SlideShare a Scribd company logo

Communication security 2021

Download as PPTX, PDF
M
MuhammadusmanRana10

Pegasus spyware, security, information technology, virus, malware, Secure phone design, Secure communication over GSM, Secure phone design software specifications, Pegasus spyware, Secure phone design hardware specifications, Custom encryption algorithms for security much like WhatsApp

Technology
1 of 21
Communication Security Muhammad Usman Rana Department of Computer Science COMSATS University, Islamabad, Pakistan Usman.amir90@gmail.com
Overview 1-Secure phone design 2-Secure communication over GSM 3-Secure phone design software specifications 4- Pegasus spyware 5-Secure phone design hardware specifications 6-Custom encryption algorithms for security much like WhatsApp
Introduction • If hackers target mobile devices, it's time to take phone security seriously. Mobile devices are as vulnerable as PCs, if not more so. Malware, social engineering, web attacks, network attacks, and physical theft are all threats. Be prepared, whether you are in charge of an organization's security or just want to safeguard your personal devices. Begin with security awareness training and policies, then move on to more technical countermeasures. still call the devices in our pockets “phones,” but they're so much more. Phones nowadays are networked computers with data storage and recording capabilities. Also, a photo gallery, a mobile bank and social network hub. That's fantastic! True, but all of these features make our phones prime targets for hackers. Since most of us don’t want to give up the ease of having all of our needs on one device, what can we do to stay safe?
Contrast between Value and Risk • Mobile apps may provide huge value to businesses.  – New types of applications using mobile capabilities such as GPS, camera, etc.  – Innovating applications for workers and consumers’ • There are several dangers associated with mobile devices and mobile apps.  – Inevitably, sensitive data is kept on the device (email, contacts)  – Connect to a variety of untrusted networks (carrier, WiFi) • The majority of developers are not qualified to create secure apps  – A fact of life, but slowly improving• • The majority of developers are inexperienced with developing mobile apps  - Different platforms have varying levels of security and capabilities.
Security Implications • In the end, you should be concerned with the system.  Application plus…  – 3rd party web services  – Enterprise services And so on. • Intruders may obtain unauthorized access in many ways.  Attacker steals or accesses a lost device  – Malicious application  – Attacker reverse engineers an application to access corporate resources  – And so on… • The most “interesting” weaknesses and vulnerabilities we find are in mobile applications’ interactions with supporting services
1-Phone protection steps, regardless of your operating system: • Set up fingerprint or facial scanning: Having a secure password (particularly anything like fingerprint/facial recognition) can keep your phone safe from anybody who finds it. • Use a VPNVPNs: allow you to securely connect to a private server rather than sharing it with everyone else on the public network. Your data is safer since it is encrypted as it moves between servers. • Encrypt data: If your device doesn't already have encryption enabled, you'll need to activate it. In order to prevent hackers from accessing your data while it is being sent from server to server, data encryption is used. • Set up remote erasing: This feature allows you to delete data from your phone even if you no longer own it. It's a fantastic security feature in case your phone is misplaced. Setting up remote wipe varies per device. This tutorial from Northern Michigan University's IT department will show you how to enable remote wipe on any device. • “Remote wiping is likely included in a device management software like Prey, along with additional features like tracking.” • “With Prey, you may remotely format your phone to ensure no sensitive data is accessible at any time. Wipe should only be done when recovering the device is less essential than protecting your data.”
2-Secure communication over GSM • Secure communication is a protective measure that should be taken to ensure the state of inviolability from hostile acts or influences. The ciphering algorithm used in GSM network is specifically designed to prevent unauthorized access and to protect confidentiality across the network; however, the encryption scheme is applied for ensuring traffic confidentiality only across the radio access channel. While the voice is transmitted in clear form over the core network in the form of PCM (Pulse Code Modulation) and ADPCM speech. Therefore, the GSM system is not able to provide the traffic end-to-end confidentiality between two communication parties and is completely vulnerable to several attacks like man-in-the-middle, interleaving and replay attacks. • GSM is essential in our everyday lives because to its availability, robustness, and dependability. GSM security is weak and vulnerable to assaults. One of the most significant problems is voice security via GSM. It is essential to have a solution that offers end-to-end secure speech assurance, even if the system provides minimal voice security via air connections using encryption. To make the conversation safe (end-to-end), the speech may be encrypted and sent via GSM. • Due to GSM voice channel technological limitations, it is difficult to utilise encrypted speech transmission over such an unsecured channel. The 4 kHz bandwidth of GSM voice channels restricts data speeds. A GSM channel takes 28–31 seconds to connect, of which 18 seconds are spent handshaking [3]. The GSM channel utilizes Automatic Repeat Request (ARP) for error detection and correction within a 300-3400 Hz bandwidth. Due to the restricted bandwidth, it is difficult to convert digital to analogue and send it across the channel.
