TABLE OF CONTENTS

APPROVAL SHEET…… I
ACKNOWLEDGEMENT………… II
ABSTRACT……. III
BACKGROUND………. IV
CHAPTER 1
1.1 INTRODUCTION
1.2 PROBLEM IDENTIFICATION
1.3 SIGNIFICANCE OF THE STUDY
1.4 DEFENITION OF TERMS
CHAPTER 2
REVIEW OF RELATED LITERATURE
CHAPTER 3
FORMULATION OF HYPOTHESIS
CHAPTER 4
EXPERIMENTATION AND ACTION
CHAPTER 5
CONCLUSION
CHAPTER 6
RECOMMENDATION
GLOSSARY… V
BIBLIOGRAPHY…… VI
APPENDICES…… VII
APPENDIX A
APPENDIX B
CURRICULUM VITAE
 ACKNOWLEDGEMENT
First and foremost, praises and thanksto the God, the almighty for his showers of blessing
throughout my research work to complete the research successfully.
I would like to express my deep and sincere gratitude to my research supervisor, Mrs. Erlinda
M. Galima, Principal Mrs. Maria P. Gagto, and all the staff of Santiago Catholic School, for
giving me the opportunity to do research and providing invaluable guidance throughout this
research. She has taught me the methodology to carry out the research and to present the research
works as clearly as possible. It was a great privilege and honor to work and study under her
guidance. I am extremely grateful for what she has offered me. I want to extend my deepest
gratitude to the students of Santiago Catholic School for cooperating in this research.
I am extremely grateful to my parents for their love, prayers, caring, and sacrifices for educating
and preparing me for my future. My specialthanks to my friends for their support.

II
 ABSTRACT
Nowadays, mobile devices are important part of our everyday lives since they enable us to access
a large variety of ubiquitous services. In the recent years, the availability of these ubiquitous and
mobile services has significantly increased due to the different form of connectivity provided by
mobile devices such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and
typologies of vulnerabilities exploiting these services and communication channels have
increased as well. Therefore, smartphones may now represent an ideal target for cyber-attacks.
This paper deals with various threats and also discusses the possible solutions to the mobile
device ensuring security.

III
BACKGROUND
Mobile security, or more specifically mobile device security, has become increasingly important
in mobile computing. Of particular concern is the security of personal and business information
now stored on smartphones.
People want to use any device of their choice, including devices not issued by and not controlled
by the organization. This extends to “transient” devices, e.g., the tablet in the hotel room, or
shared devices, e.g., the iPad in the living room
· People want to use same device for work and personal matters. In fact, the distinction
between work and pleasure is often blurred. Is DropBox personal? Don’t you use it to store some
corporate documents? Is Facebook personal? Really? Think again. What about email?
· Some people, e.g., contractors, work for multiple organizations, and want to use a single
mobile device
At the same time, most mobile devices were designed as “gadgets” not as “enterprise tools” and
focus on user experience, not security
· Mobile devices are lost and stolen in droves
· It will almost always be impossible to wipe a lost/stolen device because it is easy to disable
that function simply by disconnecting it from the network
· It has been repeatedly demonstrated that it is easy to extract information from mobile
devices, even if they are locked (including corporate passwords that have been stored on the
device), and even if they have been encrypted.
· It is often possible to hijack information “in the air”, when the device is using unsecured or
even secure wi-fi networks. Recently researchers have shown that even cellular communication
(yes, 3G) can be hijacked using femtocells.

IV
CHAPTERS
CHAPTER 1
INTRODUCTION
Mobile devices is an increasing industry. The challenge has started when mobile devices
replaced regular computers and laptops to do multi-tasking, social communicating and business
management through these tiny devices. Security have always been an issue with computers,
laptops or desktops. With the increasing number of mobile devices communication around the
clock, cyber attackers have drawn their eye and targets on mobile devices. With such many
vulnerabilities and risks. Users should be educated on mobile security; what is it? Also they
should be warned about the risks and threats that could affect it. How mobile security could be
increased or enhanced to prevent such attacks.

