unsecurekaspersky.com

IssuesinInformationSystemsVolume15,IssueII,pp.
116-123,2014116MOBILEMALWARE:COMINGTOASMARTPHONENEARYOUKarenPaullet,RobertMorrisUniversity,paullet@rmu.
eduJamiePinchot,RobertMorrisUniversity,pinchot@rmu.
eduABSTRACTThisstudyexploredawarenessandconcernaboutmobilemalwareaswellasusagehabitsrelatedtopreventativemeasuresusedtomitigatemobilemalwareriskfactors.
Severalmobilemalwareriskfactorswereexplored,includingconnectingtounsecuredWi-Finetworks,settingmobiledevicestoautomaticallyconnecttoWi-Finetworks,leavingBluetoothconnectivityon,readingreviewsbeforedownloadingmobileapps,usinganti-malwaresoftwareorapps,frequencyofdatabackups,anddevicelocksusingpasswords,PINs,orfingerprints.
Atotalof187participantsweresurveyed,includingundergraduatesanddoctoralstudentsandalumniatamid-Atlanticuniversity.
Thestudyfoundthatamongtheriskfactorsexplored,participantswerenotasawareofthedangersassociatedwithconnectingmobiledevicestounsecuredWi-Finetworksandalsowerelargelyunfamiliarwithanti-malwaresoftwareandapps.
Asetofrecommendationsforincreasingawarenessofpreventativesecuritymeasuresformobilemalwarewerealsopresented.
Keywords:mobilemalware,mobilesecurity,smartphone,Bluetooth,Wi-FiINTRODUCTIONMobilephoneshavebecomeubiquitouswithinoursociety,andmanywouldnowconsiderthemanecessityratherthanaconvenience.
Wearelivinginaworldwherepeoplearestayingconnectedviamobiletechnologymorethaneverbefore.
Technologywhichwasonceonlyfoundondesktopcomputerscannowbecarriedinthepalmofourhands.
Thenumberofmobilephoneusersattheendof2012wasapproximately5.
9billionworldwide[8].
Mobiledevicesallowpeopletohaveaconstantconnectiontofriends,family,andinformation.
Aswemoveaboutourday,onewillnoticepeopleusingtheirmobiledevicesalmosteverywhere.
Usersarestayingconnectedwhilewaitinginlines,atthebusstop,whendiningoutwithfamilyandfriends,andinthecar.
Thisnoticeableconstantconnectiontoourmobiledevicesisbringingtotheforefrontanareaofconcerninregardtosecurity.
WhatsecuritymechanismsdowehaveinplacetodealwithmobilesecuritythreatsMostaveragecomputerusershavesometypeofanti-virusoranti-malwaresoftwareinstalledontheircomputers,butwhatabouttheirmobiledevicesMalwareisanycomputerprogramdesignedtoinfiltrate,use,ordamageadevicewithouttheowner'sconsent.
Thetermmalwareisoftencharacterizedashostile,intrusive,malicious,orannoying[11].
Infact,thetermitselfisderivedfrom"malicioussoftware,"andincommonusageithasbecomeanumbrellatermtodescribemanydifferenttypesofmaliciouscomputerprograms.
Mobilemalwareisanytypeofmalwarethatisspecificallytargetedtowardsmartphones,tabletsandothermobiledevices.
Mobilemalwareisontheriseandisprojectedtocontinueitsupwardtrajectory,propelledbythelargeandcontinuallygrowingsmartphoneuserbaseandanincreasinglymobileworkforcewhichprovideenticingtargetsforhackers[12].
Leavitt[12]describesthisphenomenonsuccinctly,"Intheworldofcomputersandcommunications,themorewidelyatechnologyisused,themorelikelyitistobecomethetargetofhackers"(p.
11).
Themaingoalsofmostmobilemalwareincludetheftofprivateinformation,incurringchargestopremiumnumbers,orgainingaccesstoauser'sbankaccountsorcredit[5,11,15].
Mobilemalwareposesaseriousthreatandisevolvingintoacomplexlandscapethatwilllikelysoonrivalthatoftraditionalcomputermalware[5].