Conti.... • GSM utilizes A5 encryption for voice calls. However, the A5 algorithm has several security flaws, and the A5/1 and A5/2 modes are considered compromised and unreliable for secure transmission. Thus, A5 cannot fully secure voice call for GSM users. Lesser control over encryption security is given to network providers and phone manufacturers. Because the encryption method is controlled by a third party, illegal access to a GSM voice channel may undermine call security. Thus, an independent external end-to-end solution for secure phone call transmission via GSM voice channel is required. Aside from the inherent technological constraints of the GSM voice channel, other factors such as cost, bandwidth, and delays must be considered.
3-Secure phone design software specifications Smartphone apps such as Android, iOS, and Windows Phone are subject to mobile application security. This includes apps for both phones and tablets. It includes evaluating applications' security in relation to the platforms, frameworks, and people they are intended to serve (e.g., employees vs. end users). Many businesses rely solely on mobile apps to connect with users worldwide.
5-Custom encryption algorithms for security much like WhatsApp • WhatsApp is a popular instant messaging application with over two billion users worldwide. India has approximately 12 million users on this Facebook-owned network, making it one of its largest marketplaces. With WhatsApp, messages are encrypted from end-to-end, so only the sender and recipient can see them. WhatsApp seems to be a safe and private chat app. However, In May of that year, WhatsApp disclosed that Pegasus had infected over 1,400 Android and iPhone phones in this manner, including those of government officials, journalists, and human rights activists. It quickly resolved the issue. Additionally, Pegasus exploits vulnerabilities in iMessage, granting it backdoor access to millions of iPhones. Additionally, spyware can be installed via a wireless transceiver (radio transmitter and receiver) near the target.
WhatsApp’s end-to-end encryption & Is WhatsApp's encryption secure? • WhatsApp implemented end-to-end encryption in 2016. All calls and messages sent to contacts using the newest version of the app are now end-to-end encrypted by default. End-to-end encryption is enabled by default. That means only you and the other person can read what you send, not WhatsApp. Your communications are locked, and only you and the receiver have the unique key to open and read them. Every communication you send has its own lock and key for extra security. No need to enable settings or create hidden conversations to protect your messages.” • Though WhatsApp's conversations and calls are protected by end-to-end encryption, there have been instances of software glitches leading to system breaches. In 2019, the NSO Group reportedly used a video chat to install spyware on a phone, using a malware program called Pegasus. The technology may enable hackers to install malware through video call, even if the victim never responded. WhatsApp sued the Israeli company, blaming it for the cyber-attacks.
• Pegasus spyware is a surveillance Software developed by Israeli cyber intelligence company NSO Group. This firm is known to build sophisticated software and technology for selling solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts, as claimed by the company. Pegasus is one such Software that is designed to get access to your phone without permission and collect personal and sensitive information and send it to the user that is spying on you. Pegasus?
Pegasus spyware: When was it first discovered? • Pegasus malware was first detected in an iOS version in 2016, and subsequently in a slightly modified form on Android in 2017. Kaspersky adds that one of the primary methods of infection in the early days was through SMS. The victim received an SMS with a link. If the user clicks on it, the malware is installed on their device. • Pegasus, on the other hand, has developed over the past half-decade from a primitive system dependent on social engineering to a piece of software capable of compromising a phone without the user clicking on a single link, or what the cyber world refers to as zero- click vulnerabilities.
Brief history of Pegasus 2016: Researchers at Canadian cybersecurity organization The Citizen Lab first encountered Pegasus on a smartphone of human rights activist Ahmed Mansoor. September 2018: The Citizen Lab published a report that identified 45 countries in which Pegasus was being used. As with the latest revelations, the list included India. October 2019: WhatsApp revealed that journalists and human rights activists in India had been targets of surveillance by operators using Pegasus. July 2021: The Pegasus Project, an international investigative journalism effort, revealed that various governments used the software to spy on government officials, opposition politicians, journalists, activists and many others. It said the Indian government used it to spy on around 300 people between 2017 and 2019.
How does it work? Pegasus takes advantage of previously unknown vulnerabilities, or bugs, in Android and iOS. This means that even if a phone has the most recent security patch installed, it may become infected. An earlier version of the spyware — from 2016 — infected smartphones through a technique known as "spear-fishing": text messages or emails containing a malicious link were sent to the target. It was conditional on the target clicking the link—a stipulation that was removed in subsequent versions. By 2019, Pegasus could infiltrate a device via a missed WhatsApp call and even delete the record of the missed call, obliterating the user's awareness of being targeted. In May of that year, WhatsApp disclosed that Pegasus had infected over 1,400 Android and iPhone phones in this manner, including those of government officials, journalists, and human rights activists. It quickly resolved the issue. Additionally, Pegasus exploits vulnerabilities in iMessage, granting it backdoor access to millions of iPhones. Additionally, spyware can be installed via a wireless transceiver (radio transmitter and receiver) in close proximity to the target.
