Unit 3

Proliferation of mobile and wireless devices

Everywhere you go, you see people engrossed in their smartphones or tablets—
whether they're playing games, checking email, shopping, or managing bank
accounts. Mobile devices have made incredible advancements, becoming smaller
while increasing in processing power. This trend o ers users a wide range of
choices, from high-end PDAs with wireless modems to compact phones with
internet browsing capabilities.

Types of Mobile Computing Devices:

1. Portable Computer: A general-purpose computer that can be moved easily but

requires setup and an AC power source to use.

2. Tablet PC: Shaped like a slate or notebook, it features a touchscreen and

handwriting recognition but may lack a physical keyboard.

3. Internet Tablet: An internet-focused device with limited computing power,

featuring apps like MP3 and video players, a web browser, chat, and a picture
viewer.

4. Personal Digital Assistant (PDA): A small, pocket-sized computer that

supplements a desktop computer, providing access to contacts, notes, email, and
more.

5. Ultramobile PC: A full-featured, PDA-sized computer that runs a general-

purpose operating system (OS).
ff
 6. Smartphone: Combines PDA features with integrated cell phone functionality,
o ering a range of features and apps.

7. Carputer: A computing device installed in a car, functioning as a wireless

computer, sound system, GPS, and DVD player. It includes word processing
software and Bluetooth compatibility.

8. Fly Fusion Pentop Computer: A pen-sized computing device that works as a

writing utensil, MP3 player, language translator, digital storage device, and
calculator.

As mobile devices evolve, they o er more options and capabilities, reshaping how
we interact with technology on the go.

Trends in Mobility
ff
ff
 Mobile computing is entering a new era with third-generation (3G) technology,
o ering a wider range of applications, improved usability, and faster networking.
Popular devices like the Apple iPhone and Android phones illustrate this trend. As
these smart devices gain popularity, they also attract the attention of attackers
(hackers and crackers).

3G networks face various security challenges because they were not entirely
designed with IP data security in mind. Attacks on mobile networks can come from
outside sources like the internet or other networks, or from within the network
through devices like smartphones, laptops, or computers connected to 3G.

Types of Attacks Against 3G Mobile Networks:

1. Malware, Viruses, and Worms: These can infect mobile devices, such as the
Skull Trojan targeting Symbian OS phones or the Cabir worm that spreads via
Bluetooth.

2. Denial-of-Service (DoS): This attack aims to disrupt system availability, often

by ooding the target with data to slow or stop its response.

3. Overbilling: An attacker hijacks a user's IP address to download non-free

content or use the connection for other purposes, leading to charges for
unauthorized activity.

4. Spoofed Policy Development Process (PDP): These attacks exploit

vulnerabilities in the General Packet Radio Service (GPRS) Tunneling Protocol.

5. Signaling-Level Attacks: Session Initiation Protocol (SIP) vulnerabilities in IP

Multimedia Subsystem (IMS) networks can be exploited to compromise Voice Over
Internet Protocol (VoIP) services.
ff
fl
Credit card Frauds in Mobile and Wireless
Computing Era

Mobile commerce (M-Commerce) and mobile banking (M-Banking) are new trends
emerging in cybercrime. As mobile devices become more powerful and a ordable,
credit card fraud is increasing. This a ects the processing of credit cards through
wireless technology, enabling businesses to quickly and e ciently process
transactions from mobile locations.

An Australian company called Alacrity o ers a closed-loop environment for

wireless (CLEW) credit card processing. The process follows these steps:

1. The merchant sends a transaction request to the bank.

2. The bank forwards the request to the authorized cardholder.
3. The cardholder approves or rejects the request (protected by a password).
4. The bank and merchant are noti ed of the decision.
5. The credit card transaction is completed.

CLEW streamlines credit card transactions and enhances mobility for businesses,
but it also highlights the need for stronger cybersecurity measures to protect
against fraud and other cybercrime risks.
fi
ff
ff
ffi
ff
Security Challenges Posed by Mobile Devices

Mobile devices bring two key challenges to cybersecurity:

1. Data Security: Information on hand-held devices is often taken outside of

controlled environments, which increases the risk of data breaches.

