What are information security threats
Nielsen Mobile Panel
To participate in the Nielsen Mobile Panel study, you download an app thatmonitors your Internet activity in return for payment.What exactly is being monitored is fully disclosed at the outset. This is theopposite of most applications, who do not pay and still track and monitor yourdata.
No credit card info required
No credit card information is required, and the application is free todownload. Making money with the Nielsen Mobile Panel simply requires fillingout a survey and downloading an application. After this, users can browse asthey normally do. It does not matter how frequently the devices are actuallyused, as long as it is registered, and the application is downloaded.
The Nielsen Mobile Panel provides a link to its privacy policies, throughwhich detailed information is available with regard to what information iscollected.The data collected as part of the Nielsen Mobile Panel program includes GPSwhen connected, files names but not content, mouse clicks, message send andreceive time (not content), IP address, Bluetooth connection, VPN state,hardware details, software details, ad campaign exposure, URLs visited, alarmusage, device settings and battery state.
All collected data is secured.
The Importance of Data Security
The harsh reality is that applications actually steal data from users withouttheir consent. This includes typical applications that are installed on themajority of smartphones. Android applications are particularly susceptible tothis; however, it is a myth that Mac OS is invulnerable to malware. Manyapplications require access to personal contacts and the web camera when thereis no real reason they should be allowed.
Smartphone Security Research
Over 1.3 million Google accounts were compromised in 2016 though Androidapplications, and Android ransomware jumped 137% from Q1 to Q2 in 2017. If youhave an Android phone, it is best to take precautions before downloadingapplications and browsing online. While Android is the most heavily affected,smartphone security is becoming a priority.Many smartphone applications have access to far more information than isnecessary for their functioning. According to a Pew Internet Project study,54% of application users decided against the installation of an applicationwhen they realized how much data was required to use it. 30% of applicationusers uninstalled an application after they were shown how much data it wascollecting and transmitting.
What are information security threats?
Threats can come in many forms including software attacks, identity theft,sabotage, physical theft and information extortion:Â * Software attacks on information security include viruses, malware, worms, ransomware like WannaCry or trojan horses * Phishing emails or websites are often aimed at stealing intellectual property or log in credentials to gain unauthorized access. Social engineering is one of the largest cyber threats and is hard to protect against with traditional security measuresÂ * Sabotage like denial of service attacks often aim to reduce the availability of key information assets, reducing confidence or organizational productivity until a payment is received in exchange for returning service to the organization * Theft of information and equipment is becoming increasingly common as most devices are now mobile in nature like smartphones or laptops * Information extortion involves gaining access to confidential information and then holding it at ransom until payment is madeThere are many ways to protect against cyber attacks but the number one threatto any organization are its users or internal employees who are susceptible tosocial engineering or phishing. This is why cybersecurity awareness trainingand security controls are important at all levels of your organization.
How do you respond to information security threats?
When a threat has been identified you have a choice: * Reduce or mitigate the risk by implementing safeguards or countermeasures eliminate or reduce threats and vulnerabilities * Assign or transfer the risk to another entity or organization by purchasing insurance or outsourcing * Accept the risk when the cost of the countermeasure is more than the possible cost of loss due to a vulnerability or cyber attackWith the introduction of the General Data Protection Regulation (GDPR) by theEuropean Parliament and Council in 2016, the need to respond to informationsecurity breaches has become a regulatory requirement for any businessoperating within the EU. Companies are now required to: * provideÂ data breachÂ notifications * appoint a data-protection officer * require user consent for data processing * anonymize data for privacyThis makes a comprehensive incident handling plan andÂ comprehensive data leakdetectionÂ a requirement for most global businesses.
How does information security fit in with information risk management?
Information risk managementÂ is the process of identifying vulnerabilities andthreats to information resources used by an organization and what if anycountermeasures should be taken to reduce risk to an acceptable level based onthe value of the information value to the organization.There are two main considerations with any risk management process:Â 1. The process of risk management is ongoing and iterative in nature, it must be repeated indefinitely as new threats and vulnerabilities emerge 2. The choice of countermeasures or controls used must strike a balance between productivity, cost, effectiveness and the information value of the asset being protectedRisk analysis and evaluation have innate limitations because when securityincidents occur, they emerge in context and can come from unpredictable orunexpected threats likeÂ poorly configured S3 bucketsÂ or external attackers.The likelihood that a threat will use a vulnerability to cause harm createsrisk. In the context of information security, the impact is loss ofconfidentiality, integrity, or availability or all other possible losses (e.greputational and financial damages). Note: It’s not possible to identify normitigate all risks. This remaining risk is called residual risk.