Pegasus spyware: How does it infect a phone? According to the Organized Crime and Corruption Reporting Project (OCCRP), as the public became more aware of these tactics and improved their ability to identify malicious spam, a zero-click exploit solution was eventually discovered. Pegasus does not need the victim to do anything in order to compromise their device using this technique. Zero-click exploits take advantage of bugs in popular apps such as iMessage, WhatsApp, and FaceTime, which all receive and sort data from a variety of sources, including unknown ones. Once a vulnerability is discovered, Pegasus may infect a device through the app's protocol. The user is not required to click on a link, read a message, or respond to a call — in fact, they may not even notice a missed call or message. "It integrates with the majority of messaging systems, including Gmail, Facebook, WhatsApp, FaceTime, Viber, WeChat, and Telegram, as well as Apple's built-in messaging and email apps. With this lineup, nearly the whole world's population could be spied on. NSO is providing an intelligence agency as a service,” Timothy Summers, a former cyber engineer at a US intelligence agency, stated. Apart from zero-click exploits, OCCRP describes another technique called "network injections" for silently infiltrating a target's device. Without them clicking on a specially designed malicious link, a target's Web browsing can expose them to attack.
Pegasus spyware: How does it infect a phone? This strategy entails waiting for the target to visit an unsecure website as part of their regular online activities. When they click on an unprotected link, the NSO Group's software can gain access to the phone and initiate an infection. Amnesty International recently reported that the NSO Group's spyware has been used to infect newer iPhone models, specifically the iPhone 11 and iPhone 12. The spyware can masquerade as an application downloaded to an iPhone and transmit itself via Apple's servers as push notifications. Thousands of iPhone handsets may have been compromised as a result of the NSO spyware. Pegasus for Android, according to Kaspersky, does not rely on zero-day vulnerabilities. Rather than that, it employs a well-known rooting technique known as Frameproof. Another distinction is that if the iOS version fails to jailbreak the device, the entire attack will fail; however, if the Android version fails to obtain the necessary root access to install surveillance software, the malware will still attempt to directly ask the user for the permissions necessary to exfiltrate at least some data.
What can it do? Pegasus can intercept and steal almost any information on a phone after it is installed, including SMSes, contacts, call history, calendars, emails, and browser histories. It can record calls and other conversations using the microphone on your phone, covertly film you with its camera, or follow you using GPS.
NSO Group Pegasus Indicator of Compromise https://github.com/AmnestyTech/investigations/tree/master/2021- 07-18_nso Amnesty International researchers have created a method to determine if your phone has been compromised by malware. The Mobile Verification Toolkit (MVT) is designed to assist you in determining whether your device has been infected with Pegasus. While it is compatible with both Android and iOS devices, it currently requires some command line knowledge to operate. However, MVT may eventually get a graphical user interface (GUI).
Tips to Boost Mobile Security •Use PINs to lock your phone. Either use the longer numeric PIN or your face or finger to unlock the phone. The second or two delay is worth the extra security. As part of your Touch/Face ID and Passcode settings is an option to “erase data” after entering 10 incorrect PIN attempts. •Use additional security apps. Network Solutions has a Cyber Security Solution that bundles Lookout and SkOUT along with a VPN. There are also other free anti-malware products from Avira, Avast, ESET, Kaspersky and Sophos all have free AV for Android for example. And there are numerous free VPN providers, such as Proton VPN and Cloudflare’s Warp that are worth using too. •Use a password manager. Having a common repository of passwords among all your devices — and having complex and unique passwords — is a major improvement over shared and simple passwords. •Think before you connect to any public WiFi network. Don’t automatically connect to WiFi hotspots by name: hackers like to fool you into thinking that just because something is named “Starbucks WiFi” it’s safe. Apple makes a Configurator app that can be used to further lock down its devices: use it. “Ask to Join Networks” should always be set to the “Ask” option. •Always download apps from the official Google Play and Apple iTunes stores. Make sure you have connected properly before you click on that download link. And while you are checking, make sure you understand the app’s permissions and that they match what the app is doing. Some developers, such as the financial app Mint, actually go a step further and have a menu option in their apps that can show you their privacy policy too. •Turn on the Verify Apps feature on Android devices to prevent malicious or questionable apps from being downloaded. •Finally, update your device’s operating system when new versions are available. This is the best way to stay ahead of potential exploits found in older versions.
Get Proven Security with BlackBerry There are phones that say they are secure and then there are phones that live and breathe security. Phones with BlackBerry software or apps don’t just tack on security, it’s built-in. BlackBerry is trusted by thousands of companies and governments around the world to securely enable business on mobile. With BlackBerry, you can be confident that extra precautions are taken at both the hardware and software levels to protect your BlackBerry smartphone from malicious tampering. Security starts with the manufacturing process and stays with your smartphone from that point forward. When you boot up, each component of hardware and software is validated to ensure your device hasn’t been tampered with. Then your device is continuously monitored for events or changes that indicate a compromise to device security.

