Security Analysis of Simpel Desa using Mobile Security Framework and ISO 27002:2013
DOI:
https://doi.org/10.29407/intensif.v7i1.18742Keywords:
Information Security, Vulnerabilities, MobSF, ISO 27002:2013Abstract
The Personal Identification Number or KTP is prone to be stolen and used by unwanted parties, this is also a possibility for the Simpel Desa, a village administration application that also contain and use the Personal Identification Number. This study aims to detect information security vulnerabilities. This study aims to analyze security vulnerabilities in applications using MobSF and ISO 27002:2013. MobSF is used for penetration testing for malware in applications. In MobSF the Simpel Desa application is analyzed in two ways, namely static and dynamic. ISO 27002:2013 is used to map the findings of vulnerabilities and potential misuse of information so that they get accurate analysis results. The control used is domain 9 (access control) and 10 (cryptography). The results obtained in the static analysis found the existence of vulnerabilities in aspects of cryptography and permission access. The dynamic analysis found that Root Detection and Debugger Check Bypass had not been implemented. Overall, based on ISO 27002:2013 information security has not been maximally implemented. The recommendations given focus on the aspects of application permissions and access rights, user authentication, and the implementation of information security.
Downloads
References
Admin, “Simpel Desa,” 2022. www.simpeldesa.com
C. Hanifurohman and D. DurbinHutagalung, “Analisa Keamanan Aplikasi Mobile E-Commerce Berbasis Android Menggunakan Mobile Security Framework,” Prosiding Universitas Pamulang, Vol. 1, No. 1, PP. 1–7, 2020, [Online]. Available: http://openjournal.unpam.ac.id/index.php/Proceedings/article/view/5195
S. A. Sholikhatin and K. N. Isnaini, “Analysis of Information Security Using ISO 27001 and Triangular Fuzzy Number Weighting,” Jurnal Ilmiah Informatika, Vol. 6, No. 1, PP. 43–49, Jun. 2021, doi: 10.35316/jimi.v6i1.1224.
I. A. Dianta and E. Zusrony, “Analisis Pengaruh Sistem Keamanan Informasi Perbankan Pada Nasabah Pengguna Internet Banking,” INTENSIF: Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi, Vol. 3, No. 1, P. 1, Feb. 2019, doi: 10.29407/intensif.v3i1.12125.
T. A. Cahyanto, V. Wahanggara, and D. Ramadana, “Analisis dan Deteksi Malware Menggunakan Metode Malware Analisis Dinamis dan Malware Analisis Statis,” Justindo, Jurnal Sistem & Teknologi Informasi Indonesia, Vol. 2, No. 1, PP. 19–30, 2017, doi: 10.32528/justindo.v2i1.1037.
Fina Triana, Jon Endri, and Irma Salamah, “Implementation of CAESAR CIPHER Cryptography Techniques for Android Based Information Data Security,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), Vol. 4, No. 4, PP. 627–634, Aug. 2020, doi: 10.29207/resti.v4i4.1984.
K. N. Isnaini and D. Suhartono, “Evaluation of Basic Principles of Information Security at University Using COBIT 5,” MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, Vol. 21, No. 2, PP. 317–326, Mar. 2022, doi: 10.30812/matrik.v21i2.1311.
A. Mahfuth, “Security Knowledge Required To Improve Employee Security Behavior in Information Security Culture,” International Journal of Computer Science and Information Security, Vol. 20, No. 2, 2022, [Online]. Available: https://www.researchgate.net/publication/359187687
A. Prameshwari and N. P. Sastra, “Implementasi Algoritma Advanced Encryption Standard (AES) 128 Untuk Enkripsi dan Dekripsi File Dokumen,” Eksplora Informatika, Vol. 8, No. 1, P. 52, Sep. 2018, doi: 10.30864/eksplora.v8i1.139.
N. Matondang, I. N. Isnainiyah, and A. Muliawatic, “Analisis Manajemen Risiko Keamanan Data Sistem Informasi (Studi Kasus: RSUD XYZ),” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), Vol. 2, No. 1, PP. 282–287, Apr. 2018, doi: 10.29207/resti.v2i1.96.
D. P. Agustino, “Information Security Management System Analysis Menggunakan ISO/IEC 27001 (Studi Kasus: STMIK STIKOM Bali),” Eksplora Informatika, Vol. 8, No. 1, P. 1, Sep. 2018, doi: 10.30864/eksplora.v8i1.130.
N. Kohli and M. Mohaghegh, “Security Testing Of Android Based Covid Tracer Applications,” in 2020 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE), Dec. 2020, PP. 1–6. doi: 10.1109/CSDE50874.2020.9411579.
P. Weichbroth and Ł. Łysik, “Mobile Security: Threats and Best Practices,” Mobile Information Systems, Vol. 2020, PP. 1–15, Dec. 2020, doi: 10.1155/2020/8828078.