Thenumberofsecuritybreachestopersonaldevicesisdifficulttomeasure,andfewstudieshaveexploredthisareatodate.
Ourresearchseekstoexploreawareness,concernandhabitsregardingnumerousmobiledevicesecurityissues.
RELATEDLITERATUREInordertobeabletoaddresstheriskfactorsassociatedwithmobilemalware,itisimperativetofirstunderstandthethreats[7].
Theincreasedusageofmobiledeviceshasintroducednewsecurityrisks[20].
Mobiledevicesarebecominganewtargettogainuserinformation,asmobiledevicesecurityhasnotkeptupwithtraditionalcomputersecurity.
Cybercriminalsarebeginningtoattackmobiledevicesduetothelackofsecuritymeasuresinplace.
Attackingmobiledeviceshasbecomeextremelyattractivetocriminalsduetotheplethoraofinformationthatishttps://doi.
org/10.
48009/2_iis_2014_116-123IssuesinInformationSystemsVolume15,IssueII,pp.
116-123,2014117storedonthedevice.
Suchinformationincludesemailaccounts,phonenumbers,calendarinformation,networkorlogincredentials,confidentialnotesorfiles,andcontactliststonameafew.
Fischer,Kuo,andHuang[6],discussthreeshiftsinmobiledevicesecurity.
Thefirstismobility,whichcreateduncertaintyaboutthemobiledevicesurroundings.
Mobiledevicescanbeusedonbothsecureandunsecureenvironments.
Forinstance,connectingtopublicWi-Fiathotelisanexampleofanunsecurenetwork,whereas,connectingtoaworkorpersonalnetworkareusuallysecure.
Whenusersconnecttoanunsecurenetwork,devicesareopenforattack.
Thesecondshiftinsecuritydealswithsensorsthatareinstalledonthedevice.
Mostmobiledeviceshavelocationtracking,Bluetooth,RFID,andcamerasbuilt-in.
Theautomaticinstallationofsensorsonmobiledeviceshasledtoanewareaforattack.
Thefinalshiftisconstantconnectivity.
MobiledeviceshaveconstantaccesstotheInternetandotherdevices,whichisalsoattractivetocybercriminals.
Thefactthatmobiledevicesareportablemakesthemeasytosteal.
Theownerofastolenphonecanactuallylosealloftheirpersonaldata[16].
Peopletakethetimetolockthedoorstotheirhomesandcarsinordertoprovidesecuritysothattheirpersonalpropertyisnotburglarized.
Butwhenitcomestosecuringmobiledevices,thatsamecareisoftenignored.
Mostpeoplewouldnotwalkdownthestreetandhandtheirpurseorwallettoacompletestrangertoholdfor60secondsormore.
Yetthesamepeoplethatwouldnotturnovertheirpurseorwalletwillthinknothingofaskingastrangertotakeapictureofthemusingtheirpersonalmobiledevicethatcontainsaplethoraofprivateinformation.
Peoplemusttakethetimetoimplementphysicalsecurityfeaturesaswellasvirtualsecurityfeaturesinordertostaysecure.
Tobegintostudymobilemalware,itisusefultounderstandthecategorygroupingsusedtodescribedifferenttypesofmalwareprograms.
Thoughdifferentauthorsdefinethesegroupingsindifferentways,severalcommoncategoriesappearthroughouttheliterature.
Thesecategoriesincludeviruses,worms,rootkits,botnets,phishing,spyware,Wi-FiandBluetoothhijacking,andmaliciousapps[11,12,13].
Eachofthesecommoncategorieswillbebrieflydescribed.
Avirusisacomputerprogramthatcanreplicateitself.
Virusesareoftenprogrammedtoinfectotherprogramsorfilesbyattachingtothem.
Awormisavirusthatcopiesitselfandattemptstospreadtootherdevices,typicallythroughemailmessagesinthedesktoplandscape,butalsothroughShortMessageService(SMS)orMultimediaMessageService(MMS)messages,hereafterjointlyreferredtoas"textmessages"inordertotravelfromonemobiledevicetoanother[10].
Awormissimilartoavirus,butdoesnothavetoattachitselftoaprogramorfile.