Recommended

Pegasus
PegasusPegasus
Pegasusdanjspaul
 
Lookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisLookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisAndrey Apuhtin
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsDarraghCommsec
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
Cyber security[1118]
Cyber security[1118]Cyber security[1118]
Cyber security[1118]MeeraNairJ
 
Authentication service security
Authentication service securityAuthentication service security
Authentication service securityG Prachi
 
Internet security
Internet securityInternet security
Internet securityTapan Khilar
 

Recommended

Pegasus
PegasusPegasus
Pegasusdanjspaul
 
Lookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisLookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisAndrey Apuhtin
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsDarraghCommsec
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
Cyber security[1118]
Cyber security[1118]Cyber security[1118]
Cyber security[1118]MeeraNairJ
 
Authentication service security
Authentication service securityAuthentication service security
Authentication service securityG Prachi
 
Internet security
Internet securityInternet security
Internet securityTapan Khilar
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Jobayer Almahmud Hossain (RHCA, RHCDS, RHCSS)
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Internet Security
Internet SecurityInternet Security
Internet SecurityPeter R. Egli
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
Smartphone security issues
Smartphone security issuesSmartphone security issues
Smartphone security issuesAleksandra Gavrilovska
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Billtrust
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smartKanha Sahu
 
Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information securityRashad Aliyev
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!EMBplc.com
 
Presentation on Cyber Security
Presentation on Cyber SecurityPresentation on Cyber Security
Presentation on Cyber SecurityAnand Kater
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeDepankar Chakrabarty
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 
Cn35499502
Cn35499502Cn35499502
Cn35499502IJERA Editor
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxGaytriDhingra1
 

More Related Content

What's hot

Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Billtrust
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smartKanha Sahu
 
Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information securityRashad Aliyev
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!EMBplc.com
 
Presentation on Cyber Security
Presentation on Cyber SecurityPresentation on Cyber Security
Presentation on Cyber SecurityAnand Kater
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 

What's hot (20)

Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )
 
Cyber security
Cyber securityCyber security
Cyber security
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
Smartphone security issues
Smartphone security issuesSmartphone security issues
Smartphone security issues
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smart
 
Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information security
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
 
