Cyber Threat Analysis

Introduction

Currently, the popularity in use of smartphones have increased and surpassing the traditional personal computers in both market share, and product sales since they are more efficient, user-friendly, portable and easy to handle. It is estimated that more than three billion smartphone users exist and the number continue to rise. Application of these devices ranges from capturing pictures, making banking transactions to accessing social networking applications (Bates, 2014). Thus, these devices have turned to be a core tool that entails personal and sensitive data such as personal information, financial transaction, and business contacts not mentioning connectivity and information sharing. As a result, it has led to cyber-attacks and these attackers have increased significantly. Hundreds of mobile devices have been infected with millions of malware pieces, and each day thousands of malware programs are developed and detected whose ultimate purpose is to target mobile devices. Therefore, this report analyzes current landscape for mobile applications, there in-depth threats for chosen platforms, the descriptive and significance of mobile application threats and finally the recommendations meant to offer protective mechanisms for these threats. For students researching this field, Data Analysis Dissertation Help can provide crucial insights into understanding and mitigating these threats effectively.

Discussion

Current Threat Landscape for Mobile Application

Adoption of mobile device is a strategic for every industry, but then there exist inherent security threats that cannot be ignored. According to Bates (2014), several organizations have also adopted the policy of bring your own device (BYOD) that particularly addresses mobile application security key. In a recent study conducted by CA Technologies of Veracode, there have been identified that on average there exist two thousand four hundred unsafe mobile application that exist in users’ mobile devices. It is threatening, particularly if one considers that every application could serve as an entry point to hackers searching to access sensitive data.

The digital revolution has been one of the leading causes of increasing security threats in mobile applications. As of the year 2019, according to Herman (2019), there were estimated that over two hundred billion applications were downloaded by users and spent more than a hundred and twenty billion dollars in application stores across the globe. By measure of mobile landscape, it is becoming much bigger, more complex and busier and according to RIskIQ Incorporation, there was an increase of eighteen percent of more mobile applications across the globe in the year 2019 when compare to previous year; 2018, as identified in the diagram below. Following year, it is also estimated that consumers will surpass those marks as mobile usage takes up more and more of people’s daily lives of four hours on average and rising.

Fig: App Ecosystem is Growing from the year 2018 to 2019 (Herman, 2019)

Rogue mobile applications are appearing on official app stores such as Apple App and Google Play stores, and hackers have made a living by taking advantage of these myopia products that imitate well-known brands and are purposely developed to mislead mobile device users into downloading them argues Keromytis (2011). These imposter application have been identified to be an effective ploy since human brain notice and make immediate judgments regarding visual stimuli, and once that are downloaded, they possesses the capacity to trawl for sensitive information or upload malware to their mobile devices.

Specific Mobile Application Threats via VoIP

Currently, according to Rizvi and Dowland (n.d), there has also an increase in Voice over Internet Protocol (VoIP) and applications such as WhatsApp, Skype, Viber and several others have also faced an increase in threats and vulnerabilities hackers in attacking mobile device systems such as Android and Apple Operating systems. VoIP systems have faced remote eavesdropping of calls, which is a simple when PSTN telephone networks are applied leading to security breach and gathering of intelligence from competing businesses and blackmailing for financial gain.

Secondly, Coulibaly and Liu (2010) identifies that through these VoIP enable mobile apps, a threat of VoIP hopping is enabled that comprises of VLANS that previously were applied to protects VoIP environments, but now it is a threat whereby it can facilitate a personal computer to imitate an Internet Protocol phone providing hackers the inroad to access the VoIP framework.

Thirdly, according to Farley and Wang (2014) findings, VoIP phishing allows hackers spoof caller identification and present a deceptive phone identity, and individuals that receive calls from a visher may be tricked in believing they are communicating to a legitimate institution or another bank, leading them to share vital personal data such as credit card numbers.

Fourthly, hackers have developed application to be downloaded into mobile devices that function just like fishing works as emails, VoIP spam will appear more frequently as advert apps and they become more annoying, and it is vulnerability that can exploit mobile device users. Since VoIP identifications are made up of characters or numbers, Farley and Wang (2014) researches that they resemble email addresses, depicting that hackers have the capacity through them to reach users mobile devices when the internet is connected. Spam coders have the capacity to apply VoIP to load once voicemail boxes with junk messages or even keep the mobile phone ringing consistently, and curbing important calls and voicemails from reaching the recipients.

Another threat that is greatly increasing and has called for massive attention is the toll fraud. It was first highlighted by the Federal Bureau of Investigation (FBI) back in the year 2006 and was linked to VoIP networks, where two individuals were charged with reselling minutes to non-speculating clients to a tune of millions of dollars reports Coulibaly and Liu (2010). For a toll fraud to be successful, it allows a hacker to access VoIP network to make calls, increasing traffic and cost of VoIP, then the hacker get free calling, while another individual from another end get stark with bill. The toll fraud has become hard to eliminate specifically with VoIP networks with less call analysis or authentication put in place.

Bates (2014) studies that the emergence of new connectivity options such as Wi-Fi has exposed VoIP to malicious individuals. The lack of essential protection schemes of VoIP have rendered these Apps to more susceptible threats and vulnerabilities when used over Wi-Fi and the two when combined have developed a perfect storm of threats. These two platforms that are not secured do not need complex physical access to the network can be able to potentially attack from outside through the VoIP to access vital data and personal information from the users’ devices.