1
 PROBLEM IDENTIFICATION
Mobile Devices face an array of threats that take advantage of numerous vulnerabilities
commonly found in such devices. Mobile technology usage is growing just as the number of
threats facing mobile data is growing. Mobile computing in the role of IT and the way we do
business. Unfortunately, the growing use of mobile technology is occurring in parallel with an
increasing velocity of privacy and mobile security issues.
Mobile devices often do not have passwords enabled. Mobile devices often lack passwords to
authenticate users and control access to data stored on the devices.
Two-factor authentication is not always used when conducting sensitive transactions on mobile
devices.
Wireless transmissions are not always encrypted. Information such as e-mails sent by a mobile
device is usually not encrypted while in transit.
Mobile devices may contain malware. Consumers may download applications that contain
malware.
Mobile devices often do not use security software. Many mobile devices do not come
preinstalled with security software to protect against malicious applications, spyware, and
malware-based attacks.
Operating systems may be out-of-date. Security patches or fixes for mobile devices' operating
systems are not always installed on mobile devices in a timely manner.
Software on mobile devices may be out-of-date. Security patches for third-party applications are
not always developed and released in a timely manner.
Mobile devices often do not limit Internet connections. Many mobile devices do not have
firewalls to limit connections.
Connecting to an unsecured WiFi network could let an attacker access personal information from
a device, putting users at risk for data and identity.

2
 SIGNIFICANCE OF THE STUDY

The results of the study would benefit the following:

STUDENTS. The results will provide the students some knowledge on mobile device security
risks and threats and how to avoid some of this threats. At the end of this research student's
would finally know why threats have been a major problem to mobile devices.

COMPANIES. It can help the companies reputation. A security breach can confidence on a
brand, causing consumers or clients to flee in droves. So with this research it would provide
security practices to avoid threats and attacks.

3
DEFENITION OF TERMS
Malware
Software is designed to engage in malicious behavior on
a device. Malware can also be used to steal personal
information from a mobile device that could result in
theft or financial fraud.

Spyware
Designed to collect or use data without a user’s
knowledge or approval. Data commonly targeted by
spyware includes phone call history, text messages,
location, browser history, contact list, email, and camera
pictures.

PDF
reader, or image viewer.
Network-Based Threats
Mobile devices typically support cellular networks as well as
local wireless networks. There are a number of threats that can
affect these networks:

Network Exploits
Takes advantage of software flaws in the mobile
operating system or other software that operates on local
(e.g., Bluetooth, WI-Fi) or cellular (e.g., SMS, MMS)
networks.

Wi-Fi Sniffing
Compromise data being sent to or from a device by
taking advantage of the fact that many applications and
web pages do not use proper security measures, sending
their data in the clear (not encrypted) so that it may be
easily intercepted by anyone listening across an
unsecured local wireless network.

Mobile Network Services

Cellular services like SMS, MMS and voice calls can be
used as attack vectors for mobile devices. The cellular
services provide opportunities for phishing attacks.
Phishing is an attack strategy in which the attacker gains sensitive information from the user by
presenting itself as a trustworthy entity.
4
Mobile Security
Mobile security is the protection of portable devices such as, smartphones, tablets or laptops. In
this context the focus will be on smart phones, which are the widely owned compared to
the other two.
 5
CHAPTER II
Review of related literature
Mobile threats
Mobile threat is defined as any malware that targets smart
phones and PDA. Various security threats that can affect
mobile devices are categorized as follows in Figure 1.

