Uploaded byGaytriDhingra1
PPTX, PDF1,450 views

CS_UNIT 2(P3).pptx

This document discusses security challenges posed by mobile devices. It begins by outlining three main types of threats: application-based threats like malware and spyware; web-based threats like phishing and drive-by downloads; and network-based threats when using public WiFi. Application-based threats occur when malicious apps steal data or request unnecessary permissions. Web-based threats happen through compromised websites that download malware. Network-based threats risk intercepting unencrypted data on public WiFi networks. The document provides examples for each threat type and recommends mitigation strategies like mobile application management, secure web browsing practices, and VPNs for public networks. Managing a variety of personal and company-owned devices poses additional challenges to

Embed presentation

Download to read offline
UNIT 2  Credit Card Frauds in Mobile & Wireless Computing Era  Security Challenges  Registry Settings for Mobile Devices  Authentication Service Security  Attacks on Mobile/Cell Phones
 Trends in Mobility  In the past two decades, we’ve not only cut the cord between our phones and the wall, but we have gained the ability to stream video, play games, and access the web from what has essentially become a powerful handheld computer. 5G will push those capabilities to the next level.  Since the late 1970s, the ability to communicate with others using a device that is untethered to a wire has changed the way people interact, whether they are located across the street or in another country. Prior to the introduction of cellular technology, ham shortwave and FM radios provided two-way communication to those willing to learn Morse code and obtain a license. Citizens band (CB) radios offered up to 20-mile links and became wildly popular with the mass market in the early to mid-1960s. However, weather conditions and time of day had a major influence on reliability of ham radio links, while transmission power limits and chatty enthusiasts reduced the usefulness of CB.
 The industry needed a system that consumed little energy to enable small portable devices to operate on battery power. Cellular phones evolved to meet this need. Rather than adopt a point-to-point long-distance strategy, cellular phones link to a grid of local relay base stations.  A progression of enhanced technical standards enabled compatibility among devices and opened the door to development of a rapidly expanding market. Efficient network management was the other key to development of advanced cellular communication systems in terms of speed, reliability, latency, capacity, and additional features.
 The first generation of mobile networks, dubbed 1G, was introduced in Japan in 1979. It offered analog 2.4Kb/s with limited coverage and no roaming support. In 1991, 2G employed digital signaling to bump the speed to 64Kb/s and used the Global System for Mobile Communications (GSM) standard for improved voice fidelity and reliability. It also ushered in the ability to send text messages and photos. 3G was introduced in 2001 and harmonized global standards, along with 256Kb/s speed. Additional functions included video conferencing, streaming, and Voice over Internet Protocol (VoIP). The fourth and most common generation in use today, 4G Long-Term Evolution (LTE), can deliver speeds to 1Gb/s for high-definition video, web access, and gaming applications.  We are now on the cusp of 5G, which is designed to support the escalating demands of a universe of Internet of Things (IoT), explosion of consumer video, telemedicine, telework, and future autonomous transportation. In addition to a 10 times to as much as 100 times increase in speed, latency will be dramatically reduced. The ability to support many more connected devices with greater network efficiency and reduced latency is driving the transition to 5G.
Credit Card Frauds & Wireless Computing Era Types of Credit Card Frauds  Traditional Techniques:  paper based fraud – criminal uses stolen or fake documents, to open an account in someone else’s name.  can be divided into ID theft  Financial fraud  illegal use of lost or stolen card  Modern Techniques:  enable criminals to produce fake or doctored cards.  Skimming process 1. Triangulation 2. Credit Card Generators (From Book)
Triangulation Method - aim to create great deal of confusion for the authorities.
Main challenges involved in credit card fraud detection are:  Enormous Data is processed every day and the model build must be fast enough to respond to the scam in time.  Imbalanced Data i.e most of the transactions (99.8%) are not fraudulent which makes it really hard for detecting the fraudulent ones  Data availability as the data is mostly private.  Misclassified Data can be another major issue, as not every fraudulent transaction is caught and reported.  Adaptive techniques used against the model by the scammers.
