SlideShare a Scribd company logo

CS_UNIT 2(P3).pptx

Download as PPTX, PDF
G
GaytriDhingra1

This document discusses security challenges posed by mobile devices. It begins by outlining three main types of threats: application-based threats like malware and spyware; web-based threats like phishing and drive-by downloads; and network-based threats when using public WiFi. Application-based threats occur when malicious apps steal data or request unnecessary permissions. Web-based threats happen through compromised websites that download malware. Network-based threats risk intercepting unencrypted data on public WiFi networks. The document provides examples for each threat type and recommends mitigation strategies like mobile application management, secure web browsing practices, and VPNs for public networks. Managing a variety of personal and company-owned devices poses additional challenges to

1 of 27
UNIT 2  Credit Card Frauds in Mobile & Wireless Computing Era  Security Challenges  Registry Settings for Mobile Devices  Authentication Service Security  Attacks on Mobile/Cell Phones
 Trends in Mobility  In the past two decades, we’ve not only cut the cord between our phones and the wall, but we have gained the ability to stream video, play games, and access the web from what has essentially become a powerful handheld computer. 5G will push those capabilities to the next level.  Since the late 1970s, the ability to communicate with others using a device that is untethered to a wire has changed the way people interact, whether they are located across the street or in another country. Prior to the introduction of cellular technology, ham shortwave and FM radios provided two-way communication to those willing to learn Morse code and obtain a license. Citizens band (CB) radios offered up to 20-mile links and became wildly popular with the mass market in the early to mid-1960s. However, weather conditions and time of day had a major influence on reliability of ham radio links, while transmission power limits and chatty enthusiasts reduced the usefulness of CB.
 The industry needed a system that consumed little energy to enable small portable devices to operate on battery power. Cellular phones evolved to meet this need. Rather than adopt a point-to-point long-distance strategy, cellular phones link to a grid of local relay base stations.  A progression of enhanced technical standards enabled compatibility among devices and opened the door to development of a rapidly expanding market. Efficient network management was the other key to development of advanced cellular communication systems in terms of speed, reliability, latency, capacity, and additional features.
 The first generation of mobile networks, dubbed 1G, was introduced in Japan in 1979. It offered analog 2.4Kb/s with limited coverage and no roaming support. In 1991, 2G employed digital signaling to bump the speed to 64Kb/s and used the Global System for Mobile Communications (GSM) standard for improved voice fidelity and reliability. It also ushered in the ability to send text messages and photos. 3G was introduced in 2001 and harmonized global standards, along with 256Kb/s speed. Additional functions included video conferencing, streaming, and Voice over Internet Protocol (VoIP). The fourth and most common generation in use today, 4G Long-Term Evolution (LTE), can deliver speeds to 1Gb/s for high-definition video, web access, and gaming applications.  We are now on the cusp of 5G, which is designed to support the escalating demands of a universe of Internet of Things (IoT), explosion of consumer video, telemedicine, telework, and future autonomous transportation. In addition to a 10 times to as much as 100 times increase in speed, latency will be dramatically reduced. The ability to support many more connected devices with greater network efficiency and reduced latency is driving the transition to 5G.
Credit Card Frauds & Wireless Computing Era Types of Credit Card Frauds  Traditional Techniques:  paper based fraud – criminal uses stolen or fake documents, to open an account in someone else’s name.  can be divided into ID theft  Financial fraud  illegal use of lost or stolen card  Modern Techniques:  enable criminals to produce fake or doctored cards.  Skimming process 1. Triangulation 2. Credit Card Generators (From Book)
Triangulation Method - aim to create great deal of confusion for the authorities.
Main challenges involved in credit card fraud detection are:  Enormous Data is processed every day and the model build must be fast enough to respond to the scam in time.  Imbalanced Data i.e most of the transactions (99.8%) are not fraudulent which makes it really hard for detecting the fraudulent ones  Data availability as the data is mostly private.  Misclassified Data can be another major issue, as not every fraudulent transaction is caught and reported.  Adaptive techniques used against the model by the scammers.