Fig.1 : Various Mobile Threats

Application-based threats
Web-based threats
Network-based threats
Physical threats
Application Based Threats
Downloadable applications introduces many security threats
on mobile devices, including both software specifically
designed to be malicious as well as software that can be
exploited for malicious purposes.
Malware
Software is designed to engage in malicious behavior on
a device. Malware can also be used to steal personal
information from a mobile device that could result in
theft or financial fraud.
Spyware
Designed to collect or use data without a user’s
knowledge or approval. Data commonly targeted by
spyware includes phone call history, text messages,
location, browser history, contact list, email, and camera
pictures.
Privacy threats
Caused by the applications that is not necessarily
malicious, but gathers or uses more sensitive information
than is necessary to perform their function or than a user
is comfortable with.
Vulnerable applications
Contain software vulnerabilities that can be exploited for
malicious purposes. Such vulnerabilities can often allow
an attacker to access sensitive information, perform
undesirable actions, stop a service from functioning
correctly, and automatically download additional
applications.
Web-based Threats
Since mobile devices are often connected to the Internet and
used to access web-based services, web-based threats pose
issues for mobile devices.
6
Phishing Scams
Use web pages or other user interfaces designed to trick a
user into providing information such as account login
information to a malicious for the user.
Party Posing as a Legitimate service
Attackers often use email, text messages, Face book, and
Twitter to send links to phishing sites.
Drive by Downloads
Automatically begins downloading an application when a
user visits a web page.
Browser Exploits
Browser Exploits are designed to take advantage of
vulnerabilities in a web browser or software that can be
launched via a web browser such as a Flash player, PDF
reader, or image viewer.
Network-Based Threats
Mobile devices typically support cellular networks as well as
local wireless networks. There are a number of threats that can
affect these networks:
Network Exploits
Takes advantage of software flaws in the mobile
operating system or other software that operates on local
(e.g., Bluetooth, WI-Fi) or cellular (e.g., SMS, MMS)
networks.
Wi-Fi Sniffing
Compromise data being sent to or from a device by
taking advantage of the fact that many applications and
web pages do not use proper security measures, sending
their data in the clear (not encrypted) so that it may be
easily intercepted by anyone listening across an
unsecured local wireless network.
Mobile Network Services
Cellular services like SMS, MMS and voice calls can be
used as attack vectors for mobile devices. The cellular
services provide opportunities for phishing attacks.
Phishing is an attack strategy in which the attacker gains
sensitive information from the user by presenting itself as
a trustworthy entity. Two basic phishing attacks over
mobile networks exist: Smishing and Vishing. Smishing
attacks are executed using SMS messages. Vishing
attacks are carried out using voice calls. Figure 2
represents the diverse usage of applications in mobile
devices and their security level.
Fig.2 Mobile Device Applications and their
7
security level
Physical Threats
Since mobile devices are portable and designed for use
throughout the daily lives, their physical security is an
important consideration.
Lost or Stolen Devices
The mobile device is valuable not only because the
hardware itself can be re-sold on the black market, but
more importantly because of the sensitive personal and
organization information it may contain. [4].
Computing Resources
The increase in computing resources is setting the
contemporary mobile devices into focus for malicious
attacks with aim to covertly exploit the raw computing
power in combination with broadband network access.
Internet Access
Mobile devices can access the Internet using Wi-Fi
networks or 3G/4G services provided by mobile network
operators. Although such high speed Internet connections
ensure comfortable browsing, they also expose the
mobile devices to the same threats as PCs. Since mobile
devices are usually constantly switched on, they can
maintain a continuous connection to the Internet.
However, prolonged connection to the Internet also
increases the chances of a successful malicious attack.
Bluetooth
Bluetooth attacks are a method used for device-to device
malware spreading. Once the two devices are in range,
the compromised device pairs with its target by using
default Bluetooth passwords. When the connection is
established, the compromised device sends malicious
content.(1)

Security is only as good as the awareness of threat(s) and the implementation of countermeasures
to protect against them. Thus may seem like a ‘caption obvious’ statement but the hackers rely
on the covertness of their attacks, the vulnerabilities and system limitations of their targets and
the poor or lack implementation of security, to deliver their ‘infections’ to a computing device
and system near you. In a continual game of cat and mouse, hackers deploy ‘cyber-weapons’ and
the security industry has to detect and respond with effecyive countermeasures. As it is, detection
and response is the key to effective security but professionals have a limited range of
‘guardianship’. Even with the efforts of the security, industry devices, mitigation is only
effective as the publics’ willingness to implement it. In the CSO article five new threats to your
mobile devices security, conrributing writer, stacy collected(2)
8
Mobile device security has become more critical as business begun to rely on the devices for
everyday processes. Nonetheless, the security for these devices has been established as non
existent. On average, only 10% of the approximately 86 million devices in use today are secured.
Android security has been a topic of discussion as android devices have risen drastically in the
last few years. Device activation have risen 25.0% and app downloads from google play market
have topped 11 billion and counting.
Mobile device security is an increasing topic of concern for enterprise networks. (3)

Critically a lot of malware, viruses and trojans have been developed which are based on
smartphones APIs and most of them looo like safe software; some reliable applications collect
user’s info such as geolocation without the user’s knowledge.

Vulnerabilities

Smartphones have many vulnerabilities that can lead to insecurity or be victimuzed by malicious
attackers to create the attacks(4)

SearchMobileComputing
PROBLEM SOLVE
Challenges of mobile security
A look at some of the problems and solutions of mobile security.
Chris Bennett
A host of issues exist concerning mobile security; from physical security to encryption, to the
still-developing realm of wireless viruses, there are any number of obstacles to secure wireless
usage. In this article from InformIT, Chris Bennett examines each of these issues and a few of
the solutions available.
Mobile applications share most of the security issues of traditional networked applications.
These include authentication of devices and users, hiding information from prying eyes using
encryption, viruses, and access control. However, the mobile world adds some unique issues to
the already complex security arena. Mobile devices are easily misplaced or stolen, so physical
security is important. Information that is usually confined behind a corporate firewall is now
winging its way through the air, possibly spending some time on hosted servers or wireless
gateways. If your solution uses a wireless LAN (WLAN) for connectivity, there are a host of
WLAN-specific security issues that are currently making consultants a lot of money. Although in
its infancy, the hacking of mobile devices (even cell phones!) has begun.
Losing a laptop or hand-held can have a huge impact, not just on an individual, but also on their
organization. Confidential data is rarely secured beyond simple user password protection, and
there are commonly available tools to defeat this protection. Perhaps the most obvious way to
deal with this is a physical lock. Already common in the laptop world, cable locks such as the
Kensington products can protect hand-helds as well. Another important step is to track devices
and tag them to allow easier recovery in the event of loss or theft. In an estimate for 2001, the
Gartner Group stated that 250,000 cell phones and hand-helds would be lost in airports alone,
and that less than 30 percent would be recovered.
9