Security challenges posed by mobile devices (FROM PPT) Mobility brings two main challenges to cyber security: first, on the hand-held devices, information is being taken outside the physically controlled environment. and Second, remote access back to the protected environment is being granted. The importance of providing employees with remote access and the ability to work from anywhere means that organizations need to implement tools that increase the security of mobile devices. Mobile phone security threats generally include application based, web-based, network-based, physical threats (or challenges) and technical challenges.
Security challenges posed by mobile devices 1. Application based threat: Application-based threats happen when people download apps that look legitimate but actually skim data from their device. Even legitimate apps often request more permission than needed to perform their function, which can expose more data than necessary. Examples are spyware and malware that steal personal and business information without people realizing it’s happening. These threats also includes Data Leakage via Malicious Apps (as hackers can easily find an unprotected mobile app and use that unprotected app to design larger attacks or steal data, digital wallets, backend details, and other juicy bits directly from the app) and Zero Day Vulnerabilities (zero-day vulnerabilities that left its devices open for spyware attacks and released a patch to protect users against these vulnerabilities. A software vulnerability discovered by attackers before the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed)
Security challenges posed by mobile devices 1. Application based threat: Contd…. The best way to protect your organization against data leakage (or App based threats) through malicious or unsecured applications is by using mobile application management (MAM) tools. These tools allow IT admins to manage corporate apps (wipe or control access permissions) on their employees’ devices without disrupting employees’ personal apps or data.
Security challenges posed by mobile devices 2. Web based threat: Web-based threats are subtle and tend to go unnoticed. They happen when people visit affected sites that seem fine on the front-end but, in reality, automatically download malicious content onto devices. Examples: Phishing Scams Social Engineering Drive By Downloads Operating System Flaws
Security challenges posed by mobile devices 2. Web based threat: Contd… Social Engineering Social engineering attacks are when bad actors send fake emails (phishing attacks) or text messages (smishing attacks) to your employees in an effort to trick them into handing over private information like their passwords or downloading malware onto their devices. Drive By Downloads Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device. Operating System Flaws Operating system (OS) vulnerabilities are exposures within an OS that allow cyber attackers to cause damage on any device where the OS is installed. Large numbers of mobile devices are not kept up to date with operating system releases. Out of date operating systems mean devices are vulnerable to security threats that are patched in the later versions. Mobile security requires continuous work to find and patch vulnerabilities that bad actors use to gain unauthorized access to your systems and data.
Security challenges posed by mobile devices 2. Web based threat: Contd… Tips to Combat Web based threats  The best defense for phishing and other social engineering attacks is to teach employees how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to them altogether.  Reducing the number of people who have access to sensitive data or systems can also help protect your organization against social engineering attacks because it reduces the number of access points attackers have to gain access to critical systems or information.  Only use your computer’s admin account for program installations. Keep your web browser and operating system up to date. Be wary of keeping too many unnecessary programs and apps. Always avoid websites that may contain malicious code. Carefully read and examine security popups on the web before clicking. Use Ad-Blocker
Security challenges posed by mobile devices 3. Network-based threat: Network-based threats are especially common and risky because cybercriminals can steal unencrypted data while people use public WiFi networks. Users often rely on public Wi-Fi to stay connected when they work outside the office. These unsecured Wi-Fi networks can allow malware to be installed on devices or eavesdroppers to intercept data. Public WiFi networks are generally less secure than private networks because there’s no way to know who set the network up, how (or if) it’s secured with encryption, or who is currently accessing it or monitoring it. And as more companies offer remote work options, the public WiFi networks your employees use to access your servers (e.g., from coffee shops or cafes) could present a risk to your organization. For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data that passes through their system (a “man in the middle” attack). Examples: •Network Exploits •WiFi Sniffing •Packet Sniffing •BYOD (Bring Your Own Device)
Security challenges posed by mobile devices 3. Network-based threat: Contd…. There’s no single standard for mobile devices, especially when you allow BYOD rather than supplying the devices. Because of the variety of devices and operating systems, it’s difficult to apply controls consistently to ensure the safety of all of them.
