Abstract
Recently, as the utilization rate for mobile devices has increased, cyber attacks targeting them have been increasing. Cyber attacks such as ransomware in general network space have started to spread to mobile devices. In addition, malware that exploits mobile vulnerabilities is also increasing rapidly. Threats to these mobile devices could cause negative damage to human life. Thus, the cyber attack that causes secondary damage to the real world is called a Cyber Influence Attack. This paper presents an influence attack scenario in which the exploit of the Android OS acquires the permission of the mobile device for propagating false information. Based on this scenario, we analyze the damage assessment of mobile device exploit that can cause real social damage as well as damage to cyberspace assets through FAIR (Factor Analysis of Information Risk) model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Clark, D.: Characterizing cyberspace: past, present and future. MIT CSAIL, Version 1, 2016–2028 (2010)
Daware, S., Dahake, S., Thakare, V.: Mobile forensics: overview of digital forensic, computer forensics vs. mobile forensics and tools. Int. J. Comput. Appl. 7–8 (2012)
Deacon, R.E., Firebaugh, F.M.: Family Resource Management: Principles and Applications. Allyn and Bacon, Boston (1981)
D’Orazio, C.J., Lu, R., Choo, K.K.R., Vasilakos, A.V.: A markov adversary model to detect vulnerable ios devices and vulnerabilities in IOS apps. Appl. Math. Comput. 293, 523–544 (2017)
Economist, T.: The economist intelligence unit’s democracy index (2016). https://infographics.economist.com/2017/DemocracyIndex/
Grimaila, M.R., Fortson, L.W.: Towards an information asset-based defensive cyber damage assessment process. In: 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications, CISDA 2007, pp. 206–212. IEEE (2007)
Guido, D.: The exploit intelligence project. PowerPoint presentation, iSEC Partners (2011)
Guido, D., Arpaia, M.: The mobile exploit intelligence project. Blackhat EU (2012)
Hern, A.: Hacking team hacked: firm sold spying tools to repressive regimes, documents claim (2015). https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim
Herr, T.: Prep: A framework for malware & cyber weapons. Browser Download This Paper (2013)
Horony, M.D.: Information system incidents: the development of a damage assessment model. Technical report, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio (1999)
HUFFPOST: 2016 general election: Trump vs. clinton (2016). http://elections.huffingtonpost.com/pollster/2016-general-election-trump-vs-clinton
IDC: Smartphone os market share (2017). https://www.idc.com/promo/smartphone-market-share/os
Jajodia, S., Liu, P., Swarup, V., Wang, C.: Cyber Situational Awareness. Advances in Information Security, vol. 14. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-0140-8
Jim Sciutto, N.G., Browne, R.: Us finds growing evidence Russia feeding emails to wikileaks (2016). http://edition.cnn.com/2016/10/13/politics/russia-us-election/index.html
Jones, J.: An introduction to factor analysis of information risk (fair). Norwich J. Inf. Assur. 2(1), 67 (2006)
Joshi, J., Parekh, C.: Android smartphone vulnerabilities: a survey. In: International Conference on Advances in Computing, Communication, & Automation (ICACCA)(Spring), pp. 1–5. IEEE (2016)
LaCapria, K.: As wikileaks released several batches of e-mails in october 2016, partisans claimed they confirmed hillary clinton sold weapons to ISIS (2016). http://www.snopes.com/wikileaks-cofirms-hillary-clinton-sold-weapons-to-isis/
NIST: National vulnerability database (2014–2016). https://nvd.nist.gov/
Cyberspace Operations: Joint publication 3–12 (r). Joint Chief of Staffs (2013)
Ostler, R.: Defensive cyber battle damage assessment through attack methodology modeling. Technical report, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio (2011)
Pagliery, J.: Wikileaks claims to reveal how CIA hacks TVS and phones all over the world (2017). http://money.cnn.com/2017/03/07/technology/wikileaks-cia-hacking/index.html
Philip, R., et al.: Enabling distributed security in cyberspace. Department of Homeland Security (2011)
RSA: 2016:current state of cybercrime (2016). https://www.rsa.com/content/dam/rsa/PDF/2016/05/2016-current-state-of-cybercrime.pdf
Saenko, I., Lauta, O., Kotenko, I.: Analytical modeling of mobile banking attacks based on a stochastic network conversion technique (2016)
Shezan, F.H., Afroze, S.F., Iqbal, A.: Vulnerability detection in recent android apps: an empirical study. In: 2017 International Conference on Networking, Systems and Security (NSysS), pp. 55–63. IEEE (2017)
Acknowledgment
This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD060048AD).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Park, M., Han, J., Seo, J., Oh, H., Lee, K. (2019). FAIR-Based Cyber Influence Damage Assessment for Exploit in Mobile Device. In: You, I., Chen, HC., Sharma, V., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2017. Communications in Computer and Information Science, vol 971. Springer, Singapore. https://doi.org/10.1007/978-981-13-3732-1_4
Download citation
DOI: https://doi.org/10.1007/978-981-13-3732-1_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-3731-4
Online ISBN: 978-981-13-3732-1
eBook Packages: Computer ScienceComputer Science (R0)