Search for: All records

Cyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, including Google Play Protect, dynamic permissions, and sign-in control notifications, cyberattacks on Android-based phones are prevalent and continuously increasing. Most malware apps use critical permissions to access resources and data to compromise smartphone security. One of the key reasons behind this is the lack of knowledge for the usage of permissions in users. In this paper, we introduce Permission-Educator, a cloud-based service to educate users about the permissions associated with the installed apps in an Android-based smartphone. We developed an Android app as a client that allows users to categorize the installed apps on their smartphones as system or store apps. The user can learn about permissions for a specific app and identify the app as benign or malware through the interaction of the client app with the cloud service. We integrated the service with a web server that facilitates users to upload any Android application package file, i.e. apk, to extract information regarding the Android app and display it to the user. 

Advancements in technology and the increase in Internet usage through mobile devices have led to greater visibility of organizations and individuals to cybercrimes. Teenagers being easy targets of these cybercrimes, there is a need to educate them on cybersecurity trends since training students on existing cyberattacks is viewed as a powerful tool to teach cybersecurity. We present a pedagogical approach to train students to identify new threats and respond to mitigate them. This is accomplished through observatory, experiential, and real-life practice-oriented cybersecurity exercises. Seven malicious android applications targeting malware class and phishing, namely Email-Lite-Scare, Shop-Shock-Struck, CyberSafe Practices, Play-Read-Disrupt, Fish-A-Phish, Chat-Phish, and Spy-The-Trojan, have been developed. Psychological learning is emphasized in this approach by exercising the application extensively. The underlying goals of this work are to develop a security mindset, spread awareness on threats associated with smartphone/tablet usage, and to inculcate interest in cybersecurity careers among high school students. 

As technology keeps overgrowing, Internet surfing becomes more popular. As a consequence, users tend to use it for social media, shopping, banking, or any other online services in which they need to put their personal information. These online activities attract malicious computer users to apply cyberattack techniques to steal other user's data. The users become attack victims due to limited understanding of cyberattacks and safety practices. In this paper, we propose a framework development for interactive and engaging cybersecurity education. With the help of the framework, the users will be able to learn different types of cyberattacks and defenses along with the safe cybersecurity practices. We also discuss the current state of the framework and conclude the paper with a discussion on limitations and future work.