ITNE2002 Network and Information Security

cause the application of these phones uses Intent Object to communicate with each other. One application gives PendingIntent to another app to allow it perform the task as specified by it. The Android’s add account settings required recognising the application that invokes it and the PendingIntent created for it. It enabled the invoker app to not merely send information regarding its identity but also enabled it to launch various services and broadcasts. So, it is easy for anyone to create an app which makes misuse of PendingIndent and make the Android phone go completely crashed or lose it entire data (N Recursions, 2015).

Nearly all the Android users are susceptible to the recently discovered bug which is known with the name of BroadAnywhere Bug (Dubey & Misra, 2016). The bug enters into the personal devices of the Android users through various ways without any user permission or command. The different methods that are being used by the BroadAnywhere Bug are discussed below:

• Freeware program: When users of the Android devices downloads any kind of free software packages to their devices from the unauthenticated or untrusted websites and thereafter accepts the default installation message absolutely without going through the terms and conditions of End User License Agreement (EULA), then in such instances, the said bug intrudes into their personal devices.
• Malicious link: The BroadAnywhere Bug may also enter into the phones of Android users when they visit any malicious or suspicious kind of link.
• Infected media devices: Whenever, the bug infected devices are connected to the other devices such as phones or other sort of media devices for the purpose of sharing or transferring any media content to such other device.
• Spam-mail attachments: This is the common way by which BroadAnywhere Bug intrudes in the PDA devices of the android users by attaching itself to the mails which are generally regarded as spam mails or junk mails. When these mails are received on the Android devices and the user downloads the files attached therein in the mails, the bug finds its place to attack.
• Annoying advertisement: This is the other way by which BroadAnywhere Bug enters into the devices of the Android users. The bug attaches itself to the advertisements which although seems to be legitimate but are actually of fake nature. When the users click on those unauthenticated or illegitimate advertisements their phones gets severely affected by the vulnerability of the said bugs (Mobile Apps, 2016).

Once the BroadAnywhere Bug is entered into the devices it has multiple ways of affecting the devices of Android users. Few of the ways are discussed below:

• Automatic disruption of the functioning of devices: The intrusion of BroadAnywhere Bug could cause harm to the phone devices of the users such as sudden crashing of the device where it stops functioning at all (Shan, et al., 2015).
• Data loss: With this kind of vulnerability, the malicious apps in the phone devices are able to transmit a malicious broadcast with the aim of resetting the factory settings present on that phone in the default manner. Due to this action all the apps, media content such as photos, videos or messages, contacts and other data present on the phone gets destructed.
• Forging of SMS content: Once the attackers attacks the phone devices of the users, they have the control to send any messages which appears to be received by someone else who is authorised to send such message to the users. For instance, the attacker could send a message to user’s device asking user to deposit certain amount of money to their bank accounts or asking to provide the bank account credentials, in the name of any of his friend, family member or any other related person.

After learning about the repercussions of intrusion of BroadAnywhere Bug it is of utmost importance to identify the ways that can be used to prevent the Android phone devices from being affected from the vulnerabilities caused to them because of these bugs. There are several ways of protecting those devices against the BroadAnywhere Bug which are discussed below:

Regular device software updating:

• Use of top quality security software: It is highly recommended to the users of Android phone users to use applications such as Clean Master or CM Security to protect their phones from the attack of such bugs or other malicious act.
• Avoid visiting unauthorised websites: It is important of phone devices to understand the importance of use of authenticated sites over internet so as to protect their devices against any sort of cyber-attack such as BroadAnywhere Bug.
• Use of only safe and secure applications: While downloading different applications from the cloud platform it is essential for the users to assess the security of such application before taking down such applications to their devices (Pfleeger & Pfleeger, 2002).
• Blocking spam or junk mails: It is always better to delete or block the junk mails or spams without even opening them up. The users must not download the files attached to the spam mails in order to avoid the occurrence of such digital attacks.
• Keeping the anti-virus programs up to date: The anti-virus program of the Android phones as well as the other devices to which such phones are connected. Beside quality of the anti-virus program it is also important to keep those programs up to date by way of their license renewable or by replacing the existing anti-virus program as and when its service life expires.
• Use of only trusted sites for content downloading purposes: Before downloading any content from the websites, the users of phone are advised to check the authenticity of the websites. The unauthorised sites must be blocked so as to protect the phones from various malfunctions like BroadAnywhere Bug (Hathaway, et. al., 2012).

In response to the severe problems identified and reported by the Android users, the developer of Android operating system introduced the updated its version which is being recognised in the market with the name of Android 5.0 Lollipop. It is the latest version of Android OS and it has the potential to fix the serious issues caused by BroadAnywhere Bug. Every version which is below the Lollipop version is still vulnerable to the attack of the said bug. The bug can only be found in the devices whose Android OS version is released before September 10 2014 (Mobile Apps, 2016). Any version that has been or will be launched further after the said date will not have to face the same issue as the operating systems of such devices are upgraded to provide security against such bugs.

References:

Mobile Apps, 2016. Remove BroadAnywhere: How To Delete BroadAnywhere Vulnerability From Android Phone. Available at: https://www.rizzoliandisles.org/remove-broadanywhere-delete-broadanywhere-vulnerability-android-phone Accessed on: 17.10.2018.

Pfleeger, C.P. and Pfleeger, S.L., 2002. Security in computing. Prentice Hall Professional Technical Reference.

N Recursions, 2015. Is Android's BroadAnywhere really a threat that an antivirus can protect from? Do Android phones need antiviruses? Available at: https://nrecursions.blogspot.com/2015/01/is-androids-broadanywhere-really-threat.html Accessed on: 17.10.2018.

Hathaway, O.A., Crootof, R., Levitz, P., Nix, H., Nowlan, A., Perdue, W. and Spiegel, J., 2012. The law of cyber-attack. California Law Review, pp.817-885.

Lei, L., Wang, Y., Zhou, J., Zha, D. and Zhang, Z., 2013, July. A threat to mobile cyber-physical systems: Sensor-based privacy theft attacks on Android smartphones. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on (pp. 126-133). IEEE.

Dubey, A. and Misra, A., 2016. Android security: attacks and defenses. Auerbach Publications.

Shan, Z., Neamtiu, I., Qian, Z. and Torrieri, D., 2015, October. Proactive restart as cyber maneuver for Android. In Military Communications Conference, MILCOM 2015-2015 IEEE (pp. 19-24). IEEE.