Presentation on Cyber Security
Presentation on Cyber SecurityPresentation on Cyber Security
Presentation on Cyber Security
 
Network basic security
Network basic securityNetwork basic security
Network basic security
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application Hacking
 

Similar to Communication security 2021

Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
Security management systemofcellular_communication
Security management systemofcellular_communicationSecurity management systemofcellular_communication
Security management systemofcellular_communicationardhita banu adji
 
A Survey on Communication for Smartphone
A Survey on Communication for SmartphoneA Survey on Communication for Smartphone
A Survey on Communication for SmartphoneEditor IJMTER
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Moon Technolabs Pvt. Ltd.
 
How to Secure Your Mobile Commerce App.pdf
How to Secure Your Mobile Commerce App.pdfHow to Secure Your Mobile Commerce App.pdf
How to Secure Your Mobile Commerce App.pdfOZONESOFT Solutions
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network securityAnkit Anand
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking securityFlowroute
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and securityAkhil Kumar
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptxManojMudhiraj3
 

Similar to Communication security 2021 (20)

Cn35499502
Cn35499502Cn35499502
Cn35499502
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Security management systemofcellular_communication
Security management systemofcellular_communicationSecurity management systemofcellular_communication
Security management systemofcellular_communication
 
A Survey on Communication for Smartphone
A Survey on Communication for SmartphoneA Survey on Communication for Smartphone
A Survey on Communication for Smartphone
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
How to Secure Your Mobile Commerce App.pdf
How to Secure Your Mobile Commerce App.pdfHow to Secure Your Mobile Commerce App.pdf
How to Secure Your Mobile Commerce App.pdf
 
B010331019
B010331019B010331019
B010331019
 
Most Secure Messaging Apps.pdf
Most Secure Messaging Apps.pdfMost Secure Messaging Apps.pdf
Most Secure Messaging Apps.pdf
 
End end-security
End end-securityEnd end-security
End end-security
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking security
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and security
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
MIS (1).pptx
MIS (1).pptxMIS (1).pptx
MIS (1).pptx
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptx
 
Protecting Americas Next Generation Networks
Protecting Americas Next Generation NetworksProtecting Americas Next Generation Networks
Protecting Americas Next Generation Networks
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Communication security 2021