2. Remote Access: Granting remote access back to protected environments can

create vulnerabilities and potential points of attack.

To tackle these challenges, organizations must develop appropriate security

measures. As the use of mobile devices increases, two types of challenges arise:

- Micro Challenges: These are device-level challenges, such as managing registry

settings and con gurations, ensuring authentication service security, and
maintaining cryptography security.

- Macro Challenges: These are organizational-level challenges, such as

overseeing security across a diverse range of mobile devices within a company.
fi
Other technical challenges in mobile security include securing Lightweight
Directory Access Protocol (LDAP), Remote Access Server (RAS), and networking
application program interfaces (API). As mobile devices play an increasingly
important role in daily life and work, addressing these challenges is crucial to
maintaining cybersecurity.

Registry Settings for Mobile Devices:

Let's explore registry settings on mobile devices through an example:

Microsoft ActiveSync is designed for synchronizing with Windows-powered

personal computers (PCs) and Microsoft Outlook. It acts as a "gateway" between
a Windows PC and a Windows mobile device, enabling the transfer of applications
like Outlook information, O ce documents, pictures, music, videos, and other
applications from a user's desktop to their mobile device.

ActiveSync can also sync directly with the Microsoft Exchange server, allowing
users to keep their emails, calendar, notes, and contacts updated wirelessly when
they are away from their PCs. In this context, registry settings become crucial
because they can impact the free ow of information across di erent applications.

Authentication Service Security

Security in mobile computing has two main aspects: securing devices and
securing networks. For secure network access, the device must authenticate with
base stations or web servers. This ensures that only authenticated devices can
connect to the network for services, and no malicious code can trick the device
into doing something unintended.

Mobile devices face attacks like push attacks, pull attacks, and crash attacks
through wireless networks. Security measures are important to prevent attacks
ffi
fl
ff
 such as DoS (Denial of Service), tra c analysis, eavesdropping, man-in-the-middle
attacks, and session hijacking.

To protect against these threats, various security measures can be used, including
Wireless Application Protocols (WAPs), Virtual Private Networks (VPNs), Media
Access Control (MAC) address ltering, and advancements in 802.xx standards.
These measures help safeguard mobile devices and networks against potential
attacks.

Attacks on Mobile/Cell Phones

- Mobile Phone Theft: Mobile phones are now essential in everyday life. With
more a ordable options and greater purchasing power, the number of users has
grown. Theft of mobile phones has also increased, especially in places like bus
stops, railway stations, and tra c signals.

Factors contributing to attacks on mobile devices:

1. Enough Target Terminals: The rst mobile virus appeared after Palm OS
devices reached 15 million units. Mobile viruses have since been seen, like one
where a game developer created a virus in an older version of their mobile game
Mosquito, which sent SMS messages without users' knowledge.

2. Enough Functionality: Mobile devices now carry o ce-like functions and

critical data, often without adequate protection. This increased functionality can
lead to a higher chance of malware attacks.

3. Enough Connectivity: Smartphones o er multiple communication options like

SMS, MMS, synchronization, Bluetooth, and Wi-Fi. While these features increase
convenience, they also provide more opportunities for attackers.
ff
ffi
fi
fi
ffi
ff
ffi
- Concept of Mishing: Fraudulent text messages that trick users into revealing
sensitive information.

- Concept of Vishing: Fraudulent voice calls that aim to deceive users into sharing
personal data.

- Concept of Smishing: SMS phishing where attackers send deceptive text

messages to trick users into disclosing sensitive information.

- Hacking via Bluetooth: Attackers use Bluetooth connections to gain

unauthorized access to mobile devices and steal data or install malware.

Mobile Devices: Security Implications for

Organizations
Organizations face challenges in managing the diversity and proliferation of mobile
devices, including secondary storage devices such as compact disks (CDs) and
USB drives. These devices can be hard to detect due to their small size and
varying shapes, presenting a signi cant challenge to organizational security.

Security practices should be established to address threats posed by mobile

devices and storage media. Features that can help administrators secure mobile
devices and secondary storage include:

- Monitor Access: Control which users or groups can access USB ports, Wi-Fi,
Bluetooth, CDs, and other removable devices.