Rather,itusescomputernetworks,includingWi-Fi,tospreadtootherdevices,typicallycapitalizingonsecurityflawsonthereceivingdeviceinordertoaccessit.
Rootkitsinfecttheoperatingsystem(OS)ofadevicetoallowvirusesandothermalwaretohideinplainsight,stealthilydisablingsecurityfeaturesoroverwritingOSfilesinordertoremainundetectedonthedeviceforlongerperiodsoftime[11].
Abotnetreferstoagroupofdevicesthathavebeencompromisedbymalwarethatgivesahackertheabilitytocontrolthedevicesremotely.
Ahackertypicallyactivatesthese"zombie"devicesinconcerttosendspam,carryoutDenial-of-Service(DoS)attacks,orperformothermaliciousacts.
Attackerscanalsousemobile"zombie"networkstosendtextmessagestopremiumnumbers,incurringchargestotheuserforeachmessagesent.
Hackersoftenworkwithpremiumnumberserviceownersandreceiveapercentageofthemoneygeneratedthroughthesescams[11,12,14,15].
Phishingscams,inwhichscammersposeaslegitimatecompaniesinordertoswindleunsuspectingusersintopayingmoneyorrevealingprivateinformation,aremuchthesameonmobiledevicesastheyareondesktopplatforms.
However,inadditiontoemailandsocialmediaposts,mobilephishingscamsutilizetextmessagesaswell.
Smishingisatermusedtodescribetheexploitationoftextmessagesonmobiledevicesforphishingscams[19].
Spywareapplicationsarebecomingcommongroundforcybercriminalstocaptureinformation.
Aspreviouslymentioned,criminalshavemuchtogainfromaccessingtheinformationstoredonmobiledevices.
Spywareapplicationsmonitordevicecommunications,suchasphoneconversations,emails,textmessages,inboundandoutboundcalllogsanduserlocations.
Itisevenpossibleforanattackertolistenremotelytophoneconversations[9]orreadtextmessagesandemails.
Infact,mobilespywarecanalsoturnonacompromisedsmartphonewithoutringing,essentiallyturningitintoahiddenmicrophonetoeavesdroponnearbyconversations.
TheGPSfunctionsofIssuesinInformationSystemsVolume15,IssueII,pp.
116-123,2014118thedevicecanalsobeusedtotrackitscurrentlocation[12].
Mostspywareapplicationscanusuallybedetectedprovidedthatanti-malwareapplicationsareinstalledonthedevice.
Wi-FihijackingorWi-FisnoopingoccurswhenhackersareabletointerceptcommunicationsbetweensmartphonesandunsecuredWi-Fihotspots,justastheycanwithdesktoporlaptopcomputers.
Thisapproachiscalledaman-in-the-middleattack,becauseeverythingthatyoutypeandtransmitisinterceptedbythehacker(themiddleman)beforeitgetstowhereitwasintended.
Thismeansthatahackercouldeasilygainaccesstousernames,passwords,andevencreditcardinformationifauserlogsintowebsitesorpurchasesitemsonlinewhilebeingmonitored[2,3].
Forconvenience,manysmartphoneshavesettingstoallowthedevicetoautomaticallyconnecttoavailableWi-Finetworks,makingthedevicevulnerable.
Bluetooth,oneofthemostcommonshort-rangewirelessprotocols,isoftenusedtoallowconnectivitybetweenmobiledevices.
ThereareafewdifferenttypesofvulnerabilitiesthatcanbeexploitedwhenBluetoothconnectivityisturnedonforamobiledevice.
Bluejackingisatypeofpracticaljokeakintospam.
ABluejackercansendane-contactcardtoanotherBluetoothdeviceindiscoverablemode,aslongasitiswithinapproximatelya30-footradiusoftheirowndevice.
However,insteadofaddingarealcontactintotheunsuspectingrecipient'ssmartphone,theBluejackerexploitsthee-contactcardtoreplacethe"From"sectionwithamessage.
Whentherecipientreceivesthis"Bluetoothspam,"itcanoftenscarethepersonintorealizingthattheyareundersurveillance,whichistypicallytheintentionoftheBluejacker.