  • 1. Communication Security Muhammad Usman Rana Department of Computer Science COMSATS University, Islamabad, Pakistan Usman.amir90@gmail.com
  • 2. Overview 1-Secure phone design 2-Secure communication over GSM 3-Secure phone design software specifications 4- Pegasus spyware 5-Secure phone design hardware specifications 6-Custom encryption algorithms for security much like WhatsApp
  • 3. Introduction • If hackers target mobile devices, it's time to take phone security seriously. Mobile devices are as vulnerable as PCs, if not more so. Malware, social engineering, web attacks, network attacks, and physical theft are all threats. Be prepared, whether you are in charge of an organization's security or just want to safeguard your personal devices. Begin with security awareness training and policies, then move on to more technical countermeasures. still call the devices in our pockets “phones,” but they're so much more. Phones nowadays are networked computers with data storage and recording capabilities. Also, a photo gallery, a mobile bank and social network hub. That's fantastic! True, but all of these features make our phones prime targets for hackers. Since most of us don’t want to give up the ease of having all of our needs on one device, what can we do to stay safe?
  • 4. Contrast between Value and Risk • Mobile apps may provide huge value to businesses.  – New types of applications using mobile capabilities such as GPS, camera, etc.  – Innovating applications for workers and consumers’ • There are several dangers associated with mobile devices and mobile apps.  – Inevitably, sensitive data is kept on the device (email, contacts)  – Connect to a variety of untrusted networks (carrier, WiFi) • The majority of developers are not qualified to create secure apps  – A fact of life, but slowly improving• • The majority of developers are inexperienced with developing mobile apps  - Different platforms have varying levels of security and capabilities.
  • 5. Security Implications • In the end, you should be concerned with the system.  Application plus…  – 3rd party web services  – Enterprise services And so on. • Intruders may obtain unauthorized access in many ways.  Attacker steals or accesses a lost device  – Malicious application  – Attacker reverse engineers an application to access corporate resources  – And so on… • The most “interesting” weaknesses and vulnerabilities we find are in mobile applications’ interactions with supporting services
  • 6. 1-Phone protection steps, regardless of your operating system: • Set up fingerprint or facial scanning: Having a secure password (particularly anything like fingerprint/facial recognition) can keep your phone safe from anybody who finds it. • Use a VPNVPNs: allow you to securely connect to a private server rather than sharing it with everyone else on the public network. Your data is safer since it is encrypted as it moves between servers. • Encrypt data: If your device doesn't already have encryption enabled, you'll need to activate it. In order to prevent hackers from accessing your data while it is being sent from server to server, data encryption is used. • Set up remote erasing: This feature allows you to delete data from your phone even if you no longer own it. It's a fantastic security feature in case your phone is misplaced. Setting up remote wipe varies per device. This tutorial from Northern Michigan University's IT department will show you how to enable remote wipe on any device. • “Remote wiping is likely included in a device management software like Prey, along with additional features like tracking.” • “With Prey, you may remotely format your phone to ensure no sensitive data is accessible at any time. Wipe should only be done when recovering the device is less essential than protecting your data.”
  • 7. 2-Secure communication over GSM • Secure communication is a protective measure that should be taken to ensure the state of inviolability from hostile acts or influences. The ciphering algorithm used in GSM network is specifically designed to prevent unauthorized access and to protect confidentiality across the network; however, the encryption scheme is applied for ensuring traffic confidentiality only across the radio access channel. While the voice is transmitted in clear form over the core network in the form of PCM (Pulse Code Modulation) and ADPCM speech. Therefore, the GSM system is not able to provide the traffic end-to-end confidentiality between two communication parties and is completely vulnerable to several attacks like man-in-the-middle, interleaving and replay attacks. • GSM is essential in our everyday lives because to its availability, robustness, and dependability. GSM security is weak and vulnerable to assaults. One of the most significant problems is voice security via GSM. It is essential to have a solution that offers end-to-end secure speech assurance, even if the system provides minimal voice security via air connections using encryption. To make the conversation safe (end-to-end), the speech may be encrypted and sent via GSM. • Due to GSM voice channel technological limitations, it is difficult to utilise encrypted speech transmission over such an unsecured channel. The 4 kHz bandwidth of GSM voice channels restricts data speeds. A GSM channel takes 28–31 seconds to connect, of which 18 seconds are spent handshaking [3]. The GSM channel utilizes Automatic Repeat Request (ARP) for error detection and correction within a 300-3400 Hz bandwidth. Due to the restricted bandwidth, it is difficult to convert digital to analogue and send it across the channel.
  • 8. Conti.... • GSM utilizes A5 encryption for voice calls. However, the A5 algorithm has several security flaws, and the A5/1 and A5/2 modes are considered compromised and unreliable for secure transmission. Thus, A5 cannot fully secure voice call for GSM users. Lesser control over encryption security is given to network providers and phone manufacturers. Because the encryption method is controlled by a third party, illegal access to a GSM voice channel may undermine call security. Thus, an independent external end-to-end solution for secure phone call transmission via GSM voice channel is required. Aside from the inherent technological constraints of the GSM voice channel, other factors such as cost, bandwidth, and delays must be considered.
