CS_UNIT 2(P3).pptx

UNIT 2 Credit Card Frauds in Mobile & Wireless Computing Era Security Challenges Registry Settings for Mobile Devices Authentication Service Security Attacks on Mobile/Cell Phones

Trends in Mobility In the past two decades, we’ve not only cut the cord between our phones and the wall, but we have gained the ability to stream video, play games, and access the web from what has essentially become a powerful handheld computer. 5G will push those capabilities to the next level. Since the late 1970s, the ability to communicate with others using a device that is untethered to a wire has changed the way people interact, whether they are located across the street or in another country. Prior to the introduction of cellular technology, ham shortwave and FM radios provided two-way communication to those willing to learn Morse code and obtain a license. Citizens band (CB) radios offered up to 20-mile links and became wildly popular with the mass market in the early to mid-1960s. However, weather conditions and time of day had a major influence on reliability of ham radio links, while transmission power limits and chatty enthusiasts reduced the usefulness of CB.

The industry needed a system that consumed little energy to enable small portable devices to operate on battery power. Cellular phones evolved to meet this need. Rather than adopt a point-to-point long-distance strategy, cellular phones link to a grid of local relay base stations. A progression of enhanced technical standards enabled compatibility among devices and opened the door to development of a rapidly expanding market. Efficient network management was the other key to development of advanced cellular communication systems in terms of speed, reliability, latency, capacity, and additional features.

The first generation of mobile networks, dubbed 1G, was introduced in Japan in 1979. It offered analog 2.4Kb/s with limited coverage and no roaming support. In 1991, 2G employed digital signaling to bump the speed to 64Kb/s and used the Global System for Mobile Communications (GSM) standard for improved voice fidelity and reliability. It also ushered in the ability to send text messages and photos. 3G was introduced in 2001 and harmonized global standards, along with 256Kb/s speed. Additional functions included video conferencing, streaming, and Voice over Internet Protocol (VoIP). The fourth and most common generation in use today, 4G Long-Term Evolution (LTE), can deliver speeds to 1Gb/s for high-definition video, web access, and gaming applications. We are now on the cusp of 5G, which is designed to support the escalating demands of a universe of Internet of Things ( IoT ), explosion of consumer video, telemedicine, telework , and future autonomous transportation. In addition to a 10 times to as much as 100 times increase in speed, latency will be dramatically reduced. The ability to support many more connected devices with greater network efficiency and reduced latency is driving the transition to 5G.

Credit Card Frauds & Wireless Computing Era Types of Credit Card Frauds Traditional Techniques: paper based fraud – criminal uses stolen or fake documents, to open an account in someone else’s name. can be divided into ID theft Financial fraud illegal use of lost or stolen card Modern Techniques: enable criminals to produce fake or doctored cards. Skimming process Triangulation Credit Card Generators (From Book)

Triangulation Method - aim to create great deal of confusion for the authorities.

Main challenges involved in credit card fraud detection are: Enormous Data is processed every day and the model build must be fast enough to respond to the scam in time. Imbalanced Data i.e most of the transactions (99.8%) are not fraudulent which makes it really hard for detecting the fraudulent ones Data availability as the data is mostly private. Misclassified Data can be another major issue, as not every fraudulent transaction is caught and reported. Adaptive techniques used against the model by the scammers.

Security challenges posed by mobile devices (FROM PPT) Mobility brings two main challenges to cyber security: first, on the hand-held devices, information is being taken outside the physically controlled environment. and Second, remote access back to the protected environment is being granted. The importance of providing employees with remote access and the ability to work from anywhere means that organizations need to implement tools that increase the security of mobile devices. Mobile phone security threats generally include application based, web-based, network-based, physical threats (or challenges) and technical challenges.

Security challenges posed by mobile devices Application based threat: Application-based threats happen when people download apps that look legitimate but actually skim data from their device. Even legitimate apps often request more permission than needed to perform their function, which can expose more data than necessary. Examples are spyware and malware that steal personal and business information without people realizing it’s happening. These threats also includes Data Leakage via Malicious Apps ( as hackers can easily find an unprotected mobile app and use that unprotected app to design larger attacks or steal data, digital wallets, backend details, and other juicy bits directly from the app) and Zero Day Vulnerabilities ( zero-day vulnerabilities that left its devices open for spyware attacks and released a patch to protect users against these vulnerabilities. A software vulnerability discovered by attackers before the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed)

Security challenges posed by mobile devices Application based threat: Contd …. The best way to protect your organization against data leakage (or App based threats) through malicious or unsecured applications is by using mobile application management (MAM) tools. These tools allow IT admins to manage corporate apps (wipe or control access permissions) on their employees’ devices without disrupting employees’ personal apps or data.

Security challenges posed by mobile devices Web based threat: Web-based threats are subtle and tend to go unnoticed. They happen when people visit affected sites that seem fine on the front-end but, in reality, automatically download malicious content onto devices. Examples: Phishing Scams Social Engineering Drive By Downloads Operating System Flaws

Security challenges posed by mobile devices Web based threat: Contd … Social Engineering Social engineering attacks are when bad actors send fake emails (phishing attacks) or text messages ( smishing attacks) to your employees in an effort to trick them into handing over private information like their passwords or downloading malware onto their devices. Drive By Downloads Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device. Operating System Flaws Operating system (OS) vulnerabilities are exposures within an OS that allow cyber attackers to cause damage on any device where the OS is installed . Large numbers of mobile devices are not kept up to date with operating system releases. Out of date operating systems mean devices are vulnerable to security threats that are patched in the later versions. Mobile security requires continuous work to find and patch vulnerabilities that bad actors use to gain unauthorized access to your systems and data.

