Search for: All records

Cyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, including Google Play Protect, dynamic permissions, and sign-in control notifications, cyberattacks on Android-based phones are prevalent and continuously increasing. Most malware apps use critical permissions to access resources and data to compromise smartphone security. One of the key reasons behind this is the lack of knowledge for the usage of permissions in users. In this paper, we introduce Permission-Educator, a cloud-based service to educate users about the permissions associated with the installed apps in an Android-based smartphone. We developed an Android app as a client that allows users to categorize the installed apps on their smartphones as system or store apps. The user can learn about permissions for a specific app and identify the app as benign or malware through the interaction of the client app with the cloud service. We integrated the service with a web server that facilitates users to upload any Android application package file, i.e. apk, to extract information regarding the Android app and display it to the user. 

Advancements in technology and the increase in Internet usage through mobile devices have led to greater visibility of organizations and individuals to cybercrimes. Teenagers being easy targets of these cybercrimes, there is a need to educate them on cybersecurity trends since training students on existing cyberattacks is viewed as a powerful tool to teach cybersecurity. We present a pedagogical approach to train students to identify new threats and respond to mitigate them. This is accomplished through observatory, experiential, and real-life practice-oriented cybersecurity exercises. Seven malicious android applications targeting malware class and phishing, namely Email-Lite-Scare, Shop-Shock-Struck, CyberSafe Practices, Play-Read-Disrupt, Fish-A-Phish, Chat-Phish, and Spy-The-Trojan, have been developed. Psychological learning is emphasized in this approach by exercising the application extensively. The underlying goals of this work are to develop a security mindset, spread awareness on threats associated with smartphone/tablet usage, and to inculcate interest in cybersecurity careers among high school students.