  • 9. 3-Secure phone design software specifications Smartphone apps such as Android, iOS, and Windows Phone are subject to mobile application security. This includes apps for both phones and tablets. It includes evaluating applications' security in relation to the platforms, frameworks, and people they are intended to serve (e.g., employees vs. end users). Many businesses rely solely on mobile apps to connect with users worldwide.
  • 10. 5-Custom encryption algorithms for security much like WhatsApp • WhatsApp is a popular instant messaging application with over two billion users worldwide. India has approximately 12 million users on this Facebook-owned network, making it one of its largest marketplaces. With WhatsApp, messages are encrypted from end-to-end, so only the sender and recipient can see them. WhatsApp seems to be a safe and private chat app. However, In May of that year, WhatsApp disclosed that Pegasus had infected over 1,400 Android and iPhone phones in this manner, including those of government officials, journalists, and human rights activists. It quickly resolved the issue. Additionally, Pegasus exploits vulnerabilities in iMessage, granting it backdoor access to millions of iPhones. Additionally, spyware can be installed via a wireless transceiver (radio transmitter and receiver) near the target.
  • 11. WhatsApp’s end-to-end encryption & Is WhatsApp's encryption secure? • WhatsApp implemented end-to-end encryption in 2016. All calls and messages sent to contacts using the newest version of the app are now end-to-end encrypted by default. End-to-end encryption is enabled by default. That means only you and the other person can read what you send, not WhatsApp. Your communications are locked, and only you and the receiver have the unique key to open and read them. Every communication you send has its own lock and key for extra security. No need to enable settings or create hidden conversations to protect your messages.” • Though WhatsApp's conversations and calls are protected by end-to-end encryption, there have been instances of software glitches leading to system breaches. In 2019, the NSO Group reportedly used a video chat to install spyware on a phone, using a malware program called Pegasus. The technology may enable hackers to install malware through video call, even if the victim never responded. WhatsApp sued the Israeli company, blaming it for the cyber-attacks.
  • 12. • Pegasus spyware is a surveillance Software developed by Israeli cyber intelligence company NSO Group. This firm is known to build sophisticated software and technology for selling solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts, as claimed by the company. Pegasus is one such Software that is designed to get access to your phone without permission and collect personal and sensitive information and send it to the user that is spying on you. Pegasus?
  • 13. Pegasus spyware: When was it first discovered? • Pegasus malware was first detected in an iOS version in 2016, and subsequently in a slightly modified form on Android in 2017. Kaspersky adds that one of the primary methods of infection in the early days was through SMS. The victim received an SMS with a link. If the user clicks on it, the malware is installed on their device. • Pegasus, on the other hand, has developed over the past half-decade from a primitive system dependent on social engineering to a piece of software capable of compromising a phone without the user clicking on a single link, or what the cyber world refers to as zero- click vulnerabilities.
  • 14. Brief history of Pegasus 2016: Researchers at Canadian cybersecurity organization The Citizen Lab first encountered Pegasus on a smartphone of human rights activist Ahmed Mansoor. September 2018: The Citizen Lab published a report that identified 45 countries in which Pegasus was being used. As with the latest revelations, the list included India. October 2019: WhatsApp revealed that journalists and human rights activists in India had been targets of surveillance by operators using Pegasus. July 2021: The Pegasus Project, an international investigative journalism effort, revealed that various governments used the software to spy on government officials, opposition politicians, journalists, activists and many others. It said the Indian government used it to spy on around 300 people between 2017 and 2019.
  • 15. How does it work? Pegasus takes advantage of previously unknown vulnerabilities, or bugs, in Android and iOS. This means that even if a phone has the most recent security patch installed, it may become infected. An earlier version of the spyware — from 2016 — infected smartphones through a technique known as "spear-fishing": text messages or emails containing a malicious link were sent to the target. It was conditional on the target clicking the link—a stipulation that was removed in subsequent versions. By 2019, Pegasus could infiltrate a device via a missed WhatsApp call and even delete the record of the missed call, obliterating the user's awareness of being targeted. In May of that year, WhatsApp disclosed that Pegasus had infected over 1,400 Android and iPhone phones in this manner, including those of government officials, journalists, and human rights activists. It quickly resolved the issue. Additionally, Pegasus exploits vulnerabilities in iMessage, granting it backdoor access to millions of iPhones. Additionally, spyware can be installed via a wireless transceiver (radio transmitter and receiver) in close proximity to the target.