Security challenges posed by mobile devices (FROM PPT) Mobility brings two main challenges to cyber security: first, on the hand-held devices, information is being taken outside the physically controlled environment. and Second, remote access back to the protected environment is being granted. The importance of providing employees with remote access and the ability to work from anywhere means that organizations need to implement tools that increase the security of mobile devices. Mobile phone security threats generally include application based, web-based, network-based, physical threats (or challenges) and technical challenges.
Security challenges posed by mobile devices 1. Application based threat: Application-based threats happen when people download apps that look legitimate but actually skim data from their device. Even legitimate apps often request more permission than needed to perform their function, which can expose more data than necessary. Examples are spyware and malware that steal personal and business information without people realizing it’s happening. These threats also includes Data Leakage via Malicious Apps (as hackers can easily find an unprotected mobile app and use that unprotected app to design larger attacks or steal data, digital wallets, backend details, and other juicy bits directly from the app) and Zero Day Vulnerabilities (zero-day vulnerabilities that left its devices open for spyware attacks and released a patch to protect users against these vulnerabilities. A software vulnerability discovered by attackers before the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed)
Security challenges posed by mobile devices 1. Application based threat: Contd…. The best way to protect your organization against data leakage (or App based threats) through malicious or unsecured applications is by using mobile application management (MAM) tools. These tools allow IT admins to manage corporate apps (wipe or control access permissions) on their employees’ devices without disrupting employees’ personal apps or data.
Security challenges posed by mobile devices 2. Web based threat: Web-based threats are subtle and tend to go unnoticed. They happen when people visit affected sites that seem fine on the front-end but, in reality, automatically download malicious content onto devices. Examples: Phishing Scams Social Engineering Drive By Downloads Operating System Flaws
Security challenges posed by mobile devices 2. Web based threat: Contd… Social Engineering Social engineering attacks are when bad actors send fake emails (phishing attacks) or text messages (smishing attacks) to your employees in an effort to trick them into handing over private information like their passwords or downloading malware onto their devices. Drive By Downloads Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device. Operating System Flaws Operating system (OS) vulnerabilities are exposures within an OS that allow cyber attackers to cause damage on any device where the OS is installed. Large numbers of mobile devices are not kept up to date with operating system releases. Out of date operating systems mean devices are vulnerable to security threats that are patched in the later versions. Mobile security requires continuous work to find and patch vulnerabilities that bad actors use to gain unauthorized access to your systems and data.
Security challenges posed by mobile devices 2. Web based threat: Contd… Tips to Combat Web based threats  The best defense for phishing and other social engineering attacks is to teach employees how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to them altogether.  Reducing the number of people who have access to sensitive data or systems can also help protect your organization against social engineering attacks because it reduces the number of access points attackers have to gain access to critical systems or information.  Only use your computer’s admin account for program installations. Keep your web browser and operating system up to date. Be wary of keeping too many unnecessary programs and apps. Always avoid websites that may contain malicious code. Carefully read and examine security popups on the web before clicking. Use Ad-Blocker
Security challenges posed by mobile devices 3. Network-based threat: Network-based threats are especially common and risky because cybercriminals can steal unencrypted data while people use public WiFi networks. Users often rely on public Wi-Fi to stay connected when they work outside the office. These unsecured Wi-Fi networks can allow malware to be installed on devices or eavesdroppers to intercept data. Public WiFi networks are generally less secure than private networks because there’s no way to know who set the network up, how (or if) it’s secured with encryption, or who is currently accessing it or monitoring it. And as more companies offer remote work options, the public WiFi networks your employees use to access your servers (e.g., from coffee shops or cafes) could present a risk to your organization. For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data that passes through their system (a “man in the middle” attack). Examples: •Network Exploits •WiFi Sniffing •Packet Sniffing •BYOD (Bring Your Own Device)
Security challenges posed by mobile devices 3. Network-based threat: Contd…. There’s no single standard for mobile devices, especially when you allow BYOD rather than supplying the devices. Because of the variety of devices and operating systems, it’s difficult to apply controls consistently to ensure the safety of all of them.