Information Flow Security for Android Applications
Mobile applications are everywhere. They can record the innermost details ofour day-to-day lives. But how can we ensure our mobile applications are safe?The goal of the Information Flow Security for Android Applications project isanswer this question. Our main approach is to develop tools and techniques forspecifying and verifying the flow of information for applications running onthe Android platform.Investigators: Gary Leavens, David Naumann, David Cok, John L. SingletonProject Homepage
Verily: Making Web Applications More Reasonable
The complexity of web application construction is increasing at an astoundingrate. The very nature of developing for the web typically requires developmentacross multiple application tiers in a variety of incompatible languages whichcan result in disjoint code bases. This lack of standardization introduces newchallenges in the form of verification.Verily is a new web framework for Java that supports the development offormally verified web applications. Verily introduces a new developmentparadigm called Continuously Verified Construction (CVC). Rather thanrequiring that programs be verified in separate a posteriori analysis, insteadContinuously Verified Construction supports construction via a series ofRecipes, essentially prescriptions for development which help a developerprove a particular set of properties about an application.Investigators: John L. SingletonProject HomepageA Security Sandbox Approach of Android Based on Hook MechanismAs the most widely applied mobile operating system for smartphones, Android ischallenged by fast growing security problems, which are caused by maliciousapplications. Behaviors of malicious applications have become more and moreinconspicuous, which largely increase the difficulties of security detection.This paper provides a new security sandbox approach of Android based on hookmechanism, to further enrich Android malware detection technologies. This newsandbox monitors the behaviors of target application by using a process hook-based dynamic tracking method during its running period. Compared to existingtechniques, this approach can create a virtual space where apk can beinstalled, run, and uninstalled, and it is isolated from the outside and arisk assessment approach based on behavior analysis is given so that users canobtain an explicit risk prognosis for an application to improve their safety.Tests on malware and normal application samples verify this new securitysandbox.
3.2. APP Risk Behavior
An application invokes an API that truly reflects the behavior of theapplication in the Android system. For example, an application that generatesnetwork behavior will certainly invoke the API associated with the networkcommunication. An application that generates file behavior will certainly callthe file-related APIs. Hence, to describe an application’s behavior, one canuse it as a standard for invoking the API. Once users have installed maliciousapplications in Android, these apps typically have some of the followingcommon malicious behaviors in Android:(1) The backstage sending the charge message and calling the toll telephone.(2) Theft of user information (including mobile phone messages, call records,mobile phone IMEI, IMSI number, and user-used operators);(3) Access to the user’s location information, to open the mic recording andcamera in the backstage.(4) Backstage networking, transmission of user information, and consumption ofuser network traffic.(5) Camouflage process, in the backstage to kill other mobile phone processes(such as Alipay application process) and then camouflage another process tocheat.According to the description above, if an application invokes one or more APIsrequired to implement the above behavior, there is a certain degree of riskthat the user can install the application. Table 1 shows some of the APIs andtheir behavior levels.|* * * — Evaluation Project | Danger level| Evaluation Project| Danger level * * * Virus scanning| high| Apply data to any backup| medium Sensitive word Information| medium| Apply Signature Not verified| medium Advertising SDK Detection| low| Sensitive function calls| medium Third-party SDK detection| low| Java Layer Dynamic debugging| low Java Code decompile| high| Load Dex from SDcard| low So file crack| high| Implicit invocation of intent components| low Tampering and two-time packaging| high| WebView Remote Code| high Dynamic injection attack| high| Database injection| high Interface Hijacking| high| ContentProvider Data Disclosure| high Input listening| high| Encryption method not safe to use| high HTTP Transport data| high| HTTPS not verified| medium WebView PlainText Store password| high| Download any apk| medium PlainText digital certificate| high| Global writable Internal files| medium Debug Log functions| high| DDoS| medium Resource File Disclosure| medium| Residual test information| low Dynamic Debug Attacks| medium| WebView Bypass Certificate validation| low Activity Component Export| medium| Unsafe use of random numbers| low Service component Export| medium| Intent Scheme URL| low Broadcast receiver Component Export| medium| Fragment injection attack| low Content Provider Component Export| medium| | * * * When the risk is large to a certain extent, users should be informed. Thelevel of risk represented by different APIs is not the same for risk APIs. Ingeneral, the user’s economic interests as a direct risk measurement criteria:(1) APIs that may directly cause loss of property to the user, with thehighest degree of risk(2) The API that can obtain or disclose user’s privacy, its risk degree beingsecondary(3) To modify the system settings and User Configuration, damage to the systemenvironment of the API, the degree of risk being relatively low.Based on the theory of information entropy, this paper proposes a new approachto evaluate the risk behavior of Android using information entropy. Oneinstalls the application into the sandbox and runs and simulates user actionsfor a fixed number of times, such as 500. Suppose that, in this process, allthe sensitive APIs invoked are , and set the information entropy used toevaluate the risk behavior of the application to , and set s as the total APInumbers that has occurred for all behavior:Because malicious applications generally focus on risk behavior, theyfrequently invoke sensitive APIs. This paper uses a set of sensitive APIs todescribe and characterize an application. If is greater, its entropy will bemore than the normal application of information entropy. By calculating anapplication on the sensitive API set of information entropy , one can judgethe level of risk.