These mobile devices have operating systems from Android and Apple that lack the VoIP default security settings. In several occasions, Wang and Zhang (2011) identifies that users have purchased mobile devices; use them without keen attention to the feature set beyond the internal security mechanisms. In most cases, these security defaults setting are weak from most manufacturers. The relying on these devices by users that are not aware of these VoIP default settings have carried the load of simplicity by the hackers to take advantage of their ignorance to access personal information and financial frauds.

Lastly, there is lack of robust implementation in VoIP devices can lead to attacks by hackers that were prominent back in the year 2008. Farley and Wang (2014) depict that the unavailability of servers and tools in mobile devices of Apple and Android operating systems meant for user to protect their data thus they are incapable to monitor their implementation as well as protocols applied to implement services, has opened access points for hackers to send a message and make the framework crash, as well as execute code to obtain access to mobile devices and fish information from them.

Significance of Threats to Mobile Application

It was identified that vulnerabilities in the manner in which mobile application are applied on a native device using either Apple operating system or Android operating systems, not just in scan or dynamics but through malicious user tests of operations by hackers. On average, according to Moon, et al. (2012), a user connects to at least a hundred varying IP addresses in a day, and a lot of information is flowing into and out of these mobile devices that is unencrypted such as emails and messages. Among the VoIP applications such as WhatsApp voice and Video, Skype, and Viber have encounter vulnerabilities due to lack of binary protection or encryption schemes, or lack sufficient transport layer protection meant to encrypt network traffic as well as weak servers that leak vital information have caused issues for organizations and individuals that have severely, impacted or prevalently in form of data loss, sharing of private data or other fields ripe for exploitation by hackers.

Recommendations for Protection Mechanism for the Threat

The following are ways in which mobile devices that applies VoIP applications such as WhatsApp, Skype and Viber can be protected from vulnerabilities and hackers. The measures can be adopted by a leading host of VoIP provider meant to protect the user, and they include;

Encryption- this is a vital step meant to protect VoIP network against hackers, and a leading VoIP provider must develop a strong encryption mechanism for all the VoIP calls, but it is vital to note that it cannot protect against more complex attacks, but it can at least make personal information less useful to the hacker.

Authentication is another mechanism that VoIP frameworks uses and this is by use of usernames and passwords. However, these ‘two-way handshake’ have been identified to be ineffective and weak as they are easily cracked by hackers. Thus, a more sophisticated security authentication mechanism can be adopted and this is known as ‘Challenge Handshake Authentication Protocol’ or a ‘three-way handshake’ that applies three steps process to determine the legality of a specific user making a call via Internet Protocol. These three-way handshake curbs the hacker calling by either denying or granting access to the call base on whether the encrypted messages being exchanged from both ends are compatible. Therefore, a hosted VoIP provider such as WhatsApp will have these firm authentication methods in place.

Conclusion

Security within mobile devices in becoming a basic concern to people and to businesses, and protection of VoIP network against hackers must be taken up as a priority. Threats against mobile devices have increased together with the increase of applications in the Android and Apples Play stores in recent years as more people and businesses advances with digital revolution. As a result, VoIP provider such as Viber, Skype and Viber have fallen short of vulnerabilities due to insufficient transport later protection, insufficient binary protection, server version of information leakage, insufficient authentication. As a result, it has led to remote eavesdropping of communications, hopping of VoIP, phishing, spam, toll fraud, Skype susceptible to worms, and unsecure connectivity options such as Wi-Fi. However, these issues can be mitigated by adopting encryption mechanism as well as three-way handshake authentication mechanism that has to use three processes to determine the legality of the communication by either denying or grating access to the call.

Continue your exploration of Cryptographic Methods and Vulnerabilities with our related content.

References

Bates, R.J., 2014. Securing VoIP: keeping your voip network safe. Syngress Publishing.

Coulibaly, E. and Liu, L.H., 2010, April. Security of Voip networks. In 2010 2nd International Conference on Computer Engineering and Technology (Vol. 3, pp. V3-104). IEEE.

Farley, R. and Wang, X., 2014. Exploiting VoIP softphone vulnerabilities to disable host computers: Attacks and mitigation. International Journal of Critical Infrastructure Protection, 7(3), pp.141-154.

Herman J. (2019). 2019 Mobile App Threat Landscape Report. The Mobile Ecosystem Swell, but Google Leads a Decline In Malicious Apps. RISKIQ.Inc.

Keromytis, A.D., 2011. A comprehensive survey of voice over IP security research. IEEE Communications Surveys & Tutorials, 14(2), pp.514-537.

Moon, K., Moon, M.M. and Meshram, B.B., 2012, December. Securing VoIP networks via signaling protocol layer. In 2012 International Conference on Radar, Communication and Computing (ICRCC) (pp. 6-10). IEEE.

Rizvi, S.M.A. and Dowland, P.S., VoIP Security Threats and Vulnerabilities. Advances in Networks, Computing and Communications 4, p.114.

Wang, X. and Zhang, R., 2011. VoIP Security: Vulnerabilities, Exploits, and Defenses. In Advances in Computers (Vol. 81, pp. 1-49). Elsevier.