A. Kartono, A. Sularsa, and S. J. I. Ismail, “Membangun Sistem Pengujian Keamanan Aplikasi Android Menggunakan Mobsf,” 2019, Vol. 5, No. 1, PP. 146–151. [Online]. Available: https://openlibrarypublications.telkomuniversity.ac.id/index.php/appliedscience/article/view/8563/8431
C. Hanifurohman and D. D. Hutagalung, “ANALISIS STATIS MENGGUNAKAN MOBILE SECURITY FRAMEWORK UNTUK PENGUJIAN KEAMANAN APLIKASI MOBILE E-COMMERCE BERBASIS ANDROID,” Sebatik, Vol. 24, No. 1, PP. 22–28, Jun. 2020, doi: 10.46984/sebatik.v24i1.920.
E. Tansen and D. W. Nurdiarto, “Analisis dan Deteksi Malware dengan Metode Hybrid Analysis Menggunakan Framework MOBSF,” Jurnal Teknologi Informasi, Vol. 4, No. 2, PP. 191–201, Dec. 2020, doi: 10.36294/jurti.v4i2.1338.
H. Shahriar, C. Zhang, M. A. Talukder, and S. Islam, Machine Intelligence and Big Data Analytics for Cybersecurity Applications, Vol. 919. Cham: Springer International Publishing, 2021. doi: 10.1007/978-3-030-57024-8.
F. Nurindahsari and B. Parga Zen, “ANALISIS STATIK KEAMANAN APLIKASI VIDEO STREAMING BERBASIS ANDROID MENGGUNAKAN MOBILE SECURITY FRAMEWORK (MOBSF),” Cyber Security dan Forensik Digital, Vol. 4, No. 2, PP. 63–80, Apr. 2022, doi: 10.14421/csecurity.2021.4.2.3373.
M. Zeybek, E. N. Yilmaz, and I. Alper Dogru, “A Study on Security Awareness in Mobile Devices,” in 2019 1st International Informatics and Software Engineering Conference (UBMYK), Nov. 2019, No. November, PP. 1–6. doi: 10.1109/UBMYK48245.2019.8965476.
D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS,” JOIV : International Journal on Informatics Visualization, Vol. 4, No. 4, P. 225, Dec. 2020, doi: 10.30630/joiv.4.4.482.
S. R. Musyarofah and R. Bisma, “Pembuatan Standard Operating Procedure ( SOP ) Keamanan Informasi Berdasarkan Framework ISO / IEC 27001 : 2013 dan ISO / IEC 27002 : 2013 pada Dinas Komunikasi dan Informatika Pemerintah Kota Madiun,” JEISBI: Journal of Emerging Information Systems and Business Intelligence, Vol. 01, PP. 43–50, 2020, [Online]. Available: https://ejournal.unesa.ac.id/index.php/JEISBI/article/view/36860
S. Fenz and T. Neubauer, “Ontology-based information security compliance determination and control selection on the example of ISO 27002,” Information & Computer Security, Vol. 26, No. 5, PP. 551–567, Nov. 2018, doi: 10.1108/ICS-02-2018-0020.
I Made Sukarsa, I Made Rama Pradana, and Putu Wira Buana, “Implementasi Enkripsi dan Otentikasi Transmisi Data ZeroMQ Menggunakan Advanced Encryption Standard,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), Vol. 4, No. 6, PP. 1149–1156, Dec. 2020, doi: 10.29207/resti.v4i6.2581.
A. Syahir and C. C. Wen, “Secure Login Mechanism for Online Banking,” JOIV : International Journal on Informatics Visualization, Vol. 2, No. 3–2, P. 179, Jun. 2018, doi: 10.30630/joiv.2.3-2.136.
E. Kurniawan and I. Riadi, “Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM,” INTENSIF: Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi, Vol. 2, No. 1, P. 12, Feb. 2018, doi: 10.29407/intensif.v2i1.11830.
A. David Purba, I. K. Adi Purnawan, and I. P. Agus Eka Pratama, “Audit Keamanan TI Menggunakan Standar ISO/IEC 27002 dengan COBIT 5,” Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), Vol. 6, No. 3, P. 148, Dec. 2018, doi: 10.24843/JIM.2018.v06.i03.p01.
I. K. A. O. Ardita, I. G. N. Anom Cahyadi Putra, M. R. Kustiadie, G. N. M. Dika Varuna, and M. Y. Eka Prananda, “Analisis Keamanan Aplikasi Android Dengan Metode Vulnerability Assessment,” JELIKU (Jurnal Elektronik Ilmu Komputer Udayana), Vol. 10, No. 3, P. 279, Apr. 2022, doi: 10.24843/JLK.2022.v10.i03.p04.
B. Yankson, J. V. K, P. C. K. Hung, F. Iqbal, and L. Ali, “Security Assessment for Zenbo Robot Using Drozer and mobSF Frameworks,” in 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Apr. 2021, PP. 1–7. doi: 10.1109/NTMS49979.2021.9432666.
Admin, “What are CVSS Scores,” 2022. https://www.balbix.com/insights/understanding-cvss-scores/ (accessed Nov. 24, 2022).
Gregory Manley, “What Is MD5 and Why Is It Considered Insecure?,” 2022. https://www.section.io/engineering-education/what-is-md5/ (accessed Nov. 24, 2022).
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Copyright on any article is retained by the author(s).
2. The author grants the journal, right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work’s authorship and initial publication in this journal.
3. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
4. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
5. The article and any associated published material is distributed under the Creative Commons Attribution-ShareAlike 4.0 International License