Bluebuggingallowsahackertogainaccesstoanotheruser'sdevicethroughBluetoothandcontrolsomeofitsfunctions,includingmakingphonecallsorsendingtextmessagestopremiumnumbersoreavesdroppingoncallsmadebytheuser[18].
Hackerscanalsocompromisesmartphonesandothermobiledevicesbyembeddingmalwareintomobileappsthatusersthendownloadandinstall.
Thesemaliciousappsareoftenfreeinordertoenticeuserstodownloadthem,andonceinstalledtheycanstealprivateinformationfromthedeviceandsenditbacktoahacker.
Theymayalsoinstallotherappsoropen"backdoors"onthedevice,allowingahackertotakeremotecontrolofthedeviceatalatertime[12].
PURPOSEOFSTUDYTheliteratureexaminedmakesitclearthatmobilemalwareisontherise.
Italsopointsoutavarietyofwaysinwhichmobiledevicesecuritymeasuresparallelthesecuritymeasuresofstandardcomputers.
Forexample,mobilemalwarespreadsinmuchthesamewayasvirusesspreadbetweencomputers:viaemailattachments,phishingwebsites,exploitationviapublicWi-Finetworks,infectionofseeminglyofficialprograms(apps),textmessages,Bluetoothconnectivity,andphysicaltheftorintrusion.
Simplestepscanbetakentoprotectmobiledevicesfrommuchofthethreatofmobilemalware,ifpeopleareawarethatasmartphonemustbeprotectedfrommalware.
Thisexploratorystudysoughttoexploreawareness,concernandusagehabitsofmobilesecurityprotectionmeasuresamonguniversitystudentsandalumni.
Thefollowingresearchquestionswereaddressed:RQ1:DouniversitystudentsandalumnidemonstrateawarenessofmobilemalwareriskfactorsbyusingpreventativesecuritymeasurestomitigatemobilemalwareriskfactorsformobiledevicesRQ2:IstherearelationshipbetweenconcernaboutmobilemalwareandpreventativesecuritymeasuresusedbyuniversitystudentsandalumniIssuesinInformationSystemsVolume15,IssueII,pp.
116-123,2014119RESEARCHMETHODOLOGYThisexploratorystudyexaminedawareness,concernanduseofsecuritymeasuresforprotectingmobiledevicesagainstmobilemalwareamonguniversitystudentsandalumni.
Anelectronicsurveywasdistributedtoaconveniencesampleofundergraduatestudents,doctoralstudents,anddoctoralalumniatamid-AtlanticuniversityduringMarchandApril2014.
UndergraduatestudentsinthesamplewereselectedfromcoursesectionsintheComputerInformationSystemsdepartmentthatwererequiredaspartoftheuniversitycoreorwereelectivesknowntobetakenoftenbynon-majorsaswellasmajorswithinthedepartment.
Theseselectionsweremadetoattempttocaptureacross-sectionofstudentsfromvariousfieldsofstudywithintheuniversitywithintheconveniencesample.
Doctoralstudentsanddoctoralalumnioftheuniversitywerealsoincludedinthesample,astheseindividualsareadiversegroupintermsofage,ethnicity,location,occupationalaffiliations.
Again,theseparticipantswereselectedpurposefullyinordertocaptureacross-sectionofindividualsfromavarietyofindustriesandbackgrounds.
Asthisresearchisexploratoryinnature,andveryfewpreviousstudiesaddressingmobilemalwareandsecurityawarenesswerefound,theresearcherswishedtoincludeasmuchdiversityinthesampleaspossible.
Thesurveywasadministeredto138undergraduatesand76doctoralstudentandalumni.
Participantswerefirstaskediftheyownedasmartphoneortablet.
Anyparticipantswhodidnotownasmartphoneortabletexitedthesurvey,andtheseresponseswerediscarded.
Afterparticipantswithoutamobiledevicewereremovedfromthedataset,therewere114undergraduateand73doctoralstudentandalumniresponses,foratotalof187participants.
Priortosurveyadministration,apilottestwasconductedwith61adultparticipantstotestthevalidityandreliabilityofthesurveyquestions.
Thesurveyquestionnaireconsistedofavarietyofquestionsrelatingtomobilesecurityprotectionmeasures.