Security challenges posed by mobile devices 3. Network-based threat: Contd…. Tips to Combat The best way for you to protect your organization against threats over public WiFi networks is by requiring employees to use a VPN to access company systems or files. This will ensure that their session stays private and secure, even if they use a public network to access your systems.
Security challenges posed by mobile devices 4. Physical Threats: Physical threats to mobile devices most commonly refer to the loss or theft of a device. Because hackers have direct access to the hardware where private data is stored, this threat is especially dangerous to enterprises. Example - Loss/Theft: Loss or theft is the most unwanted physical threat to the security of your mobile device. Any devices itself has value and can be sold on the secondary market after all your information is stolen and sold. Tips to Combat First and foremost, you’ll want to ensure employees know what steps to take if they lose their device. Since most devices come with remote access to delete or transfer information, that should include asking employees to make sure those services are activated
Security challenges posed by mobile devices 5. Technical challenges in mobile security are:  Managing the registry settings and configurations,  Authentication service security,  Cryptography security,  Remote access server (RAS) security, Media player control security, Networking application program interface (API), security etc.
Registry Settings for Mobile Devices: Let us understand the issue of registry settings on mobile devices through an example: Microsoft Activesync is meant for synchronization with Windows-powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between Windows-powered PC and Windows mobile-powered device, enabling the transfer of applications such as Outlook information, Microsoft Office documents, pictures, music, videos and applications from a user's desktop to his/her device. In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and contacts updated wirelessly when they are away from their PCs. In this context, registry setting becomes an important issue given the ease with which various applications allow a free flow of information.
Authentication Service Security: There are two components of security in mobile computing: 1. security of devices and 2. security in networks. A secure network access involves authentication between the device and the base stations or Web servers. This is to ensure that only authenticated devices can be connected to the network for obtaining the requested services. No Malicious Code can impersonate the service provider to trick the device into doing something it does not mean to. Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull attacks and crash attacks. Authentication services security is important given the typical attacks on mobile devices through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking. Security measures in this scenario come from Wireless Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and development in 802.xx standards.
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Mobile phones have become an integral part of everbody's life and the mobile phone has transformed from being a luxury to a bare necessity. Increase in the purchasing power and availability of numerous low cost handsets have also lead to an increase in mobile phone users. Theft of mobile phones has risen dramatically over the past few years. Since huge section of working population in India use public transport, major locations where theft occurs are bus stops, railway stations and traffic signals. Attacks on Cell phones increases because of  increasing usage of cell phones and availability of internet using cell phones.  Increasing demand of WiFi zones in Metropolitans & extensive usage of cell phones with the lack of awareness/knowledge about the vulnerabilities of the technology.
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. The following factors contribute for outbreaks on mobile devices: 1. Enough target terminals: The first Palm OS virus was seen after the number of Palm OS devices reached 15 million. The first instance of a mobile virus was observed during June 2004 when it was discovered that an organization "Ojam" had engineered an antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito. This virus sent SMS text messages to the organization without the users' knowledge.
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. 2. Enough functionality: Mobile devices are increasingly being equipped with office functionality and already carry critical data and applications, which are often protected insufficiently or not at all. The expanded functionality also increases the probability of malware. 3. Enough connectivity: Smartphones offer multiple communication options, such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore, unfortunately, the increased amount of freedom also offers more choices for virus writers.
Attacks on Mobile/Cell Phones (Same as Book) 2. Mobile Viruses: Mobile Viruses 3. Mishing: Mishing 4. Vishing: Vishing 5. Smishing: Smishing 6. Hacking Bluetooth: Hacking Bluetooth