Most operating systems support login passwords (although in earlier versions of Windows, they
do not necessarily protect your files from prying eyes). Palm offers password protection on its
PDAs that (on some versions of its operating system) can be bypassed by anyone who has
physical access to the device. Some security experts have stated that the Palm OS is not
inherently secure, and highly sensitive information should not be stored on these devices.
However, products are available that improve Palm security.(5)

When individuals first got their mobile device, they probably felt a little overwhelmed by their
pocket computer. Each app opened up a whole new world of possibilities.

Over time, however, people have got accustomed to its sophistication and learnt about many of
the things it could do.

Besides calling and texting, the mobile offers the ability to watch videos, play games, take
pictures, record memos, do price comparisons, and use GPS to find any address in any city.

Still, one thing that may never have been thought deeply about was security issues.

>See also: The mobile threat landscape

A mobile phone, like any other computing device, is a fragile piece of technology and it needs
two types of protection—physical and cyber security protection(6)

Mobile security, or more specifically mobile device security, has become increasingly important
in mobile computing. Of particular concern is the security of personal and business information
now stored on smartphones.

More and more users and businesses use smartphones to communicate, but also to plan and
organize their users' work and also private life. Within companies, these technologies are causing
profound changes in the organization of information systems and therefore they have become the
source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive
information to which access must be controlled to protect the privacy of the user and the
intellectual property of the company.(7)

Like viruses and spyware that can infect your PC, there are a variety of security threats that can
affect mobile devices. We divide these mobile threats into several categories: application-based
threats, web-based threats, network-based threats and physical threats.(8)

Mobile security is the protection of smartphones, tablets, laptops and other portable computing
devices, and the networks they connect to, from threats and vulnerabilities associated with
wireless computing. Mobile security is also known as wireless security.(9)

10
Mobile device security is the full protection of data on portable devices and the network
connected to the devices. Common portable devices within a network include smartphones,
tablets, and personal computers.

Nowadays, over 50 percent of business PCs are mobile, and the increase in Internet of Things
(IoT) devices poses new challenges to network security. Consequently, IT must adapt its
approach to security. A network security plan must account for all of the different locations and
uses that employees demand of the company network, but you can take some simple steps to
improve your mobile device security.(10)

Data Theft Threats

Regardless of the method used to compromise or gain access to a mobile device, the hacker or
cybercriminal typically has specific goals in mind, many of which pertain to data theft. Often,
these hackers go after a target of opportunity rather than instigating a targeted attack on a
specific company. In such a case they will look for personally identifiable information (PII),
which is information that can be used to identify, contact, or locate a single person, or to identify
an individual in context, with any business-related data considered a bonus. Typically, the areas
of interest for cybercriminals are:

• Credentials for personal or business accounts

• Credentials for business or personal information

• Credentials for remote access software for business networks

• Access to data and phone services

With the huge proliferation of mobile devices that support 3G and broadband wireless data over
the last few years, there has been an increase in mobile-specific attacks designed to steal data.
The most common threats are as follows:

• Sniffing (also called snooping)—The most obvious vulnerability of any radio-based

communication is that signals can be easily intercepted through a process called sniffing or
snooping. No physical access to the medium is needed. Fortunately, this is easily circumvented
with encryption. Although not all encryption methods are created equal, even so-called “weak”
encryption is better than nothing. Yes, some methods of encryption can be cracked. But the
reality is, most sniffing and snooping hacks are simply targets of opportunity. As such, having at
least basic security will prevent most of these attacks. Basic or weak encryption will not stop a
determined and talented hacker from breaching a specific target, but any company likely to be
targeted would be expected to have robust data protection. For the vast majority, simple steps go
a long way.

ImageNOTE
11
Data theft can occur without depriving the owner of access. Any data or information that can be
seen can be replicated and used elsewhere.

