Ризики інформаційних витоків з мобільних пристроїв

I. Zhuravska; M. Fisun

doi:10.36910/6775-2524-0560-2024-55-12

I. Zhuravska https://orcid.org/0000-0002-8102-9854
M. Fisun https://orcid.org/0000-0003-1297-6230

DOI: https://doi.org/10.36910/6775-2524-0560-2024-55-12

Keywords: security threats, leak of information, mobile devices, sensors, IoT devices, confidentiality, iOS, Android.

Abstract

The article covers mobile application security threats, mobile operating system (OS) vulnerabilities, information leakage channels, semantic security, infrastructure-related security, and more. It noted that security breaches can be mitigated through improved security behaviors and attitudes, not just better technology. By default, both Android and iOS apps have been shown to be able to access sensors such as accelerometer and gyroscope, microphone and camera while running in the background without the user's knowledge or consent. The risks of information leakage as a result of granting system access rights to applications with root rights, updating the system with firmware containing malicious programs or vulnerabilities that can be used by attackers have been analyzed. The methods of intercepting control of mobile devices using Smurf Suite tools, phishing technologies, etc. were analyzed. Practical recommendations for reducing security risks when using mobile applications are offered for both users and developers. Benefits of using Apple Neural Engine and custom CreateML models on iOS mobile devices to process data directly on the device to avoid lengthy and potentially risky calls to a remote server.

References

1. Truță F. Top reasons why consumers shun mobile security apps. Publ. April 16, 2024.
2. Kadir A. F. A., Lashkari A. H., Firoozjaei M. D. Mobile application security. In book: Understanding Cybersecurity on Smartphones. Jan. 2024. P. 89–101.
3. Balapour A., Nikkhah H. R., Sabherwal R. Mobile application security: Role of perceived privacy as the predictor of security perceptions. International Journal of Information Management. 2020. Vol. 52, No. 102063.
4. Osman T., Mannan M., Youssef A., Hengartner U., Youssef A. Securing applications against side-channel attacks through resource access veto. Digital Threats: Research and Practice. Dec. 2020. Vol. 1, No. 4. Article 22. 29 p.
5. Lei T., Qin Z., Zhibo W., Li Q., Dengpan Ye. EveDroid: Event-aware Android malware detection against model degrading for IoT devices. IEEE Internet of Things Journal. Aug. 2019. Vol. 6(4). P. 6668–6680.

Risks of information leaks from mobile devices

Abstract

References