Security challenges posed by mobile devices 3. Network-based threat: Contd…. Tips to Combat The best way for you to protect your organization against threats over public WiFi networks is by requiring employees to use a VPN to access company systems or files. This will ensure that their session stays private and secure, even if they use a public network to access your systems.
Security challenges posed by mobile devices 4. Physical Threats: Physical threats to mobile devices most commonly refer to the loss or theft of a device. Because hackers have direct access to the hardware where private data is stored, this threat is especially dangerous to enterprises. Example - Loss/Theft: Loss or theft is the most unwanted physical threat to the security of your mobile device. Any devices itself has value and can be sold on the secondary market after all your information is stolen and sold. Tips to Combat First and foremost, you’ll want to ensure employees know what steps to take if they lose their device. Since most devices come with remote access to delete or transfer information, that should include asking employees to make sure those services are activated
Security challenges posed by mobile devices 5. Technical challenges in mobile security are:  Managing the registry settings and configurations,  Authentication service security,  Cryptography security,  Remote access server (RAS) security, Media player control security, Networking application program interface (API), security etc.
Registry Settings for Mobile Devices: Let us understand the issue of registry settings on mobile devices through an example: Microsoft Activesync is meant for synchronization with Windows-powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between Windows-powered PC and Windows mobile-powered device, enabling the transfer of applications such as Outlook information, Microsoft Office documents, pictures, music, videos and applications from a user's desktop to his/her device. In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and contacts updated wirelessly when they are away from their PCs. In this context, registry setting becomes an important issue given the ease with which various applications allow a free flow of information.
Authentication Service Security: There are two components of security in mobile computing: 1. security of devices and 2. security in networks. A secure network access involves authentication between the device and the base stations or Web servers. This is to ensure that only authenticated devices can be connected to the network for obtaining the requested services. No Malicious Code can impersonate the service provider to trick the device into doing something it does not mean to. Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull attacks and crash attacks. Authentication services security is important given the typical attacks on mobile devices through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking. Security measures in this scenario come from Wireless Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and development in 802.xx standards.
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Mobile phones have become an integral part of everbody's life and the mobile phone has transformed from being a luxury to a bare necessity. Increase in the purchasing power and availability of numerous low cost handsets have also lead to an increase in mobile phone users. Theft of mobile phones has risen dramatically over the past few years. Since huge section of working population in India use public transport, major locations where theft occurs are bus stops, railway stations and traffic signals. Attacks on Cell phones increases because of  increasing usage of cell phones and availability of internet using cell phones.  Increasing demand of WiFi zones in Metropolitans & extensive usage of cell phones with the lack of awareness/knowledge about the vulnerabilities of the technology.
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. The following factors contribute for outbreaks on mobile devices: 1. Enough target terminals: The first Palm OS virus was seen after the number of Palm OS devices reached 15 million. The first instance of a mobile virus was observed during June 2004 when it was discovered that an organization "Ojam" had engineered an antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito. This virus sent SMS text messages to the organization without the users' knowledge.
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. 2. Enough functionality: Mobile devices are increasingly being equipped with office functionality and already carry critical data and applications, which are often protected insufficiently or not at all. The expanded functionality also increases the probability of malware. 3. Enough connectivity: Smartphones offer multiple communication options, such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore, unfortunately, the increased amount of freedom also offers more choices for virus writers.
Attacks on Mobile/Cell Phones (Same as Book) 2. Mobile Viruses: Mobile Viruses 3. Mishing: Mishing 4. Vishing: Vishing 5. Smishing: Smishing 6. Hacking Bluetooth: Hacking Bluetooth