Recommended

Presentation On Steganography
Presentation On SteganographyPresentation On Steganography
Presentation On Steganography
TeachMission
 
Mobile computing security
Mobile computing securityMobile computing security
Mobile computing security
Zachariah Pabi
 
Image Encryption in java ppt.
Image Encryption in java ppt.Image Encryption in java ppt.
Image Encryption in java ppt.
Pradeep Vishwakarma
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
Tapan Khilar
 
Wireless network ppt
Wireless network pptWireless network ppt
Wireless network ppt
Basil John
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
Stephen Lahanas
 
Steganography - The art of hiding data
Steganography - The art of hiding dataSteganography - The art of hiding data
Steganography - The art of hiding data
Sarin Thapa
 

Recommended

Presentation On Steganography
Presentation On SteganographyPresentation On Steganography
Presentation On Steganography
TeachMission
 
Mobile computing security
Mobile computing securityMobile computing security
Mobile computing security
Zachariah Pabi
 
Image Encryption in java ppt.
Image Encryption in java ppt.Image Encryption in java ppt.
Image Encryption in java ppt.
Pradeep Vishwakarma
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
Tapan Khilar
 
Wireless network ppt
Wireless network pptWireless network ppt
Wireless network ppt
Basil John
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
Stephen Lahanas
 
Steganography - The art of hiding data
Steganography - The art of hiding dataSteganography - The art of hiding data
Steganography - The art of hiding data
Sarin Thapa
 
Steganography final report
Steganography final reportSteganography final report
Steganography final report
ABHIJEET KHIRE
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
Geo Marian
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
Ankit Anand
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
Ramya Nellutla
 
Cryptography
CryptographyCryptography
Cryptography
Shivanand Arur
 
Image encryption and decryption
Image encryption and decryptionImage encryption and decryption
Image encryption and decryption
Aashish R
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
RajKumar Rampelli
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Active and Passive Network Attacks
Active and Passive Network AttacksActive and Passive Network Attacks
Active and Passive Network Attacks
Pradipta Poudel
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
Krishna Gehlot
 
Steganography ProjectReport
Steganography ProjectReportSteganography ProjectReport
Steganography ProjectReport
ekta sharma
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
Soham Kansodaria
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Ch5
Ch5Ch5
Ch5
Ronak Patel
 
Digital Image Watermarking
Digital Image WatermarkingDigital Image Watermarking
Digital Image Watermarking
Pralin Pavithran
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
rajakhurram
 
CCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security ConfigurationCCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security Configuration
Mukesh Chinta
 
Amps
AmpsAmps
Amps
Sri Manakula Vinayagar Engineering College
 
Mobile security
Mobile securityMobile security
Mobile security
Naveen Kumar
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
Devam Shah
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
IJERA Editor
 

More Related Content

What's hot

Steganography final report
Steganography final reportSteganography final report
Steganography final report
ABHIJEET KHIRE
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
Geo Marian
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
Ankit Anand
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
Ramya Nellutla
 
Cryptography
CryptographyCryptography
Cryptography
Shivanand Arur
 
Image encryption and decryption
Image encryption and decryptionImage encryption and decryption
Image encryption and decryption
Aashish R
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
RajKumar Rampelli
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Active and Passive Network Attacks
Active and Passive Network AttacksActive and Passive Network Attacks
Active and Passive Network Attacks
Pradipta Poudel
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
Krishna Gehlot
 
Steganography ProjectReport
Steganography ProjectReportSteganography ProjectReport
Steganography ProjectReport
ekta sharma
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
Soham Kansodaria
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Ch5
Ch5Ch5
Ch5
Ronak Patel
 
Digital Image Watermarking
Digital Image WatermarkingDigital Image Watermarking
Digital Image Watermarking
Pralin Pavithran
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
rajakhurram
 
CCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security ConfigurationCCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security Configuration
Mukesh Chinta
 
Amps
AmpsAmps
Amps
Sri Manakula Vinayagar Engineering College
 
Mobile security
Mobile securityMobile security
Mobile security
Naveen Kumar
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
Devam Shah
 

What's hot (20)

Steganography final report
Steganography final reportSteganography final report
Steganography final report
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Cryptography
CryptographyCryptography
Cryptography
 
Image encryption and decryption
Image encryption and decryptionImage encryption and decryption
Image encryption and decryption
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
 
Active and Passive Network Attacks
Active and Passive Network AttacksActive and Passive Network Attacks
Active and Passive Network Attacks
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
Steganography ProjectReport
Steganography ProjectReportSteganography ProjectReport
Steganography ProjectReport
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Ch5
Ch5Ch5
Ch5
 
Digital Image Watermarking
Digital Image WatermarkingDigital Image Watermarking
Digital Image Watermarking
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
CCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security ConfigurationCCNA-2 SRWE Mod-11 Switch Security Configuration
CCNA-2 SRWE Mod-11 Switch Security Configuration
 
Amps
AmpsAmps
Amps
 
Mobile security
Mobile securityMobile security
Mobile security
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 

Similar to CS_UNIT 2(P3).pptx

Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
IJERA Editor
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
kostikjaylonshaewe47
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
IBM Software India
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
Icomm Technologies
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
acijjournal
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
IRJET Journal
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
 