• Malicious applications (malware)—While malicious applications, or malware, have existed for

many years, the 10,000-fold increase in the number of applications now available on smart
devices (as compared to software downloaded on PCs) has opened many more attack vectors.
These applications range from malware that can be auto-installed on phones to spyware that can
copy e-mails, texts, and contacts. There is also a significant privacy issue due to the ability to
track the location of a mobile device, not to mention the significant amount of PII that these
devices contain. This can result in some new, formerly unheard-of implications. For example, a
malicious application capable of logging Global Positioning System (GPS) locations and text
messages on the phone of an executive—who, say, schedules a hotel rendezvous with a person
who is not his or her spouse or performs some other potentially damaging deed—could be used
to blackmail that executive for insider information or access. It may sound far-fetched, but this
sort of thing actually happens, and is the reason strict restrictions on downloading apps must be
put in place.

• Browser exploits—Specifically targeting mobile users, these exploits take advantage of

vulnerabilities on mobile Web browsers. This a big consideration for bring your own device
(BYOD) environments because unlike company-owned assets, on which updates can be
mandated and managed, personal devices can and often are several updates behind. That means
that simply by visiting an unsafe Web page, a user can trigger a browser exploit that installs
malware or performs other actions on his or her device. This is another reason that mobile device
management (MDM) is a critical tool in a BYOD environment.
• Wireless phishing—Phishing involves sending fake e-mails or Short Message Service (SMS)
messages to a target in an attempt to get the victim to click a link that will take him or her to a
fraudulent Web site. Once there, the user will be prompted to enter account credentials or other
confidential information, which can then be used by the cyberthief to access the real account.
Phishing is exacerbated by smart devices with small viewing screens, which can make it difficult
to notice some of the telltale signs of phishing. Hackers can also take advantage of users who
connect to rogue access points (and variants called evil twins).

• Lost or stolen devices—This is obvious and low tech, yet it remains one of the most common
threats for mobile devices. Not only do lost or stolen devices result in data loss, they also can
result in unauthorized system access. When a device is lost or stolen, the data on it is also lost. In
addition, the device is compromised, especially if it has remote access software configured for
access to the corporate network. Often, these secure virtual private network (VPN) connections
are set up to auto-connect for convenience using weak passwords. Passcodes can prevent some
issues—at least with the casually curious person who finds or takes a device—but once in the
hands of a skilled hacker, these passcodes are easily circumvented. Timely notification and
blocking or wiping the device are the best options if it is lost or stolen.

Device Control Threats

12
In addition to obtaining data resident on a device, a hacker often aims to control the device itself.
With control of the device, the hacker not only has ongoing access to data, but can also use the
device to launch other attacks or leverage the permissions on the device to gain access to higher-
valued targets such as internal servers. This occurs through a process called lily padding, in
which the hacker “hops” from one device to another, with each hop getting the hacker closer to
the target. Examples of device control threats include the following:

• Unauthorized and modified clients—Users sometimes create vulnerabilities when they try to
circumvent policies or device configurations. This can open back doors and other vulnerabilities.
Examples of this include user hacks found on the Internet to alter a smart device (referred to as
jailbreaking) and opening a smartphone hotspot (without security). This is a problem because the
corporate network views these devices as authorized clients, which may be used by hackers to
access systems or data. Again, this is a new issue brought about by BYOD, where some people
see no issue with using their device however they see fit.

ImageNOTE

Jailbreaking modifies Apple’s iOS to allow unsigned code to run on Apple devices such as
iPhones and iPads. This allows the user to download and install third-party applications from
sources other than Apple’s App Store. Rooting is a similar process, but it only applies to Android
devices. Rooting grants the user access to the root account of Linux.
• Ad hoc connections and software-based access points—Ad hoc networks have been possible
for many years, but setting one up formerly required a high level of technical skill. With new
smart devices, however, it’s quite easy to make these connections, which are easily exploited.

• Endpoint attacks—Several tools now exist that can attack wireless clients directly. An
automated tool called Metasploit, for example, can be used to probe Wi-Fi clients for thousands
of known vulnerabilities. Once exposed and exploited, the Wi-Fi client can be controlled and/or
monitored.

• Bluetooth Wi-Fi hacks—Traditionally, vulnerabilities in Bluetooth protocols have enabled

hackers to gain access to and control of mobile devices. This is no longer as easy as it used to be,
however, because Bluetooth is now switched off and set to non-discovery mode by default. If a
user changes this setting, however, hackers can easily take control of a Bluetooth-enabled mobile
device—a real concern for BYOD.

• Near field communication (NFC) and proximity hacking—One technology that allows an ad
hoc wireless connection between two devices that are within a few feet of each other is near field
communication (NFC). Unlike Bluetooth, the pairing process is automatic. Already used
extensively for social media and to exchange contact information, the future of NCF includes the
ability to auto-pay via credit card at point-of-sale (PoS) terminals and will likely become a prime
target for hackers.