More Related Content

PPTX
Chapter 3_Cyber Security-ccdf.pptx
by1SI19IS064TEJASS
 
PPTX
Cyber Security Case Studies
byMoksha Kalyan Ram Abhiramula
 
PPTX
Hacking vs cracking
byNaren Naren
 
PPTX
Attacks on Mobiles\Cell Phones
byFaizan Shaikh
 
PPT
Computer security
byUniv of Salamanca
 
DOCX
CCS354-NETWORK SECURITY-network-security notes
byKiruba buri R
 
PPTX
System Security-Chapter 1
byVamsee Krishna Kiran
 
PPT
System vulnerability and abuse
byPrakash Raval
 
Chapter 3_Cyber Security-ccdf.pptx
by1SI19IS064TEJASS
 
Cyber Security Case Studies
byMoksha Kalyan Ram Abhiramula
 
Hacking vs cracking
byNaren Naren
 
Attacks on Mobiles\Cell Phones
byFaizan Shaikh
 
Computer security
byUniv of Salamanca
 
CCS354-NETWORK SECURITY-network-security notes
byKiruba buri R
 
System Security-Chapter 1
byVamsee Krishna Kiran
 
System vulnerability and abuse
byPrakash Raval
 

What's hot

PPTX
MAC-Message Authentication Codes
byDarshanPatil82
 
PPT
X.509 Certificates
bySou Jana
 
PPTX
Hash Function
bySiddharth Srivastava
 
PPT
Network security cryptographic hash function
byMijanur Rahman Milon
 
PPT
Security in mobile ad hoc networks
byPiyush Mittal
 
PDF
CSMA /CD PPT ON SLIDESHARE
byKhushboo Pal
 
PPT
Elgamal Digital Signature
bySou Jana
 
PPT
Mobile agents
bySantosh Pandey
 
PPT
Security Attacks.ppt
byZaheer720515
 
PPTX
Kerberos
bySutanu Paul
 
PPT
Global state routing
byTata Consultancy Service Limited
 
PPTX
Network security model.pptx
byssuserd24233
 
PPT
Clock synchronization in distributed system
bySunita Sahu
 
PPTX
pda forensics
bysaddamhusain hadimani
 
PPTX
Unit-3.pptx
byRamya Nellutla
 
PPSX
Congestion avoidance in TCP
byselvakumar_b1985
 
PPTX
Authentication service security
byPrachi Gulihar
 
PPTX
Intrusion prevention system(ips)
byPapun Papun
 
PPTX
Network Security- port security.pptx
bySulSya
 
PPTX
Pgp pretty good privacy
byPawan Arya
 
MAC-Message Authentication Codes
byDarshanPatil82
 
X.509 Certificates
bySou Jana
 
Hash Function
bySiddharth Srivastava
 
Network security cryptographic hash function
byMijanur Rahman Milon
 
Security in mobile ad hoc networks
byPiyush Mittal
 
CSMA /CD PPT ON SLIDESHARE
byKhushboo Pal
 
Elgamal Digital Signature
bySou Jana
 
Mobile agents
bySantosh Pandey
 
Security Attacks.ppt
byZaheer720515
 
Kerberos
bySutanu Paul
 
Global state routing
byTata Consultancy Service Limited
 
Network security model.pptx
byssuserd24233
 
Clock synchronization in distributed system
bySunita Sahu
 
pda forensics
bysaddamhusain hadimani
 
Unit-3.pptx
byRamya Nellutla
 
Congestion avoidance in TCP
byselvakumar_b1985
 
Authentication service security
byPrachi Gulihar
 
Intrusion prevention system(ips)
byPapun Papun
 
Network Security- port security.pptx
bySulSya
 
Pgp pretty good privacy
byPawan Arya
 

Similar to CS_UNIT 2(P3).pptx

PPTX
Mobile protection
bypreetpatel72
 
PPTX
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
PPTX
CyberSecurity Mobile and Wireless Devices
byRobinRohit2
 
PPTX
UNIT-3-Cybercrime Mobile and Wireless Devices-1.pptx
bynageshanitha
 
PDF
Securing 3-Mode Mobile Banking
byJay McLaughlin
 
PPTX
vyber security on different fields bullying .pptx
bySantoshChinchali1
 
PPTX
Chapter 4
byNorazlinaAbdullah4
 
DOCX
ResearchProjectComplete
bydannyboi17
 
PDF
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
bykostikjaylonshaewe47
 
PDF
IRJET- Android Device Attacks and Threats
byIRJET Journal
 
PDF
iScan Online - PCI DSS Mobile Task Force
byMAX Risk Intelligence by LOGICnow
 
PPTX
Mobile security trends
byKen Huang
 
PPT
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
byIBM Danmark
 
PPTX
Mobile security in Cyber Security
byGeo Marian
 
PDF
Security and Compliance
byBankingdotcom
 
PPTX
mobile security.pptx
byTapan Khilar
 
DOCX
271 Information Governance for Mobile Devices .docx
bylorainedeserre
 
PPTX
Cloud, social networking and BYOD collide!
byPeter Wood
 
PDF
BYOD: Device Control in the Wild, Wild, West
byJay McLaughlin
 
PDF
Securing mobile devices_in_the_business_environment
byK Singh
 
Mobile protection
bypreetpatel72
 
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
CyberSecurity Mobile and Wireless Devices
byRobinRohit2
 