Protecting Americas Next Generation Networks
Protecting Americas Next Generation NetworksProtecting Americas Next Generation Networks
Protecting Americas Next Generation Networks
Digital Policy and Law Consulting
 
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
ijccsa
 
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
ijccsa
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
Imaging Network Technology, LLC
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
Elanthendral Mariappan
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
BryCunal
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
UthsoNandy
 
Information security
Information securityInformation security
Information security
Appin Faridabad
 
L017326972
L017326972L017326972
L017326972
IOSR Journals
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
iosrjce
 
C018131821
C018131821C018131821
C018131821
IOSR Journals
 

Similar to CS_UNIT 2(P3).pptx (20)

Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Protecting Americas Next Generation Networks
Protecting Americas Next Generation NetworksProtecting Americas Next Generation Networks
Protecting Americas Next Generation Networks
 
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
 
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Information security
Information securityInformation security
Information security
 
L017326972
L017326972L017326972
L017326972
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
 
C018131821
C018131821C018131821
C018131821
 

Recently uploaded

Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5
sayalidalavi006
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
simonomuemu
 
Life upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for studentLife upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for student
NgcHiNguyn25
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
RitikBhardwaj56
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
 
Life upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for studentLife upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for student
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 

CS_UNIT 2(P3).pptx

  • 1. UNIT 2  Credit Card Frauds in Mobile & Wireless Computing Era  Security Challenges  Registry Settings for Mobile Devices  Authentication Service Security  Attacks on Mobile/Cell Phones
  • 2.  Trends in Mobility  In the past two decades, we’ve not only cut the cord between our phones and the wall, but we have gained the ability to stream video, play games, and access the web from what has essentially become a powerful handheld computer. 5G will push those capabilities to the next level.  Since the late 1970s, the ability to communicate with others using a device that is untethered to a wire has changed the way people interact, whether they are located across the street or in another country. Prior to the introduction of cellular technology, ham shortwave and FM radios provided two-way communication to those willing to learn Morse code and obtain a license. Citizens band (CB) radios offered up to 20-mile links and became wildly popular with the mass market in the early to mid-1960s. However, weather conditions and time of day had a major influence on reliability of ham radio links, while transmission power limits and chatty enthusiasts reduced the usefulness of CB.
  • 3.
  • 4.  The industry needed a system that consumed little energy to enable small portable devices to operate on battery power. Cellular phones evolved to meet this need. Rather than adopt a point-to-point long-distance strategy, cellular phones link to a grid of local relay base stations.  A progression of enhanced technical standards enabled compatibility among devices and opened the door to development of a rapidly expanding market. Efficient network management was the other key to development of advanced cellular communication systems in terms of speed, reliability, latency, capacity, and additional features.
  • 5.  The first generation of mobile networks, dubbed 1G, was introduced in Japan in 1979. It offered analog 2.4Kb/s with limited coverage and no roaming support. In 1991, 2G employed digital signaling to bump the speed to 64Kb/s and used the Global System for Mobile Communications (GSM) standard for improved voice fidelity and reliability. It also ushered in the ability to send text messages and photos. 3G was introduced in 2001 and harmonized global standards, along with 256Kb/s speed. Additional functions included video conferencing, streaming, and Voice over Internet Protocol (VoIP). The fourth and most common generation in use today, 4G Long-Term Evolution (LTE), can deliver speeds to 1Gb/s for high-definition video, web access, and gaming applications.  We are now on the cusp of 5G, which is designed to support the escalating demands of a universe of Internet of Things (IoT), explosion of consumer video, telemedicine, telework, and future autonomous transportation. In addition to a 10 times to as much as 100 times increase in speed, latency will be dramatically reduced. The ability to support many more connected devices with greater network efficiency and reduced latency is driving the transition to 5G.
  • 6.
  • 7.
  • 8. Credit Card Frauds & Wireless Computing Era Types of Credit Card Frauds  Traditional Techniques:  paper based fraud – criminal uses stolen or fake documents, to open an account in someone else’s name.  can be divided into ID theft  Financial fraud  illegal use of lost or stolen card  Modern Techniques:  enable criminals to produce fake or doctored cards.  Skimming process 1. Triangulation 2. Credit Card Generators (From Book)
  • 9. Triangulation Method - aim to create great deal of confusion for the authorities.