13
System Access Threats

As noted, hackers are often interested in deeper access into a network. For them, device control
is simply a means to an end. However, there are cases in which hackers are more interested in
breaking the network or disrupting network access for political or financial gain or in some cases
to exact revenge for a real or perceived insult or injury. Examples of these types of system access
threats include the following:

• Denial of service (DoS) attacks—As discussed, wireless local area networks (WLANs) and
mobile networks are vulnerable to both network-based DoS attacks and those created specifically
to attack the inherent weaknesses of radio-based systems. In the case of Wi-Fi, using the less-
crowded 5 GHz band reduces the chance of an accidental DoS but does not help with targeted
attacks. Modulation techniques that spread communication over multiple frequencies and
channels help a great deal, but there are also sophisticated jamming techniques that hackers can
bring to bear.

• Evil twin access points—An access point (AP) can easily be set to the same network name
(SSID) as a legitimate WLAN or hotspot, fooling unsuspecting users into connecting. This is not
a new problem, but there are new hacker tools that can listen to clients to see what SSIDs they
are looking for and then configure themselves to look like one of those networks. The client will
then connect without the user having done a thing. Once connected, the client is subject to a full
host of network attacks.

• Rogue access points—Unauthorized or rogue access points have been a problem for as long as
Wi-Fi has been commercially available. Today, the appearance of rogue APs is usually due to
poor site planning, which results in wireless dead zones. Out of frustration, an employee may set
up a rogue access point to gain access to the network. But if a hacker gains entry to a building, he
or she can easily set one up as well. Unless regular site survey sweeps are conducted, rogue APs
may go unnoticed by IT for some time, resulting in a lingering vulnerability.(11)

Mobile devices such as iPhones, iPads, and those running the Android operating system have
sophisticated Wi-Fi capabilities, allowing them to connect to public and private networks for
Internet access. Device users can connect to networks at public places, such as coffee shops,
airports, and hotels, and to private networks, including corporate and home networks.
Smartphones today have access to the wireless carrier’s data network, enabling them to send and
receive data such as e-mails and text messages. Wireless carriers have built elaborate networks to
handle the load of millions of smartphone users. In many cases, these are 3G (or third-
generation) networks, and some carriers have even built more sophisticated 4G or LTE (Long
Term Evolution) networks. 4G or LTE networks have greater capacity and bandwidth than the
older third-generation networks.
In many cases, however, such networks have inadequate strength, causing devices to either lose
network coverage or experience slow network access. Most people have experienced network
outages of this sort, especially in crowded cities or downtown locations where many devices
compete with one another for access to the carrier’s network.
14
Enter Wi-Fi technology, which is designed to connect computers or other devices within short
distances without needing cables. Wi-Fi allows the connection of multiple devices into a single
network, all of which can then browse the web, send e-mail, and connect to the Internet. In your
organization, you can create a corporate Wi-Fi network to which employees connect their
various devices, including laptop computers, smartphones, and tablets.

Wi-Fi networks provide a sigh of relief to smartphone users in counteracting the unpredictability
of carrier networks. Wi-Fi networks provide Internet access in various locations, such as hotels,
airports, and coffee shops. Users at these locations can get off their 3G networks and connect to a
typically more stable, and often faster, Wi-Fi network. Many Wi-Fi networks are public or
insecure, meaning that any device or user can connect to them. Insecure networks come with
some risk, exposing users to the possibility that their data (such as e-mail or web pages) could be
read by other people who are connected to the same network.(12)
Having considered the threats in a number of other contexts, this chapter stresses that the true
value of mobile devices often comes from the data that they hold or that can be accessed through
them. This leads to the need for measures such as encryption and back-up, which organisations
should consider in order to properly safeguard against the threats.
Although the device has a financial value, it is ultimately replaceable. Meanwhile, the data may
not be, and having it fall into the wrong hands may be far more costly than the loss of the device.
And with even pocket-sized devices having the capacity to store gigabytes of content, that’s
ample space to store a wealth of commercially sensitive and proprietary material that could be
exposed if the device was lost.

Before considering the protection that we can provide, it is worth asking a more fundamental
question: does the data need to travel in the first place? If it’s personal data, then this is clearly a
question for the individual. If it’s business data, then the organisation has the opportunity to set
the agenda via policy and technical controls to regulate what staff are permitted to copy onto
mobile devices. However, a potential complication from an employer’s perspective is the lack of
control that they may have over the use of mobile technologies, especially given that the data and
the device may have different owners. Specifically, unless controls prevent otherwise, we can
find personal data populating corporate devices, and corporate data slipping onto personal
devices. From the end-user perspective this makes clear sense, as it enables them to simply view
the device as a personal tool, without worrying too much about the distinctions between their
business and private lives. However, the consequence is that work-related artefacts come to exist
on personal devices (e.g. in the form of tasks, schedules, contacts and files) and vice versa, and
from the employer perspective both scenarios may have undesirable implications that need to be
understood.(13)