UNIT-3-Cybercrime Mobile and Wireless Devices-1.pptx
bynageshanitha
 
Securing 3-Mode Mobile Banking
byJay McLaughlin
 
vyber security on different fields bullying .pptx
bySantoshChinchali1
 
Chapter 4
byNorazlinaAbdullah4
 
ResearchProjectComplete
bydannyboi17
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
bykostikjaylonshaewe47
 
IRJET- Android Device Attacks and Threats
byIRJET Journal
 
iScan Online - PCI DSS Mobile Task Force
byMAX Risk Intelligence by LOGICnow
 
Mobile security trends
byKen Huang
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
byIBM Danmark
 
Mobile security in Cyber Security
byGeo Marian
 
Security and Compliance
byBankingdotcom
 
mobile security.pptx
byTapan Khilar
 
271 Information Governance for Mobile Devices .docx
bylorainedeserre
 
Cloud, social networking and BYOD collide!
byPeter Wood
 
BYOD: Device Control in the Wild, Wild, West
byJay McLaughlin
 
Securing mobile devices_in_the_business_environment
byK Singh
 

Recently uploaded

PPTX
Powerpoint for testing in embed test with Sway
byjeanpierrefort3
 
PPTX
christal dinesha (1).ppt seminar topic..
bychristaldinesha
 
PPTX
Ultrasound .pptx by Nagmani ojha (paramedical department)(Radiation technolog...
bynagmaniojha8
 
PDF
ĐỀ MINH HỌA KỲ THI TỐT NGHIỆP TRUNG HỌC PHỔ THÔNG NĂM 2026 MÔN TIẾNG ANH 2026...
byNguyen Thanh Tu Collection
 
PDF
Aminoglycosides.pdf for B.Pharmacy Medicinal Chemistry-III (BP601T), GPAT, a...
bymominzarinamdnajeeb
 
PPTX
" Jaya : Silence as Resistance " - That long silence
bydharabhandari35
 
PPTX
Appreciations - Jan 26 01.pptxkjkjkkjkjkjkj
bypreetheshparmar
 
PDF
Problem Solving Agents in Artificial Intelligence with Examples and Water Jug...
byARTHIDEVARANIP
 
PDF
Introduction to Principle Components Analysis algorithms
byBapusahebDange
 
PPTX
NMR Spectroscopy: Principles and Applications
byVanitha Rajakumar
 
PPTX
HABIT. Cognitive process. I Semester Shilpa Hotakar pptx
bySHILPA HOTAKAR
 
PPTX
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
PPTX
Statistical Data Analysis using R Programming.pptx
byVETRISELVIP1
 
PDF
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
PPTX
Alma Šuto - From Tradition to Innovation: Creative AI in Education
bybvtricks
 
PDF
NCA New Family Orientation 2026 Dosemagen.pdf
bytimdosemagen1
 
PPTX
Central Line Associated Bloodstream Infection
bynabinabhaila40
 
PPTX
Setting Up and Processing Down Payments in Odoo 18 Sales
byCeline George
 
PDF
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
PPTX
bundle of care.pptx Priti Bala @ BRD med
bypritibala13
 
Powerpoint for testing in embed test with Sway
byjeanpierrefort3
 
christal dinesha (1).ppt seminar topic..
bychristaldinesha
 
Ultrasound .pptx by Nagmani ojha (paramedical department)(Radiation technolog...
bynagmaniojha8
 
ĐỀ MINH HỌA KỲ THI TỐT NGHIỆP TRUNG HỌC PHỔ THÔNG NĂM 2026 MÔN TIẾNG ANH 2026...
byNguyen Thanh Tu Collection
 
Aminoglycosides.pdf for B.Pharmacy Medicinal Chemistry-III (BP601T), GPAT, a...
bymominzarinamdnajeeb
 
" Jaya : Silence as Resistance " - That long silence
bydharabhandari35
 
Appreciations - Jan 26 01.pptxkjkjkkjkjkjkj
bypreetheshparmar
 
Problem Solving Agents in Artificial Intelligence with Examples and Water Jug...
byARTHIDEVARANIP
 