Participantswerefirstaskedsomebasicdemographicquestionsincludingage,gender,andoccupationalaffiliation.
Next,participantswereaskedaboutthetypesofsmartphonesandtabletsthattheyown,includingdeviceplatformssuchasiOS,Android,BlackBerry,WindowsPhone,SymbianandOtherforsmartphonesandiOS,Android,KindleandOtherfortablets.
Then,participantswereaskedabouttheirhabitsregardingthedownloadingofmobileapps,includingwhethertheyhadeverdownloadedanapp,howoftentheydownloadfreeandpaidapps,andhowoftentheydownloadfinancial,health-related,socialmedia,andproductivityapps.
Thesefourcategoriesofappswerechosenbecauseofthesensitivenatureofthedatathatistypicallystoredinthesetypesofapps.
Thenextsetofquestionswastargetedtowardunderstandingtheparticipants'usagehabitsregardingseveralmobilesecurityriskfactorsidentifiedfromtheliterature.
Participantswereaskediftheytypicallyreadreviewsbeforedownloadingapps,whichcanbeasignificantdeterrenttodownloadingmaliciousapps[4].
Theywerealsoaskediftheyhadeverusedananti-virusoranti-malwareappontheirdevice,whichcanworkmuchliketheirdesktopcomputercounterpartstoscanforvirusesandmalware[12].
NexttheywereaskediftheytypicallyleaveBluetooth"on"ontheirmobiledevice,iftheirdeviceissettoautomaticallyconnecttoWi-FinetworksandhowoftentheyconnecttopublicWi-Fihotspots,allofwhichareriskfactorsforhijackingandman-in-the-middleattacks[2,3,16,18].
Nextthequestionnairecoveredsecuritymeasuresforprotectingagainstunauthorizedphysicaldeviceaccess,damageorloss.
Participantswereaskediftheirdeviceislockedwithapassword,PINorfingerprintandalsoaboutthefrequencywithwhichtheybackupdatafromtheirdevice.
Physicallocksandbackupsareimportantsecuritymeasures,asthemostcommonmethodofinformationtheftfromamobiledeviceinvolvesphysicaltheftofthedevice[17].
Carewastakenthatsomeofthequestionswerenegativelywordedwhileotherswerenot,soastonotskewtheresults.
Forinstance,onequestionwasworded"Doyoutypicallyreadreviewsorotherwiseresearchamobileappbeforedownloadingandinstallingit"A"Yes"answertothisquestionrevealsthattheuserdoesnothaveariskfactorinthiscategorybecausereadingreviewscanbeasignificantdeterrenttodownloadingmaliciousapps.
Anotherquestionwasworded,"IsyourmobiledevicesettoautomaticallyconnecttoWiFihotspots"A"Yes"answertothisquestionrevealsthattheuserdoeshaveariskfactorashisorherdevicecouldautoconnecttounsecuredWi-Finetworks.
Thenextsetofquestionswasfocusedonparticipants'awarenessofmobilesecurityriskfactors.
Participantswereaskediftheyhadeverexperiencedavirusormalwareontheirmobiledevice,andalsowhethertheywereconcernedaboutvirusesormalwareinregardtotheirmobiledevice.
Lastly,severalquestionsrelatingtoinformationprivacyconcernswereasked,butnotutilizedforthisstudy.
IssuesinInformationSystemsVolume15,IssueII,pp.
116-123,2014120FINDINGSOfthe187participants,66%weremaleand34%werefemale.
Theagerangeofparticipantsspannedfrom18to72,withameanof32.
Thelargestagegrouprepresentedincluded18-20year-olds,at31%ofthesample.
Participantsaged21-30madeup25%ofthesample,thoseaged31-40madeup11%,thoseaged41-50madeup18%,thoseaged51-60madeup10%,andtheremaining5%includedparticipantsaged61-72.
Theslightskewtowardtheyoungerendoftheagespectrumcanbelargelyattributedtothe114undergraduatesincludedinthesample.
