Skip to main navigation menu Skip to main content Skip to site footer

Information Management Security Vulnerabilities in Smartphones Used by University Students: A Case Study in the Southwest of Colombia

Abstract

Currently, students who use smartphones are affected by theft and information leakage, to address this problem, this research aims to identify security vulnerabilities in these devices. In addition, an application to prevent phishing and information leakage was implemented. Effectiveness and performance tests were carried out to identify vulnerabilities and to alert users about them. The threats identified in Android smartphones used by university students in the southwest of Colombia were based on various techniques (phishing, DNS poisoning, identity theft, Man in the middle, foot-printing, spyware). To reach this result, we defined the problem, then we made a literature review, after that we defined the study population, methods, and instruments; finally, we collected the information and analyzed the results. An application was launched to show the security vulnerabilities of malicious software installation, which extracts information from student’s devices and makes the security of our mobile phones a priority nowadays; and to achieve greater security on Android smartphones. However, it is essential to be aware of the importance of self-care.

Keywords

Vulnerabilities, Mobile devices, Android, Phising, nformation leak

XML PDF

Author Biography

Cristian-Camilo Ordoñez-Quintero

Roles: Research, exploratory data analysis, model definition and refinement, implementation, model validation.

Hugo-Armando Ordoñez-Eraso

Roles: Research, Methodology, validation, Writing - review and editing.

Jose-Armando Ordoñez-Córdoba

Roles: Research, supervision, methodology, validation, writing - review and editing.


References

  1. N. Valero, Consumo móvil en Colombia, Deloitte, 2018
  2. W. C. Álzate, C. S. Romaña, Y. Q. Barco, “Factores y causas de la fuga de información sensibles en el sector empresarial,” Cuaderno Activa, vol. 7, no. 1, pp. 67-73, 2016
  3. R. Maya, “El cibercrimen y sus efectos en la teoría de la tipicidad: de una realidad física a una realidad virtual,” Nuevo Foro Penal, vol. 13, pp. 72–112, 2017. https://doi.org/10.17230/nfp.13.88.3 DOI: https://doi.org/10.17230/nfp.13.88.3
  4. A. C. Silva Calpa, D. G. Martínez Delgado, “Influencia del Smartphone en los procesos de aprendizaje y enseñanza,” Suma Negocios, vol. 8, no. 17, pp. 11–18, 2017. https://doi.org/10.1016/j.sumneg.2017.01.001 DOI: https://doi.org/10.1016/j.sumneg.2017.01.001
  5. A. Razgallah, R. Khoury, S. Hallé, K. Khanmohammadi, “A survey of malware detection in Android apps: Recommendations and perspectives for future research,” Computer Science Review, vol. 39, e100358, 2021. https://doi.org/10.1016/j.cosrev.2020.100358 DOI: https://doi.org/10.1016/j.cosrev.2020.100358
  6. H. Gao, S. Cheng, W. Zhang, “GDroid: Android malware detection and classification with graph convolutional network,” Computers & Security, vol. 106, e102264, 2021. https://doi.org/10.1016/j.cose.2021.102264 DOI: https://doi.org/10.1016/j.cose.2021.102264
  7. N. Zhang, Y. Tan, C. Yang, Y. Li, “Deep learning feature exploration for Android malware detection,” Applied Soft Computing, vol. 102, p. 107069, 2021. https://doi.org/10.1016/j.asoc.2020.107069 DOI: https://doi.org/10.1016/j.asoc.2020.107069
  8. M. Kinkead, S. Millar, N. McLaughlin, P. O’Kane, “Towards Explainable CNNs for Android Malware Detection,” Procedia Computer Science, vol. 184, pp. 959–965, 2021. https://doi.org/10.1016/j.procs.2021.03.118 DOI: https://doi.org/10.1016/j.procs.2021.03.118
  9. Y. Igarashi, “DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket,” The Journal of Japanese Studies, vol. 36, no. 1, pp. 165–169, 2009. https://doi.org/10.1353/jjs.0.0130 DOI: https://doi.org/10.1353/jjs.0.0130
  10. Y. Wang, G. Xu, X. Liu, W. Mao, C. Si, W. Pedrycz, W. Wang, “Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis,” Journal of Systems and Software, vol. 167, e110609, 2020. https://doi.org/10.1016/j.jss.2020.110609 DOI: https://doi.org/10.1016/j.jss.2020.110609
  11. P. Runeson, M. Höst, “Guidelines for conducting and reporting case study research in software engineering,” Empirical Software Engineering, vol. 14, no. 2, e131, 2009. https://doi.org/10.1007/s10664-008-9102-8 DOI: https://doi.org/10.1007/s10664-008-9102-8
  12. NIST, Marco de Ciberseguridad del NIST, pp. 1–9, 2019
  13. R. Al-quraan, A. Hadi, J. Atoum, M. Al-Zewairi, “Ultrasurf Traffic Classification: Detection and Prevention,” International Journal of Communications, Network and System Sciences, vol. 8, pp. 304–311, 2015. https://doi.org/10.4236/ijcns.2015.88030 DOI: https://doi.org/10.4236/ijcns.2015.88030
  14. D. Howe, H. Nissenbaum, Engineering Privacy and Protest: A Case Study of AdNauseam, 2017
  15. A. Skendzic, B. Kovačić, “Open source system OpenVPN in a function of Virtual Private Network,” IOP Conference Series: Materials Science and Engineering, vol. 200, e12065, 2017. https://doi.org/10.1088/1757-899X/200/1/012065 DOI: https://doi.org/10.1088/1757-899X/200/1/012065
  16. J. Dai, C. Chen, Y. Li, “A Backdoor Attack Against LSTM-Based Text Classification Systems,” IEEE Access, vol. 7, pp. 138872–138878, 2019. https://doi.org/10.1109/ACCESS.2019.2941376 DOI: https://doi.org/10.1109/ACCESS.2019.2941376

Downloads

Download data is not yet available.

Most read articles by the same author(s)

Similar Articles

You may also start an advanced similarity search for this article.