Introduction to Principle Components Analysis algorithms
byBapusahebDange
 
NMR Spectroscopy: Principles and Applications
byVanitha Rajakumar
 
HABIT. Cognitive process. I Semester Shilpa Hotakar pptx
bySHILPA HOTAKAR
 
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
Statistical Data Analysis using R Programming.pptx
byVETRISELVIP1
 
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
Alma Šuto - From Tradition to Innovation: Creative AI in Education
bybvtricks
 
NCA New Family Orientation 2026 Dosemagen.pdf
bytimdosemagen1
 
Central Line Associated Bloodstream Infection
bynabinabhaila40
 
Setting Up and Processing Down Payments in Odoo 18 Sales
byCeline George
 
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
bundle of care.pptx Priti Bala @ BRD med
bypritibala13
 

CS_UNIT 2(P3).pptx

  • 1.
    UNIT 2  CreditCard Frauds in Mobile & Wireless Computing Era  Security Challenges  Registry Settings for Mobile Devices  Authentication Service Security  Attacks on Mobile/Cell Phones
  • 2.
     Trends inMobility  In the past two decades, we’ve not only cut the cord between our phones and the wall, but we have gained the ability to stream video, play games, and access the web from what has essentially become a powerful handheld computer. 5G will push those capabilities to the next level.  Since the late 1970s, the ability to communicate with others using a device that is untethered to a wire has changed the way people interact, whether they are located across the street or in another country. Prior to the introduction of cellular technology, ham shortwave and FM radios provided two-way communication to those willing to learn Morse code and obtain a license. Citizens band (CB) radios offered up to 20-mile links and became wildly popular with the mass market in the early to mid-1960s. However, weather conditions and time of day had a major influence on reliability of ham radio links, while transmission power limits and chatty enthusiasts reduced the usefulness of CB.
  • 4.
     The industryneeded a system that consumed little energy to enable small portable devices to operate on battery power. Cellular phones evolved to meet this need. Rather than adopt a point-to-point long-distance strategy, cellular phones link to a grid of local relay base stations.  A progression of enhanced technical standards enabled compatibility among devices and opened the door to development of a rapidly expanding market. Efficient network management was the other key to development of advanced cellular communication systems in terms of speed, reliability, latency, capacity, and additional features.
  • 5.
     The firstgeneration of mobile networks, dubbed 1G, was introduced in Japan in 1979. It offered analog 2.4Kb/s with limited coverage and no roaming support. In 1991, 2G employed digital signaling to bump the speed to 64Kb/s and used the Global System for Mobile Communications (GSM) standard for improved voice fidelity and reliability. It also ushered in the ability to send text messages and photos. 3G was introduced in 2001 and harmonized global standards, along with 256Kb/s speed. Additional functions included video conferencing, streaming, and Voice over Internet Protocol (VoIP). The fourth and most common generation in use today, 4G Long-Term Evolution (LTE), can deliver speeds to 1Gb/s for high-definition video, web access, and gaming applications.  We are now on the cusp of 5G, which is designed to support the escalating demands of a universe of Internet of Things (IoT), explosion of consumer video, telemedicine, telework, and future autonomous transportation. In addition to a 10 times to as much as 100 times increase in speed, latency will be dramatically reduced. The ability to support many more connected devices with greater network efficiency and reduced latency is driving the transition to 5G.
  • 8.
    Credit Card Frauds& Wireless Computing Era Types of Credit Card Frauds  Traditional Techniques:  paper based fraud – criminal uses stolen or fake documents, to open an account in someone else’s name.  can be divided into ID theft  Financial fraud  illegal use of lost or stolen card  Modern Techniques:  enable criminals to produce fake or doctored cards.  Skimming process 1. Triangulation 2. Credit Card Generators (From Book)
  • 9.
    Triangulation Method -aim to create great deal of confusion for the authorities.
  • 10.
    Main challenges involvedin credit card fraud detection are:  Enormous Data is processed every day and the model build must be fast enough to respond to the scam in time.  Imbalanced Data i.e most of the transactions (99.8%) are not fraudulent which makes it really hard for detecting the fraudulent ones  Data availability as the data is mostly private.  Misclassified Data can be another major issue, as not every fraudulent transaction is caught and reported.  Adaptive techniques used against the model by the scammers.
  • 11.
    Security challenges posedby mobile devices (FROM PPT) Mobility brings two main challenges to cyber security: first, on the hand-held devices, information is being taken outside the physically controlled environment. and Second, remote access back to the protected environment is being granted. The importance of providing employees with remote access and the ability to work from anywhere means that organizations need to implement tools that increase the security of mobile devices. Mobile phone security threats generally include application based, web-based, network-based, physical threats (or challenges) and technical challenges.
