SECURITY CONCERNS IN MOBILE LEARNING
From 1949 till now, the shape and usability of mobile devices have seen a tremendous reforms. Back then, it was used only for calling and texting purposes while in the present world, it has a use far beyond that. Omnipresence of mobile devices around the globe has heightened coz of its accessibility and affordability.
Mobile-learning (m-learning) is an emerging platform, which is being integrated into distance and eLearning programmes to give a complete bundle of virtual education. Delivery of educational material through mobile devices, such as personal digital assistants (PDAs), iPods, mobile phones, smartphones and tablets. The ultimate goal of m-learning is to utilise the significant evolution in mobile technologies to the utmost vantage of the learners to ameliorate their learning methods and reduce the learning curve. Another focal point of mLearning is to alleviate data sharing, which makes it possible for learners to interact with each other and pass information. From educational point of view, mobile phones are broadly used by students to access and support learning through wikis, online forums, blogs, image sharing and other social networks in the area of arts and humanities.
It’s normally said that mobile devices and networks can be easily exploited by hackers. So, it is not a secure means of storing confidential info and data.
Mobile security can be breached via many inconspicuous modes, without asking any permission from user consent. In this article, we will see through these loopholes of mobile network and how to deal with such problems in mLearning.
Malware: Malicious Software a.k.a Malware is a rising mobile security threat. It is specifically targeted toward smartphones, tablets and other mobile devices. “In the world of networks and communications, the more widely a technology is used, more likely to become the target of hackers”. Embedding stealing scripts in mobile applications, often free applications to download and install-compromises the privacy of the mobile devices. Once these applications are installed, they can do a “backtrack” analysis on the device, allowing them to take remote access of the devices.
Statistics from Webroot Threat Research Team, Out of 4 million android applications analysed, 42% of those applications were malicious, 14% are untrustworthy, 6% moderate risk and 38% benign.
Let’s say that you are using any LMS application on the mobile e.g. Moodle, Kindle etc. and you receive a pop-up notification in application for another application installation. Once you click the notification and installs the application, you have opened the gates for hacker to breach your personal information such as usernames and passwords of your LMS application. He/She can sell this sort of information to other users for their profit or being cool. On internet, you can easily find the premium account details of a paid application, crack and cheat codes etc. which are extracted by hackers from the premium users.
Wi-Fi Hijacking: All of are aware of hijacking, in which a travel mode is taken control by terror groups for some ransom like money or people extraction and freedom, same kind of situation occurs in Wi-Fi snooping.
Let’s illustrate this situation with an example; consider yourself sitting at CCD cafe using the public hotspot network of shop. You decided to check your bank account balance while you were waiting for your Café Latte. Don’t do it! Hackers can sniff out the packets sent between the hotspot and your device, through their laptops or computers. The approach is famously known as “man-in-the-middle attack”, in which hacker is the middle man who sniffs all packets that you send to recipient. Which means that hackers can easily get access to your usernames and passwords, credit card information etc. Same protocol can be followed by hackers for sniffing out the username and passwords of your LMS platform if you are accessing the course module on a public networks. Hackers can even manipulate your LMS platform further by changing the course module, deleting the cloud server downloads etc.
Nevertheless, your mLearning can still be safe
As previously discussed that there is many backdoors open to breach into a mobile, but still it can be secured by applying some precautious measures.
Well, as we all know that in corporate sector employees are provided with mobile phones, which are basically used for documentations, cold-callings, list of existing and future customers. If there is a theft of mobile then in that case, mobile phone status can now be tracked vis GPS, setting up a SMS which display “return it to user” message, remote phone wiping to delete all data etc.
If your LMS program is running on your corporate network, you must ensure that network must be secured. For security purposes, use VPN network to access the LMS program. This restricts the access via single sign on to make sure only approved users are accessing company text. One can also restrict access by using phone built-in GPS to ensure that employees aren’t logging in offsite. Never install any software / applications from untrusted sources, always prefer the trusted app store like Google Play for android and Apple app store for iOS devices. Installation of application from untrusted sources can make you incompetent to use your trusted application, might misbehave the usage of normal application, automatic shutdown, screen hanging etc. are possibilities for the malware attacks.
Feature an LMS must have to debar these security threats
- Antivirus: Malware/Virus/Trojan attacks are vulnerable to system. Either the mobile should have an antivirus feature or LMS platform to avoid such security threats.
- Login: Single-sign-on feature is provided in LMS, still for more security an OTP must be sent on email account.
- Users tracking: LMS should check out the user’s activity like downloading, sharing etc. In case if the information are leaked out from different sources, the login must be frozen.
- VPN network: LMS must have a VPN network so that users can put the credentials to get logging in, so that network hacks will get failed, also the credentials must be changed frequently.