  • 10. Main challenges involved in credit card fraud detection are:  Enormous Data is processed every day and the model build must be fast enough to respond to the scam in time.  Imbalanced Data i.e most of the transactions (99.8%) are not fraudulent which makes it really hard for detecting the fraudulent ones  Data availability as the data is mostly private.  Misclassified Data can be another major issue, as not every fraudulent transaction is caught and reported.  Adaptive techniques used against the model by the scammers.
  • 11. Security challenges posed by mobile devices (FROM PPT) Mobility brings two main challenges to cyber security: first, on the hand-held devices, information is being taken outside the physically controlled environment. and Second, remote access back to the protected environment is being granted. The importance of providing employees with remote access and the ability to work from anywhere means that organizations need to implement tools that increase the security of mobile devices. Mobile phone security threats generally include application based, web-based, network-based, physical threats (or challenges) and technical challenges.
  • 12. Security challenges posed by mobile devices 1. Application based threat: Application-based threats happen when people download apps that look legitimate but actually skim data from their device. Even legitimate apps often request more permission than needed to perform their function, which can expose more data than necessary. Examples are spyware and malware that steal personal and business information without people realizing it’s happening. These threats also includes Data Leakage via Malicious Apps (as hackers can easily find an unprotected mobile app and use that unprotected app to design larger attacks or steal data, digital wallets, backend details, and other juicy bits directly from the app) and Zero Day Vulnerabilities (zero-day vulnerabilities that left its devices open for spyware attacks and released a patch to protect users against these vulnerabilities. A software vulnerability discovered by attackers before the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed)
  • 13. Security challenges posed by mobile devices 1. Application based threat: Contd…. The best way to protect your organization against data leakage (or App based threats) through malicious or unsecured applications is by using mobile application management (MAM) tools. These tools allow IT admins to manage corporate apps (wipe or control access permissions) on their employees’ devices without disrupting employees’ personal apps or data.
  • 14. Security challenges posed by mobile devices 2. Web based threat: Web-based threats are subtle and tend to go unnoticed. They happen when people visit affected sites that seem fine on the front-end but, in reality, automatically download malicious content onto devices. Examples: Phishing Scams Social Engineering Drive By Downloads Operating System Flaws
  • 15. Security challenges posed by mobile devices 2. Web based threat: Contd… Social Engineering Social engineering attacks are when bad actors send fake emails (phishing attacks) or text messages (smishing attacks) to your employees in an effort to trick them into handing over private information like their passwords or downloading malware onto their devices. Drive By Downloads Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device. Operating System Flaws Operating system (OS) vulnerabilities are exposures within an OS that allow cyber attackers to cause damage on any device where the OS is installed. Large numbers of mobile devices are not kept up to date with operating system releases. Out of date operating systems mean devices are vulnerable to security threats that are patched in the later versions. Mobile security requires continuous work to find and patch vulnerabilities that bad actors use to gain unauthorized access to your systems and data.
  • 16. Security challenges posed by mobile devices 2. Web based threat: Contd… Tips to Combat Web based threats  The best defense for phishing and other social engineering attacks is to teach employees how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to them altogether.  Reducing the number of people who have access to sensitive data or systems can also help protect your organization against social engineering attacks because it reduces the number of access points attackers have to gain access to critical systems or information.  Only use your computer’s admin account for program installations. Keep your web browser and operating system up to date. Be wary of keeping too many unnecessary programs and apps. Always avoid websites that may contain malicious code. Carefully read and examine security popups on the web before clicking. Use Ad-Blocker
  • 17. Security challenges posed by mobile devices 3. Network-based threat: Network-based threats are especially common and risky because cybercriminals can steal unencrypted data while people use public WiFi networks. Users often rely on public Wi-Fi to stay connected when they work outside the office. These unsecured Wi-Fi networks can allow malware to be installed on devices or eavesdroppers to intercept data. Public WiFi networks are generally less secure than private networks because there’s no way to know who set the network up, how (or if) it’s secured with encryption, or who is currently accessing it or monitoring it. And as more companies offer remote work options, the public WiFi networks your employees use to access your servers (e.g., from coffee shops or cafes) could present a risk to your organization. For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data that passes through their system (a “man in the middle” attack). Examples: •Network Exploits •WiFi Sniffing •Packet Sniffing •BYOD (Bring Your Own Device)