Application-level threats appear to be the most widely discussed threats in the literature (Faruki
et al., 2015). As mobile devices can execute downloadable applications (apps), it is clear that
apps can be a target vector to breach the security of the device and the system it connects to (e.g.,
a corporate network). The threats can be due to malicious applications (malware), particularly
those downloaded from a third-party app store, as well as vulnerable apps.
15
Malware can, for instance, inject code into the mobile device in order to send unsolicited
messages; allow an adversary the ability to remotely control the device; or exfiltrate user data,
such as contact lists, email, and photos, without the user's knowledge or permission. For
example, in a recent work, mobile security researchers demonstrated that it is possible to
exfiltrate data from Android devices using inaudible sound waves (Do et al., 2015). As D'Orazio
and Choo (2015, 2016) aptly explained, in the rush to reduce the time-to-market, applications are
usually designed with functionality rather than security in mind. Hence it is not surprising that
there are a large number of applications that contain security loopholes that can be exploited by
an attacker. In another recent work, Chen et al. (2016) discussed how a botnet master issues
commands, via multiple message push services, to remotely control mobile devices infected by
malware. While vulnerable apps may not be developed with a malicious intent, they can result in
significant security and privacy risks to the users. For example, D'Orazio and Choo (2015)
revealed previous vulnerabilities in a widely used Australian government health care app that
consequently exposed the users' sensitive personal data stored on the device. Other examples
include the work of Zhao et al. (2016) and Farnden et al. (2015). Zhao et al. (2016) demonstrated
how the geographic coordinates of a location-based social network app user can be obtained via
probing attack, which resulted in location privacy leakage. Farnden et al. (2015) demonstrated
that using forensic techniques, a wide range of data can be recovered from the devices of nine
popular proximity-based dating app users, including the details of users who had been discovered
nearby.(14)

We, as mobile device users, think that we are not capable of getting infected by any kind of
viruses on our mobile devices. But, the truth is, we are vulnerable to all kinds of threats. Anyone
who has any kind of mobile device are at risk of getting a virus if you are not careful or do not
protect yourself. Some of the most common notable mobile viruses, Trojans, and worms are:
Skulls: This Trojan virus replaces all phone desktop icons with images of a skull and the device
becomes useless.
ZitMo: The ZitMo malware targets users' online banking information. Once this malware is
installed, the bad software will forward all incoming SMS messages to a command and control
center. Once this data has been shared with the hackers, they will use that data to attack your
banking accounts.
DroidKungFu: This is a powerful Trojan for Android applications that obtains manager/master
privileges on your device. This virus collects and sends the data to a remote server.
Zeus: Another Trojan horse that steals banking information. This malware is executed by a
process known as man-in-the-browser keystroke logging. Zeus is spread mainly through drive-by
downloads and phishing schemes.
CommWarrior: This is one of the first worms that uses Multimedia Messaging Service (MMS) in
order to spread to other devices.
SpyEye: This injects new fields into a web page. This technique is called HTML injection. It
results in a request for data from users trying to use their banking websites. This malware can
include login prompts and password requests. Once hackers have this data, they can access your
bank accounts.
Ikee: This particular malware only works on phones that are jailbroken. This book discusses the
risk with jailbreaking and this is one of the big ones.
16
Gingermaster: This malware was created for the Android platform. This particular malware
spreads by installing an application that contains a hidden set of code that runs in the background
on the device. This virus exploits a specific release of the Android software, Gingerbread 2.3.
The result is that the malware creates a service that steals information from the targeted
device.(15)
 17

CHAPTER III
Formulation of hypothesis
Hypothesis 1: The mobile users receives different point of satisfaction based on their confidence
and security knowledge about mobile devices.
Hypothesis 2: Lack of knowledge may cause mobile device become more vulnerable to attacks.
Hypothesis 3: Out of date devices may become one of the primary targets for attacks.

18
CHAPTER IV
METHODOLOGY
I designed a questionnaire mainly for the Junior High School students of Santiago Catholic
School. I used systematic sampling for getting my samples. I gathered all the students with the
odd numbers. I started floating samples in March 13 and by March 15 I already got the
questionnaires. I tallied the data and got all the results. I differentiate it from the survey that the
others got and see what could be something that is different from mine to them. I also searched a
lot of survey to base from. I put my data gathered in the next chapter.
each class from St. James, St. Paul, St. Mark and St. Mary Magdalene for a total of 100 students.

19
CHAPTER V
Analysis, Presentation and Interpretation

1.Do/did you have a mobile device?