- Time-Based Access: Restrict access to devices based on the time of day and
day of the week.

- Whitelist Devices: Allow only speci c authorized devices regardless of other

settings.
fi
fi
- Read-Only Mode: Set devices to read-only mode to prevent data changes.

- Disk Protection: Protect disks from accidental or intentional formatting.

Lost and stolen mobile devices pose a growing security risk for corporations as
people often lose them while on the move. This can lead to data breaches and
unauthorized access to corporate information. Organizations must address these
risks by implementing strong security measures.

Organizational Measures for Handling Mobile

A survey of London's cab drivers found that over a 6-month period in 2001, there
were 2,900 laptops, 1,300 PDAs, and over 62,000 mobile phones left in cabs. This
highlights the importance of protecting data on lost mobile devices.

It's essential for organizations to prioritize data protection on mobile hand-held

devices to safeguard against data loss. Employees should also take responsibility
for securing their personal and work data on these devices.

Organizational security Policies and Measures in

Mobile Computing Era:
The widespread use of hand-held devices creates serious cybersecurity risks.
People treat their devices like wallets, storing sensitive information such as credit
card details, bank account numbers, passwords, con dential emails, and business
strategies on them. If an employee loses a USB drive, phone, or laptop, sensitive
customer data like credit reports or social security numbers could be exposed.

Guidelines for Implementing Mobile Device Security Policies:

1. Assess the Need: Determine if employees truly need to use mobile computing
devices for their work based on risks and bene ts.
fi
fi
2. Enhance Security: Use strong encryption, device passwords, physical locks,
and biometric techniques to boost device security.

3. Standardize Devices: Choose a standard set of devices and security tools to

improve security.

4. Develop Usage Framework: Create guidelines for data syncing, using rewalls
and anti-malware software, and what information can be stored on devices.

5. Centralize Management: Keep an inventory of mobile devices and manage

them centrally.

6. Establish Patching Procedures: Integrate software patching with syncing or

centralized patch management.

7. Provide Training: Educate employees on how to secure their information on

mobile devices.

Organizational Policies for Mobile Devices:

Organizations can handle mobile device policies in di erent ways:

- Distinct Policy: Create a separate policy speci cally for mobile devices.

- Incorporate into Existing Policies: Include mobile devices in existing IT

policies.

- Hybrid Approach: Create a new policy for mobile devices while also extending
existing policies to them.

Over time, companies may need to modify their policies to address the challenges
posed by di erent types of mobile devices. Wireless and non-wireless devices
present di erent challenges, as do employees who use mobile devices frequently
ff
ff
fi
ff
fi
compared to those who use them less often. Eventually, separate policies may be
needed for devices based on how they connect—wirelessly, or to WANs or LANs.

Laptops And Desktops :

Concept of Laptops:
As laptop prices decrease, they have become more common and are used to
access information on the go. However, their portability and wireless capabilities
raise cybersecurity concerns. Theft is also a signi cant issue, as laptops contain
personal and corporate information that can be sensitive.

Physical Security Measures for Laptops:

1. Cables and Locks: Securing laptops with cables and locks, like Kensington
cables, can help prevent theft.

2. Laptop Safes: Using safes made of strong materials can protect laptops and
their components.

3. Motion Sensors and Alarms: These devices can alert users when a laptop is
moved or tampered with and help track missing laptops.

4. Warning Labels and Stamps: Labels with tracking information can deter theft
and make resale more di cult.

Other measures include:

- Engraving personal details on the laptop.
- Keeping the laptop close to you and using di erent, less obvious bags.
- Educating employees about their responsibility when carrying a laptop.
- Keeping a copy of the purchase receipt and laptop details.
- Installing encryption software and using personal rewalls.
ffi
ff
fi
fi
 - Regularly updating antivirus software and security patches.
- Locking down unused ports and removing PCMCIA cards.

Logical or Access Controls:

- Protect against malicious programs and attackers.
- Avoid weak passwords and use strong password rules.
- Monitor application security and scan for vulnerabilities.
- Encrypt critical le systems and protect unencrypted data.
- Properly handle removable drives and unnecessary ports.
- Install rewalls, antivirus software, and intrusion detection systems.
fi
fi