  • 18. Security challenges posed by mobile devices 3. Network-based threat: Contd…. There’s no single standard for mobile devices, especially when you allow BYOD rather than supplying the devices. Because of the variety of devices and operating systems, it’s difficult to apply controls consistently to ensure the safety of all of them.
  • 19. Security challenges posed by mobile devices 3. Network-based threat: Contd…. Tips to Combat The best way for you to protect your organization against threats over public WiFi networks is by requiring employees to use a VPN to access company systems or files. This will ensure that their session stays private and secure, even if they use a public network to access your systems.
  • 20. Security challenges posed by mobile devices 4. Physical Threats: Physical threats to mobile devices most commonly refer to the loss or theft of a device. Because hackers have direct access to the hardware where private data is stored, this threat is especially dangerous to enterprises. Example - Loss/Theft: Loss or theft is the most unwanted physical threat to the security of your mobile device. Any devices itself has value and can be sold on the secondary market after all your information is stolen and sold. Tips to Combat First and foremost, you’ll want to ensure employees know what steps to take if they lose their device. Since most devices come with remote access to delete or transfer information, that should include asking employees to make sure those services are activated
  • 21. Security challenges posed by mobile devices 5. Technical challenges in mobile security are:  Managing the registry settings and configurations,  Authentication service security,  Cryptography security,  Remote access server (RAS) security, Media player control security, Networking application program interface (API), security etc.
  • 22. Registry Settings for Mobile Devices: Let us understand the issue of registry settings on mobile devices through an example: Microsoft Activesync is meant for synchronization with Windows-powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between Windows-powered PC and Windows mobile-powered device, enabling the transfer of applications such as Outlook information, Microsoft Office documents, pictures, music, videos and applications from a user's desktop to his/her device. In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and contacts updated wirelessly when they are away from their PCs. In this context, registry setting becomes an important issue given the ease with which various applications allow a free flow of information.
  • 23. Authentication Service Security: There are two components of security in mobile computing: 1. security of devices and 2. security in networks. A secure network access involves authentication between the device and the base stations or Web servers. This is to ensure that only authenticated devices can be connected to the network for obtaining the requested services. No Malicious Code can impersonate the service provider to trick the device into doing something it does not mean to. Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull attacks and crash attacks. Authentication services security is important given the typical attacks on mobile devices through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking. Security measures in this scenario come from Wireless Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and development in 802.xx standards.
  • 24. Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Mobile phones have become an integral part of everbody's life and the mobile phone has transformed from being a luxury to a bare necessity. Increase in the purchasing power and availability of numerous low cost handsets have also lead to an increase in mobile phone users. Theft of mobile phones has risen dramatically over the past few years. Since huge section of working population in India use public transport, major locations where theft occurs are bus stops, railway stations and traffic signals. Attacks on Cell phones increases because of  increasing usage of cell phones and availability of internet using cell phones.  Increasing demand of WiFi zones in Metropolitans & extensive usage of cell phones with the lack of awareness/knowledge about the vulnerabilities of the technology.
  • 25. Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. The following factors contribute for outbreaks on mobile devices: 1. Enough target terminals: The first Palm OS virus was seen after the number of Palm OS devices reached 15 million. The first instance of a mobile virus was observed during June 2004 when it was discovered that an organization "Ojam" had engineered an antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito. This virus sent SMS text messages to the organization without the users' knowledge.
  • 26. Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. 2. Enough functionality: Mobile devices are increasingly being equipped with office functionality and already carry critical data and applications, which are often protected insufficiently or not at all. The expanded functionality also increases the probability of malware. 3. Enough connectivity: Smartphones offer multiple communication options, such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore, unfortunately, the increased amount of freedom also offers more choices for virus writers.
  • 27. Attacks on Mobile/Cell Phones (Same as Book) 2. Mobile Viruses: Mobile Viruses 3. Mishing: Mishing 4. Vishing: Vishing 5. Smishing: Smishing 6. Hacking Bluetooth: Hacking Bluetooth