Series 2
Series 1

2.Is your phone’s operating system up to date?

Series 2
Series 1
 20

If yes, what do you think are the threats to out of date operating systems?

Series 2
Series 1

If no why are you not checking it?

 Series 2
Series 1

21

3.Is your phone’s software up to date?

 Series 2
Series 1

If yes, what do you think are the threats to out of date softwares?

Series 2
Series 1

22
If no, why are you not checking it?

Series 2
Series 1

4. Is your mobile device connected to a public Wi-Fi?

Series 2
Series 1
 23
If yes, what do you think are the threats when you are connected to a public Wi-Fi?

Series 2
Series 1

If no, why are you not connected to any public Wi-Fi?

 Series 2
Series 1

24
5. What do you think are the possible ways to prevent this threats and security risks?
Series 2
Series 1
 25
CHAPTER VI
Conclusion
 26

CHAPTER VII
Recommendations

Security is such an important part of our devices. So I am recommending solution to this threats
and security risks.

First of all updating our operating system. Android Pie is the latest operating system for the
android and for ios, 12.1.4 is the latest version. By updating it security pathces will also be
updated, up to date operating systems offer a great security than the older ones.

Next update your phones software. Security pathces is also included in our phone’s software, so
updating it would offer a great security for our phone.

Avoid connecting to unsecured public Wi-Fi. Connecting to it would give your phone’s
information and also your personal information vulnerable to hackers so avoid it.

Install anti virus and anti malware applications for your phone. Like TotalAv, Norton and Avira,
by installing these anti viruse your phone would be protected from malwares and viruses.
 27
BIBLIOGRAPHY
https://www.researchgate.net/publication/258652689_Mobile_Device_Security_A_Survey_on_
Mobile_Device_Threats_Vulnerabilities_and_their_Defensive_Mechanism(1)
https://www.academia.edu(2)
https://pdfs.semanticscholar.orgloado13ae6fedc5EOc123f507700013f22c.pdf(3)
https://www.inflibnet.ac.in/bitstream/08_chapter2.pdf(4)
https://www.pcworld.com/article/2010278/10-common-mobile-security-problems-to-
attack.amp.html#referrer=https%3A%2F%2Fwww.google.com&amp_tf=From%20%251%24s
(5)

https://searchmobilecomputing.techtarget.com/tip/Challenges-of-mobile-security(6)

https://www.information-age.com/security-vulnerabilities-mobile-devices-123464616/(7)

https://en.m.wikipedia.org/wiki/Mobile_security(8)

https://www.lookout.com/know-your-mobile/what-is-a-mobile-threat(9)

https://whatis.techtarget.com/definition/mobile-security(10)

Wireless and Mobile device security by Jones and Bartlett learning, 2015(11)

Mobile device security for dummies by Ashwin Krishnan; Rich Campagna; Subbu Iyer; Mark
Bauhaus
 Published by For Dummies, 2011(12)
Mobile security:a pocket guide
by Steven Furnell
Publisher: IT Governance Publishing

28
Release Date: July 2009(13)

Mobile Security and Privacy

by Man Ho Au; Raymond Choo
Published by Syngress, 2016(14)

Mobile Security: How to Secure, Privatize, and Recover Your Devices

by Darla Nykamp; Mari Heiser; Joseph Anderson; Tim Speed; Jaya Nampalli
Published by Packt Publishing, 2013(15)
 29
Threat and Security Risks on Mobile Devices
1.Do/did you have a mobile device?
__Yes __No
2.Is your phone’s operating system up-to date?
__Yes __No
If yes, what do you think are the threats to out of date operating systems?
__
__
_
__
If no, why are you not checking it?
__
__
__
__
3. Is your phone’s software up-to date?
__ Yes __No
If yes, what do you think are the threats to out of date softwares?
__
__
__
__
If no, why are you not checking it?
__
__
__
__
30
4. Is your mobile device connected to a public Wi-Fi?
__Yes __No
If yes, what do you think are the threats when you are connected to a public Wi-Fi?
__
__
__
__
If no, why are you not connected to any public Wi-Fi?
__
__
__
__
5. What do you think are the possible ways to prevent this threats and security risks?
__
__
__
__
__
 31

CURRICULUM VITAE

NAME: Raeden F. Mina

AGE:16

ADDRESS :San Agustin, Candon City, Ilocos Sur

SEX:Male

BIRTHDATE:November 30,2002

BIRTH PLACE:Tagudin, Ilocos Sur

 EDUCATIONAL ATTAINMENT:

Kindergarten:San Agustin Day Care Center

Elementary:Candon North Central School

High School: Santiago Catholic School

32