  • 12.
    Security challenges posedby mobile devices 1. Application based threat: Application-based threats happen when people download apps that look legitimate but actually skim data from their device. Even legitimate apps often request more permission than needed to perform their function, which can expose more data than necessary. Examples are spyware and malware that steal personal and business information without people realizing it’s happening. These threats also includes Data Leakage via Malicious Apps (as hackers can easily find an unprotected mobile app and use that unprotected app to design larger attacks or steal data, digital wallets, backend details, and other juicy bits directly from the app) and Zero Day Vulnerabilities (zero-day vulnerabilities that left its devices open for spyware attacks and released a patch to protect users against these vulnerabilities. A software vulnerability discovered by attackers before the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed)
  • 13.
    Security challenges posedby mobile devices 1. Application based threat: Contd…. The best way to protect your organization against data leakage (or App based threats) through malicious or unsecured applications is by using mobile application management (MAM) tools. These tools allow IT admins to manage corporate apps (wipe or control access permissions) on their employees’ devices without disrupting employees’ personal apps or data.
  • 14.
    Security challenges posedby mobile devices 2. Web based threat: Web-based threats are subtle and tend to go unnoticed. They happen when people visit affected sites that seem fine on the front-end but, in reality, automatically download malicious content onto devices. Examples: Phishing Scams Social Engineering Drive By Downloads Operating System Flaws
  • 15.
    Security challenges posedby mobile devices 2. Web based threat: Contd… Social Engineering Social engineering attacks are when bad actors send fake emails (phishing attacks) or text messages (smishing attacks) to your employees in an effort to trick them into handing over private information like their passwords or downloading malware onto their devices. Drive By Downloads Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device. Operating System Flaws Operating system (OS) vulnerabilities are exposures within an OS that allow cyber attackers to cause damage on any device where the OS is installed. Large numbers of mobile devices are not kept up to date with operating system releases. Out of date operating systems mean devices are vulnerable to security threats that are patched in the later versions. Mobile security requires continuous work to find and patch vulnerabilities that bad actors use to gain unauthorized access to your systems and data.
  • 16.
    Security challenges posedby mobile devices 2. Web based threat: Contd… Tips to Combat Web based threats  The best defense for phishing and other social engineering attacks is to teach employees how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to them altogether.  Reducing the number of people who have access to sensitive data or systems can also help protect your organization against social engineering attacks because it reduces the number of access points attackers have to gain access to critical systems or information.  Only use your computer’s admin account for program installations. Keep your web browser and operating system up to date. Be wary of keeping too many unnecessary programs and apps. Always avoid websites that may contain malicious code. Carefully read and examine security popups on the web before clicking. Use Ad-Blocker
  • 17.
    Security challenges posedby mobile devices 3. Network-based threat: Network-based threats are especially common and risky because cybercriminals can steal unencrypted data while people use public WiFi networks. Users often rely on public Wi-Fi to stay connected when they work outside the office. These unsecured Wi-Fi networks can allow malware to be installed on devices or eavesdroppers to intercept data. Public WiFi networks are generally less secure than private networks because there’s no way to know who set the network up, how (or if) it’s secured with encryption, or who is currently accessing it or monitoring it. And as more companies offer remote work options, the public WiFi networks your employees use to access your servers (e.g., from coffee shops or cafes) could present a risk to your organization. For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data that passes through their system (a “man in the middle” attack). Examples: •Network Exploits •WiFi Sniffing •Packet Sniffing •BYOD (Bring Your Own Device)
  • 18.
    Security challenges posedby mobile devices 3. Network-based threat: Contd…. There’s no single standard for mobile devices, especially when you allow BYOD rather than supplying the devices. Because of the variety of devices and operating systems, it’s difficult to apply controls consistently to ensure the safety of all of them.
  • 19.