Security challenges posed by mobile devices Web based threat: Contd … Tips to Combat Web based threats The best defense for phishing and other social engineering attacks is to teach employees how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to them altogether. Reducing the number of people who have access to sensitive data or systems can also help protect your organization against social engineering attacks because it reduces the number of access points attackers have to gain access to critical systems or information. Only use your computer’s admin account for program installations. Keep your web browser and operating system up to date. Be wary of keeping too many unnecessary programs and apps. Always avoid websites that may contain malicious code. Carefully read and examine security popups on the web before clicking. Use Ad-Blocker

Security challenges posed by mobile devices 3. Network-based threat: Network-based threats are especially common and risky because cybercriminals can steal unencrypted data while people use public WiFi networks. Users often rely on public Wi-Fi to stay connected when they work outside the office. These unsecured Wi-Fi networks can allow malware to be installed on devices or eavesdroppers to intercept data. Public WiFi networks are generally less secure than private networks because there’s no way to know who set the network up, how (or if) it’s secured with encryption, or who is currently accessing it or monitoring it. And as more companies offer remote work options, the public WiFi networks your employees use to access your servers (e.g., from coffee shops or cafes) could present a risk to your organization. For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data that passes through their system (a “man in the middle” attack). Examples: Network Exploits WiFi Sniffing Packet Sniffing BYOD (Bring Your Own Device)

Security challenges posed by mobile devices 3. Network-based threat: Contd …. There’s no single standard for mobile devices, especially when you allow BYOD rather than supplying the devices. Because of the variety of devices and operating systems, it’s difficult to apply controls consistently to ensure the safety of all of them.

Security challenges posed by mobile devices 3. Network-based threat: Contd …. Tips to Combat The best way for you to protect your organization against threats over public WiFi networks is by requiring employees to use a VPN to access company systems or files. This will ensure that their session stays private and secure, even if they use a public network to access your systems.

Security challenges posed by mobile devices Physical Threats: Physical threats to mobile devices most commonly refer to the loss or theft of a device. Because hackers have direct access to the hardware where private data is stored, this threat is especially dangerous to enterprises. Example - Loss/Theft: Loss or theft is the most unwanted physical threat to the security of your mobile device. Any devices itself has value and can be sold on the secondary market after all your information is stolen and sold. Tips to Combat First and foremost, you’ll want to ensure employees know what steps to take if they lose their device. Since most devices come with remote access to delete or transfer information, that should include asking employees to make sure those services are activated

Security challenges posed by mobile devices Technical challenges in mobile security are: Managing the registry settings and configurations, Authentication service security, Cryptography security, Remote access server (RAS) security, Media player control security, Networking application program interface (API), security etc.

Registry Settings for Mobile Devices: Let us understand the issue of registry settings on mobile devices through an example: Microsoft Activesync is meant for synchronization with Windows-powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between Windows-powered PC and Windows mobile-powered device, enabling the transfer of applications such as Outlook information, Microsoft Office documents, pictures, music, videos and applications from a user's desktop to his/her device. In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and contacts updated wirelessly when they are away from their PCs. In this context, registry setting becomes an important issue given the ease with which various applications allow a free flow of information.

Authentication Service Security: There are two components of security in mobile computing : security of devices and security in networks. A secure network access involves authentication between the device and the base stations or Web servers. This is to ensure that only authenticated devices can be connected to the network for obtaining the requested services. No Malicious Code can impersonate the service provider to trick the device into doing something it does not mean to. Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull attacks and crash attacks. Authentication services security is important given the typical attacks on mobile devices through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking. Security measures in this scenario come from Wireless Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and development in 802.xx standards.

Attacks on Mobile/Cell Phones (Same as Book) Mobile Phone Theft: Mobile phones have become an integral part of everbody's life and the mobile phone has transformed from being a luxury to a bare necessity. Increase in the purchasing power and availability of numerous low cost handsets have also lead to an increase in mobile phone users. Theft of mobile phones has risen dramatically over the past few years. Since huge section of working population in India use public transport, major locations where theft occurs are bus stops, railway stations and traffic signals. Attacks on Cell phones increases because of increasing usage of cell phones and availability of internet using cell phones. Increasing demand of WiFi zones in Metropolitans & extensive usage of cell phones with the lack of awareness/knowledge about the vulnerabilities of the technology.

Attacks on Mobile/Cell Phones (Same as Book) Mobile Phone Theft: Contd ….. The following factors contribute for outbreaks on mobile devices: 1. Enough target terminals: The first Palm OS virus was seen after the number of Palm OS devices reached 15 million. The first instance of a mobile virus was observed during June 2004 when it was discovered that an organization " Ojam " had engineered an antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito. This virus sent SMS text messages to the organization without the users' knowledge.

Attacks on Mobile/Cell Phones (Same as Book) Mobile Phone Theft: Contd ….. 2. Enough functionality: Mobile devices are increasingly being equipped with office functionality and already carry critical data and applications, which are often protected insufficiently or not at all. The expanded functionality also increases the probability of malware. 3. Enough connectivity: Smartphones offer multiple communication options, such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore, unfortunately, the increased amount of freedom also offers more choices for virus writers.

Attacks on Mobile/Cell Phones (Same as Book) Mobile Viruses: Mobile Viruses Mishing : Mishing Vishing : Vishing Smishing : Smishing Hacking Bluetooth: Hacking Bluetooth

CS_UNIT 2(P3).pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

CS_UNIT 2(P3).pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......