Professional Documents
Culture Documents
Mobile Threats
Mobile Threats
Mobile Threats
WLAN Threats
Wireless technology has become the standard for users and other endpoints due to its numerous
advantages over wired networks. However, it brings a significant disadvantage related to security
because of its borderless nature. The following are some of the top Wireless LAN threats published by
techtarget.com in 2022.
Mobile Threats
Mobile security threats continue to evolve and become more sophisticated each year. According to an
article by zdnet.com, here are the top three out of nine mobile security threats published in 2023.
2. Physical Security:
This is a critical concern, primarily due to the risk of theft associated with the compact size and
high market value of mobile devices. The theft of such devices can result in financial loss and
potential exposure of personal data, leading to identity theft or privacy breaches. Unauthorized
access poses another significant threat, especially when devices are left unattended or unlocked,
making them vulnerable to manipulation by malicious individuals. This can lead to data
breaches, privacy violations, and the installation of unauthorized applications, compromising
both device functionality and user personal data. An additional discreet yet effective method
employed by attackers is "shoulder surfing," where users' actions, such as PIN entry, are
observed closely. This tactic enables unauthorized access to the device or sensitive applications,
posing a risk to personal information. Physical tampering, involving the alteration of device
hardware, is a less common but technical approach that can have destructive impacts. Malicious
actors may attempt to modify device hardware to bypass security measures, compromise data
integrity, or gain access to stored information, even extending to critical network infrastructures.
3. SIM Hijacking/Swapping:
This threat involves exploiting a legitimate service provided by telecom companies, typically
used when customers want to switch their SIM cards and mobile phone numbers between
operators or handsets. Threat actors use various methods, including social media platforms,
phishing, and sometimes purchasing victims' personal data from the dark web, to gather
information such as birthdays, mother’s maiden names, and high schools. Subsequently, they
contact the mobile carrier, posing as the legitimate user. If successful in answering security
questions, they can now move the victim’s mobile number to a new SIM card. This grants them
access to online accounts, allowing them to intercept calls and texts and potentially acquire two-
factor authentication codes, posing severe risks to privacy and account security. While SIM
hijacking requires targeted effort, its success can have disastrous consequences for victims.
Vulnerability Analysis Plan
Applying the vulnerability assessment process published by esecurityplanet.com, Dynamic Media can
utilize the seven-step approach.
3. Analyze Results:
Analyze the vulnerability scan results to identify and prioritize security vulnerabilities, especially
related to the WLAN and mobile devices. Consider the criticality and likelihood of exploitation of
each vulnerability.
4. Prioritize Vulnerabilities:
This process involves finding and fixing important weaknesses that present immediate security
threats to the WLAN and mobile devices. This includes identifying vulnerabilities that might lead
to unauthorized access or data breaches, prioritizing those that could affect network and device
security, especially with the company's growth or plans for a public offering. The approach
includes creating a plan to tackle critical vulnerabilities first, followed by those with potential
future exploits, and then addressing other vulnerabilities gradually over time.
By following these steps, Dynamic Media will be able to establish a comprehensive vulnerability
assessment to strengthen its wireless and mobile security posture, address the CEO's concerns, and
prepare for potential growth.
References
Froehlich, A. (2022, November 28). WLAN security: Best practices for wireless network security. Security.
https://www.techtarget.com/searchsecurity/WLAN-security-Best-practices-for-wireless-
network-security
Osborne, C. (2023, October 18). 9 top mobile security threats and how you can avoid them. ZDNET.
https://www.zdnet.com/article/9-top-mobile-security-threats-and-how-you-can-avoid-them/
Hiter, S. (2023, June 6). 7 steps of the vulnerability assessment process explained. eSecurity Planet.
https://www.esecurityplanet.com/networks/vulnerability-assessment-process/
Iliadis, F., & Iliadis, F. (2023, September 5). Mobile Device Security | Baeldung on Computer Science.
Baeldung on Computer Science. https://www.baeldung.com/cs/mobile-device-security
What is DNS spoofing? Function, examples, and prevention. (2023, June 19). G2.
https://www.g2.com/articles/dns-spoofing
Mavrommatis, Konstantinos. “Confronting and Intrusion Detection Techniques of Cyber-Attacks in Wired
and Wireless Communication Networks.” In Proceedings of the 26th Pan-Hellenic Conference on
Informatics, 290–95. Athens Greece: ACM, 2022. https://doi.org/10.1145/3575879.3576007.
Keary, T., & Keary, T. (2023, March 14). A guide to spoofing attacks and how to prevent them in 2024.
Comparitech. https://www.comparitech.com/net-admin/spoofing-attacks-guide/