile, 18% of the respondents report little or nil awareness about the Smart Phones security. The findings of this study reveal that mobile devices are not only invading an organizations’ ICT environment, but their complex and heterogeneous nature is making the environment they operate in susceptible to breaches.
: ICT security, Smart Phones, Mobile Devices.
- Dearman, D. and Pierce, J. (2008). It’s on my other computer!: computing with multiple devices. CHI 2008, 767--776. ACM Press, New York.
- Coiera, E. (2000). When conversation is better than computation. J Am Med Inform Assoc 2000;7(3):277-286.
- Maly, F., Kozel, T., Slaby, A. (2008). Mobile approach, trends and technologies in modern information system. Proceedings of the 7th WSEAS International Conference on Applied Computer & Applied Computational Science (ACACOS'08). Hangzhou, China, April 6-8, 2008. ISSN 1790-5117. ISBN 978-960-6766-49-7.
- Schmidt, A.D., Schmidt, H.G., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, S. and Yildizli, C. (2009). Smartphone malware evolution revisited: Android next target? Proceedings of the 4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009), pp. 1-7.
- Eric, Y. and Mistutaka, I. (2010). Virtual smartphone over IP. IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM), pp. 1-6, Giugno 2010.
- Li, F., Yang, Y. and Wu, J. (2010). CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-based Mobile Networks. INFOCOM, 2010 Proceedings IEEE. 6 a. Robles, R.J. and Kim, T. (2011). Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones. Journal of Security Engineering (8).3.
- Allam, S. and Flowerday, S. (2010). An adaptation of the awareness boundary model towards smartphone security. Information Security South Africa (ISSA), 2011, pp. 1-8.
- 7 a. Ko, H. (2008) A New Data Filtering Method for Auto Vacc in Handheld Device. Journal of Security Engineering. 5(1).
7 b. Woodbridge J., Nahapetian A., Noshadi H., Kaiser W., Sarrafzadeh M. (2009). Wireless Health and the Smart Phone Conundrum. Proceeding of the 2nd Joint Workshop on High Confidence Medical Devices, Software, Systems and Medical Device Plug-and-Play Interoperability (HCMDSS/MDPnP 2009), San Francisco, CA, USA. From: http://www.cs.ucla.edu/~ani/publications/smartphoneconundrum.pdf
- Turner, H., White, T., Thompson, V., Zienkiewicz, K, Campbell, S. and Schmidt, D. (2009). Building Mobile Sensor Networks Using Smartphones and Web Services: Ramifications and Development Challenges. Handbook of Research on Mobility and Computing, Hershey, PA. From: HTTP://LSRG.CS.WUSTL.EDU/~SCHMIDT/PDF/NEW-WW-MOBILE-COMPUTING.PDF
- 8 a. Li, B. and Im, E.G. (2011). Smartphone, promising battlefield for hackers. Journal of Security Engineering 8(1). From HTTP://WWW.SERSC.ORG/JOURNALS/JSE/VOL8_NO1_2011/9.PDF
- Android dev phone 1. From: www.code.google.com/android/dev-devices.html
- Apple iPhone. From: www.apple.com/iphone
- Blackberry smart phones. From www.na.blackberry.com
- Ongtang, M., McLaughlin, S., Enck, W. and McDaniel, P. (2009). Semantically Rich Application-Centric Security in Android. ACSAC, pp.340-349, 2009 Annual Computer Security Applications Conference.
- Corner, M.D. and Noble, B.D. (2002). Zero-interaction authentication. In Proceedings of the 8th annual international conference on Mobile computing and networking, pages 1–11. ACM New York, NY, USA.
- Red herring mobiles scream for help: Uk-based mobile security company adds security to mobile phones, October 2006.
- Red Hat Enterprise Linux 4 User Guide. Available at: http://www.centos.org/docs/4/pdf/rhel-sg-en.pdf.