    Security challenges posedby mobile devices 3. Network-based threat: Contd…. Tips to Combat The best way for you to protect your organization against threats over public WiFi networks is by requiring employees to use a VPN to access company systems or files. This will ensure that their session stays private and secure, even if they use a public network to access your systems.
  • 20.
    Security challenges posedby mobile devices 4. Physical Threats: Physical threats to mobile devices most commonly refer to the loss or theft of a device. Because hackers have direct access to the hardware where private data is stored, this threat is especially dangerous to enterprises. Example - Loss/Theft: Loss or theft is the most unwanted physical threat to the security of your mobile device. Any devices itself has value and can be sold on the secondary market after all your information is stolen and sold. Tips to Combat First and foremost, you’ll want to ensure employees know what steps to take if they lose their device. Since most devices come with remote access to delete or transfer information, that should include asking employees to make sure those services are activated
  • 21.
    Security challenges posedby mobile devices 5. Technical challenges in mobile security are:  Managing the registry settings and configurations,  Authentication service security,  Cryptography security,  Remote access server (RAS) security, Media player control security, Networking application program interface (API), security etc.
  • 22.
    Registry Settings forMobile Devices: Let us understand the issue of registry settings on mobile devices through an example: Microsoft Activesync is meant for synchronization with Windows-powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between Windows-powered PC and Windows mobile-powered device, enabling the transfer of applications such as Outlook information, Microsoft Office documents, pictures, music, videos and applications from a user's desktop to his/her device. In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and contacts updated wirelessly when they are away from their PCs. In this context, registry setting becomes an important issue given the ease with which various applications allow a free flow of information.
  • 23.
    Authentication Service Security: Thereare two components of security in mobile computing: 1. security of devices and 2. security in networks. A secure network access involves authentication between the device and the base stations or Web servers. This is to ensure that only authenticated devices can be connected to the network for obtaining the requested services. No Malicious Code can impersonate the service provider to trick the device into doing something it does not mean to. Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull attacks and crash attacks. Authentication services security is important given the typical attacks on mobile devices through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking. Security measures in this scenario come from Wireless Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and development in 802.xx standards.
  • 24.
    Attacks on Mobile/CellPhones (Same as Book) 1. Mobile Phone Theft: Mobile phones have become an integral part of everbody's life and the mobile phone has transformed from being a luxury to a bare necessity. Increase in the purchasing power and availability of numerous low cost handsets have also lead to an increase in mobile phone users. Theft of mobile phones has risen dramatically over the past few years. Since huge section of working population in India use public transport, major locations where theft occurs are bus stops, railway stations and traffic signals. Attacks on Cell phones increases because of  increasing usage of cell phones and availability of internet using cell phones.  Increasing demand of WiFi zones in Metropolitans & extensive usage of cell phones with the lack of awareness/knowledge about the vulnerabilities of the technology.
  • 25.
    Attacks on Mobile/CellPhones (Same as Book) 1. Mobile Phone Theft: Contd….. The following factors contribute for outbreaks on mobile devices: 1. Enough target terminals: The first Palm OS virus was seen after the number of Palm OS devices reached 15 million. The first instance of a mobile virus was observed during June 2004 when it was discovered that an organization "Ojam" had engineered an antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito. This virus sent SMS text messages to the organization without the users' knowledge.
  • 26.
    Attacks on Mobile/CellPhones (Same as Book) 1. Mobile Phone Theft: Contd….. 2. Enough functionality: Mobile devices are increasingly being equipped with office functionality and already carry critical data and applications, which are often protected insufficiently or not at all. The expanded functionality also increases the probability of malware. 3. Enough connectivity: Smartphones offer multiple communication options, such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore, unfortunately, the increased amount of freedom also offers more choices for virus writers.
  • 27.
    Attacks on Mobile/CellPhones (Same as Book) 2. Mobile Viruses: Mobile Viruses 3. Mishing: Mishing 4. Vishing: Vishing 5. Smishing: Smishing 6. Hacking Bluetooth: Hacking Bluetooth