Intermsofoccupationalaffiliation,36%ofparticipantsworkedinindustry(forprofit),3%workedforanon-profitorganization,10%workedforgovernment(local,stateorfederal),4%workedinhealthcare,30%workedineducation,and17%indicated"other.
"Nearlyalloftheresponsesinthe"other"categorycamefromundergraduatesandcanperhapsbeattributedtothefactthatmanyundergraduateswerenotworkingwhileattendingschool.
Inretrospect,a"notapplicable"categorywouldhavebeenusefultoaddtothisquestion.
Allparticipantswhowerekeptinthedatasetownedatleastonemobiledevice.
Amajorityoftheparticipants,94%ownedasmartphoneand63%ownedatablet.
Nearlyalloftheparticipants,96%,haddownloadedamobileapptotheirdevice.
Ofthosewhohaddownloadedamobileapp,themajoritytendedtodownloadfreeappsmorefrequentlythanpaidapps.
Morethanhalf,53%,downloadedfreeappsfrequentlyorveryfrequently,40%occasionally,6%rarely,and1%never.
Only7%downloadedpaidappsfrequentlyorveryfrequently,19%occasionally,43%rarely,and31%neverdownloadedapaidapp.
Regardingtypesofappsdownloaded,participantswhohaddownloadedanappwereaskedhowoftentheydownloadedfinancial,health-related,socialmedia,andproductivityapps,sincethesecategoriesofappsarethemostlikelytoinvolvetheuseofprivateinformation.
Forfinancialapps,39%downloadedthemfrequentlyorveryfrequently,17%occasionally,15%rarely,and29%never.
Forhealth-relatedapps,21%downloadedfrequentlyorveryfrequently,28%occasionally,17%rarely,and34%never.
Forsocialmediaapps,71%downloadedfrequentlyorveryfrequently,13%occasionally,10%rarely,and6%never.
Andlastlyforproductivityapps,36%downloadedfrequentlyorveryfrequently,28%occasionally,18%rarely,and18%never.
Participantsweredirectlyaskedwhethertheywereconcernedaboutmobilemalwareinregardtotheirmobiledevices.
Thesamplewasnearlysplitevenly,with46%respondingthattheywereconcerned,50%respondingthattheywerenotconcerned,and4%responding"Idon'tknow,"whichcouldindicatealackofawarenessofthetopic.
Theconcernaboutmobilemalwarewasrelativelyhighgiventhatveryfewoftheparticipants,2%,hadexperiencedmobilemalwareontheirowndevice.
Themajority,88%,indicatedthattheyhadnotexperiencedmobilemalware.
However,10%responded"Idon'tknow"tothisquestion,whichcanbeconstruedasagenerallackofawarenessregardingmobilemalware.
ThesepercentagesaredepictedinFigure1.
Figure1.
Percentageofparticipantswhoexperiencedandareconcernedaboutmobilemalware2%46%88%50%10%4%0%20%40%60%80%100%ExperiencedmobilemalwareConcernedaboutmobilemalwareYesNoIdon'tknowIssuesinInformationSystemsVolume15,IssueII,pp.
116-123,2014121RQ1asked,"Douniversitystudentsandalumnidemonstrateawarenessofmobilemalwareriskfactorsbyusingpreventativesecuritymeasurestomitigatemobilemalwareriskfactorsformobiledevices"Toanswerthisquestion,theresearcherslookedattheresponsestosevenquestionsonthequestionnairethateachdemonstratedariskybehaviorintermsofpreventativemeasuresformitigatingexposuretomobilemalware.
ThesesevenquestionsincludedaskingparticipantshowoftentheyusepublicWi-Fi,whethertheirdeviceissettoautoconnecttoWi-Finetworks,whethertheytypicallyleaveBluetoothconnectivitysettoon,whethertheyreadreviewsbeforedownloadingapps,iftheyhaveeverusedanti-malwareontheirdevice,howoftentheybackupdataontheirdevice,andwhethertheylocktheirdevicewithapassword,PINorfingerprint.
ThemajorityofparticipantsdisplayedriskybehaviorintermsofconnectingtopublicWi-Finetworks,with73%indicatingthattheyconnecttopublicWi-Fioccasionallyormorefrequently,while26%indicatedthattheyrarelyorneverconnecttopublicWi-Fi.