- FBI Computer Crime Survey (2005). From : http://mitnicksecurity.com/media/2005%20FBI%20Computer%20Crime%20Survey%20Report.pdf
- Oberheide, J., Veeraraghavan, K., Cooke, E., Flinn, J. and Jahanian, F. (2008). Virtualized in-cloud security services for mobile devices. In Proc. of MobiVirt ’08, pages 31–35, June 2008
- Nokia Corporation. Maemo sdk. From: http://maemo.org/
- Nullriver, Inc. iphone installer.app. (2008). From: http://www.iphone.nullriver.com
- Google Android - an open handset alliance project (2008). From: http://code.google.com/android
- Bickford, J., O'Hare, R., Baliga, A., Ganapathy, V. and Iftode, L. (2010) Rootkits on Smart Phones: Attacks, Implications and Opportunities. In Workshop on Mobile Computing Sys. and Appl. (HotMobile’10). ACM.
- Cai, L., Machiraju, S. and Chen, H. (2009) Defending against sensor-sniffing attacks on mobile phones. In MobiHeld ’09: Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds, pages 31–36, New York, NY, USA, 2009. ACM.
- P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. Mc-Daniel, and T. La Porta (2009). On cellular botnets: Measuring the impact of malicious devices on a cellular network core. In Proceedings of the 16th ACM conference on Computer and communications security, pp 223–234. ACM.
- Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D. and Teng, J. (2009). Stealthy video capturer: a new video-based spyware in 3g smartphones. In Proceedings of the second ACM conference on Wireless network security, pp 69–78, New York, NY, USA, 2009. ACM.
- Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A. and Wang, X. (2011). Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of the 18th Annual Network & Distributed System Security Symposium (NDSS '11), pp. 17–33.
- N. Hardy. (1988) The Confused Deputy. ACM Operating Systems Review, 22(4):36–38.
- BullGuard Mobile Security. From: http://www.bullguard.com/products/bullguard-mobile-security-10.aspx
- SMobile Security Shield. From: http://www.smobilesystems.com/
- Kaspersky Mobile Security. From: http://www.kaspersky.com/kaspersky_mobile_security
- ESET Mobile Security. From: http://www.eset.com/us/home/products/mobile-security/
- Lookout Premium. From: https://www.mylookout.com/premium/
- Norton Smartphone Security. From: http://us.norton.com/mobile-security/
- F-Secure Mobile Security. From: http://mobile.f-secure.com/
- BitDefender Mobile Security. From: http://m.bitdefender.com/
- NetQin Mobile Anti-virus. From: www.netqin.com/en/antivirus/
- SimWorks Anti-Virus. From: http://www.simworks.biz/sav/AntiVirus.php?id=home
- Portokalidis, G., Homburg, P., Anagnostakis, K. and Bos, H. (2010). Paranoid Android: Zero-day protection for smartphones using the cloud. In Annual Computer Security Applications Conference (ACSAC’10), Austin, TX, Dec. 2010.
- Becher, M., Freiling, F. and Leider, B. (2007) On the Effort to Create Smartphone Worms in Windows Mobile. Proceedings of the 2007 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY, 20-22 June 2007.
- Hamdi, M. (2010). Architecture and Insecurity Issues of a Handheld Device Journal of Security Engineering 7(6).
- Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., and Wallach, D. S. (2011). QUIRE: Lightweight Provenance for Smart Phone Operating Systems. USENIX Security.
- Ioannidis, S., Bellovin, S. M. and Smith, J. (2002). Suboperating systems: A new approach to application security. SIGOPS European Workshop.
- Becher M., Freiling C. F. Hoffmann, J. , Holz T. , Uellenbeck S., Wolf C. (2011) Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices
- M. Becher, “Security of smartphones at the dawn of their ubiquitousness,” Ph.D. dissertation, University of Mannheim, Oct. 2009.
- Booz Allen Hamilton (2011). Cybersecurity in the Age of Mobility:Building a Mobile Infrastructure that Promotes Productivity Retrieved April 7, 2012 from http://www.cyberhub.com/viewpoints/Resource/2?resourceID=Virtualization%20A%20Technique%20for%20Securing%20the%20Consumerized%20Organization.pdf
- 3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Security principles and objectives (Release 4),” 3rd Generation Partnership Project (3GPP), Tech. Rep., Mar. 2001.