  • 16. Pegasus spyware: How does it infect a phone? According to the Organized Crime and Corruption Reporting Project (OCCRP), as the public became more aware of these tactics and improved their ability to identify malicious spam, a zero-click exploit solution was eventually discovered. Pegasus does not need the victim to do anything in order to compromise their device using this technique. Zero-click exploits take advantage of bugs in popular apps such as iMessage, WhatsApp, and FaceTime, which all receive and sort data from a variety of sources, including unknown ones. Once a vulnerability is discovered, Pegasus may infect a device through the app's protocol. The user is not required to click on a link, read a message, or respond to a call — in fact, they may not even notice a missed call or message. "It integrates with the majority of messaging systems, including Gmail, Facebook, WhatsApp, FaceTime, Viber, WeChat, and Telegram, as well as Apple's built-in messaging and email apps. With this lineup, nearly the whole world's population could be spied on. NSO is providing an intelligence agency as a service,” Timothy Summers, a former cyber engineer at a US intelligence agency, stated. Apart from zero-click exploits, OCCRP describes another technique called "network injections" for silently infiltrating a target's device. Without them clicking on a specially designed malicious link, a target's Web browsing can expose them to attack.
  • 17. Pegasus spyware: How does it infect a phone? This strategy entails waiting for the target to visit an unsecure website as part of their regular online activities. When they click on an unprotected link, the NSO Group's software can gain access to the phone and initiate an infection. Amnesty International recently reported that the NSO Group's spyware has been used to infect newer iPhone models, specifically the iPhone 11 and iPhone 12. The spyware can masquerade as an application downloaded to an iPhone and transmit itself via Apple's servers as push notifications. Thousands of iPhone handsets may have been compromised as a result of the NSO spyware. Pegasus for Android, according to Kaspersky, does not rely on zero-day vulnerabilities. Rather than that, it employs a well-known rooting technique known as Frameproof. Another distinction is that if the iOS version fails to jailbreak the device, the entire attack will fail; however, if the Android version fails to obtain the necessary root access to install surveillance software, the malware will still attempt to directly ask the user for the permissions necessary to exfiltrate at least some data.
  • 18. What can it do? Pegasus can intercept and steal almost any information on a phone after it is installed, including SMSes, contacts, call history, calendars, emails, and browser histories. It can record calls and other conversations using the microphone on your phone, covertly film you with its camera, or follow you using GPS.
  • 19. NSO Group Pegasus Indicator of Compromise https://github.com/AmnestyTech/investigations/tree/master/2021- 07-18_nso Amnesty International researchers have created a method to determine if your phone has been compromised by malware. The Mobile Verification Toolkit (MVT) is designed to assist you in determining whether your device has been infected with Pegasus. While it is compatible with both Android and iOS devices, it currently requires some command line knowledge to operate. However, MVT may eventually get a graphical user interface (GUI).
  • 20. Tips to Boost Mobile Security •Use PINs to lock your phone. Either use the longer numeric PIN or your face or finger to unlock the phone. The second or two delay is worth the extra security. As part of your Touch/Face ID and Passcode settings is an option to “erase data” after entering 10 incorrect PIN attempts. •Use additional security apps. Network Solutions has a Cyber Security Solution that bundles Lookout and SkOUT along with a VPN. There are also other free anti-malware products from Avira, Avast, ESET, Kaspersky and Sophos all have free AV for Android for example. And there are numerous free VPN providers, such as Proton VPN and Cloudflare’s Warp that are worth using too. •Use a password manager. Having a common repository of passwords among all your devices — and having complex and unique passwords — is a major improvement over shared and simple passwords. •Think before you connect to any public WiFi network. Don’t automatically connect to WiFi hotspots by name: hackers like to fool you into thinking that just because something is named “Starbucks WiFi” it’s safe. Apple makes a Configurator app that can be used to further lock down its devices: use it. “Ask to Join Networks” should always be set to the “Ask” option. •Always download apps from the official Google Play and Apple iTunes stores. Make sure you have connected properly before you click on that download link. And while you are checking, make sure you understand the app’s permissions and that they match what the app is doing. Some developers, such as the financial app Mint, actually go a step further and have a menu option in their apps that can show you their privacy policy too. •Turn on the Verify Apps feature on Android devices to prevent malicious or questionable apps from being downloaded. •Finally, update your device’s operating system when new versions are available. This is the best way to stay ahead of potential exploits found in older versions.
  • 21. Get Proven Security with BlackBerry There are phones that say they are secure and then there are phones that live and breathe security. Phones with BlackBerry software or apps don’t just tack on security, it’s built-in. BlackBerry is trusted by thousands of companies and governments around the world to securely enable business on mobile. With BlackBerry, you can be confident that extra precautions are taken at both the hardware and software levels to protect your BlackBerry smartphone from malicious tampering. Security starts with the manufacturing process and stays with your smartphone from that point forward. When you boot up, each component of hardware and software is validated to ensure your device hasn’t been tampered with. Then your device is continuously monitored for events or changes that indicate a compromise to device security.