WhenaskediftheirmobiledeviceissettoautomaticallyconnecttoWi-Fihotspots,themajorityofparticipants,70%,displayednon-riskybehaviorbyindicatingthattheydonotallowtheirdevicetoautomaticallyconnecttoWi-Fi.
Oftheparticipantsdisplayingriskybehaviorforthisquestion,26%indicatedthattheydohavethissetting,while4%answered"Idon'tknow.
"Thirty-onepercent(31%)ofparticipantsindicatedthattheydoleaveBluetoothonorthattheydidnotknow,bothindicatingriskybehavior.
Theremaining69%respondedthattheydonotleaveBluetoothon.
Themajorityofparticipants,72%,indicatedthattheydoreadreviewsorotherwiseresearchamobileappbeforedownloadingandinstallingit,displayingnon-riskybehavior.
Theremaining28%didnotreadreviews,thusmakingtheirdevicesmorevulnerabletodownloadingmaliciousapps.
However,mostparticipants,75%,displayedriskybehaviorbyfailingtouseanti-malwaresoftwareorapps.
Sixty-sixpercent(66%)hadneverusedanti-malware,while9%indicatedthattheydidnotknowiftheyhadornot,alsoariskybehaviorindicatingalackofawarenessofanti-malware.
Only25%ofparticipantshadusedanti-malware.
Intermsofphysicalsecuritypreventativemeasures,73%ofparticipantsrespondedthattheybackupdataontheirmobiledevicesoccasionallyormorefrequently,while27%backuprarelyornever.
Themajorityofparticipants,77%,protecttheirdeviceswithapassword,PIN,orfingerprintwhiletheremaining23%donot.
RQ2asked,"Istherearelationshipbetweenconcernaboutmobilemalwareandpreventativesecuritymeasuresusedbyuniversitystudentsandalumni"Toanswerthisquestion,theresearcherscreatedaMobileMalwareRiskFactorIndexbasedonthesevenmobilemalwareriskfactorsquestionsutilizedtoanswerRQ1.
Thedevelopmentofanindexisasupportedwaytomeasureaconstructusinganaccumulationofscoresfromavarietyofrelatedbutindividualitems[1],andisoftendonetotransformdataintoaformthatcanbeusedinotherstatisticalanalyses.
Tobuildtheindex,theresponsetoeachofthesesevenquestionswasscoredone(1)iftheresponseindicatedariskybehaviorincludingusingpublicWi-Fioccasionallyormorefrequently,leavingtheirdevicesettotypicallykeepBluetoothconnectivityon,usingadevicesettingtoallowautoconnectingtoWi-Finetworks,notreadingreviewsorresearchingappsbeforedownloadingthem,notusinganti-malwareontheirdevice,backinguptheirdevicedatararelyornever,ornotlockingtheirdevicewithapassword,PINorfingerprint.
Responsesthatdemonstratednon-riskybehaviors(theoppositesofthosementioned)werescoredazero(0).
ThescoreswerethensummedtobuildaMobileMalwareRiskFactorIndexthatrangedfromzero(theleastrisky)toseven(themostrisky).
Therelationshipbetweenconcernaboutmobilemalwareandmobilemalwareriskfactors(asmeasuredbytheMobileMalwareRiskFactorIndex)wasinvestigatedusingthePearsonproduct-momentcorrelationcoefficient.
Preliminarytestswereperformedtoensurethattheassumptionsofnormality,linearityandhomoscedasticitywerenotviolated.
Therewasasignificant,negativecorrelationbetweenthetwovariableswithasmalleffectsize,r=-.
191,n=177,pkaspersky.
com/bluetooth-security/19.
USCERT.
(2010,April15).
US-CERTTechnicalInformationPaper–TIP-10-105-01.
RetrievedonMay3,2014fromhttps://www.
us-cert.
gov/sites/default/files/publications/TIP10-105-01.
pdf20.
Webroot.
(2013).
MobileThreatsareRealandCostly.
Acommissionedstudy.
RetrievedonApril16,2014fromhttp://www.
webroot.
com/shared/pdf/byod-mobile-security-study.
pdf