Security in Mobile

Devices and Wireless

Computing
What is a Mobile
Device/Wireless?
 Mobile Device: a device that is easy to
use, enables remote access to business
networks and the internet, and enables
quick transfer of data.

 Wireless Communication: the transfer of

information over a distance without the
use of electrical conductors or wires
What are some examples of
Mobile Devices?
 Laptops  Garage Door Opener
 Cell Phones  GPS
 PDAs  Cordless phone
 Flash Drives  Cameras
 Bluetooth  Graphing Calculator
 Mouse/Keyboard  Nintendo Wii (game
 Mp3 Players
controllers)
How does Wireless Work?
 Wireless networks use electromagnetic
radiation as their means of transmitting
data through space.
 An access point (AP) device is
physically connected to the LAN
(typically a router)
 The AP has an antenna and sends and
receives data packets through space
 A wireless device then connects to the
WLAN using its transmitter to connect
to the AP, and then to the LAN.
Growing Popularity

 Used for day to day activities

 Affordable
 Necessary to keep up with competitors
using the same technology
 Convenient Size
Risk: Physical theft/loss of
device
 Laptop theft accounted for 50% of
reported security attacks.
CSI, The 12th Annual Computer Crime
and Security Survey, 2007
 Lost or stolen laptops and mobile
devices are the most frequent cause of
a data breach, accounting for 49% of
data breaches in 2007.
Ponemon Institute, U.S. Costs of a Data
Breach, November 2007
Risk: Data loss/leakage
 7 out of 10 government mobile devices
are unencrypted.

 The cost of recovering from a single

data breach now averages $6.3M -
that’s up 31 percent since 2006 and
nearly 90 percent since 2005.
Wireless networks

 Infrastructure Mode
 Ad-hoc mode
Specific Threats to Wireless
Networks
 Unauthorized use of service
 Jamming :blocking or interference with authorized wireless
communications

ConstantJamming
Deceptive Jamming
Mitigation

 Encryption
 Authentication
Common Sense Solutions
 Understand what is really at risk
 Take controls seriously
 Don’t be too trusting of people
 Use technology for help
 TEST!
 Trends In Mobility
 Wireless tech is an idea that started out
on the drawing board and went to
become one of the largest carriers of
digital data in the world today.
 This pattern of growth has been
nothing short on monumental.
 Today, wireless technology is
responsible for the smooth and
efficient functioning of several niches
of industries.
Cont.…
Credit card fraud in mobile and
wireless era
Elements of Credit Card Fraud
Debit/credit card fraud is thus committed when a
person
 1) fraudulently obtains, takes, signs, uses, sells,
buys, or forges someone else’s credit or debit card
or card information;
 2) uses his or her own card with the knowledge
that it is revoked or expired or that the account
lacks enough money to pay for the items charged;
and
 3) sells goods or services to someone else with
knowledge that the credit or debit card being
used was illegally obtained or is being used
without authorization.
Types of Credit Card Fraud:
The first category, lost or stolen cards, is a relatively common one,
and should be reported immediately to minimize any damages.
 The second is called “account takeover” — when a cardholder
unwittingly gives personal information (such as home address,
mother’s maiden name, etc.) to a fraudster, who then contacts the
cardholder’s bank, reports a lost card and change of address, and
obtains a new card in the soon-to-be victim’s name.
 The third is counterfeit cards — when a card is “cloned” from
another and then used to make purchases. In Asia Pacific, 10% to
15% of fraud results from malpractices such as card skimming but
this number has significantly dropped from what it was a couple of
years prior, largely due to the many safety features put in place for
payment cards, such as EMV chip.
 The fourth is called “never received” — when a new or
replacement card is stolen from the mail, never reaching its rightful
owner.
 The fifth is fraudulent application— when a fraudster uses
another person’s name and information to apply for and obtain a
credit card.
Mobile device Security
Challenges
 OS Attacks: Loopholes in operating systems create
vulnerabilities that are open to attack. Vendors try to solve
these with patches.
 Mobile App Attacks: Poor coding and improper development
creates loopholes and compromises security.
 Communication Network Attacks: Communications such as
Bluetooth and Wi-Fi connections make devices vulnerable.
 Malware Attacks: There has been a constant rise in malware
for mobile devices. The focus is on deleting files and creating
chaos.
Authentication Service Security
 There are 2 components of security in mobile computing:
 Security of Devices : – A secure network access involves
mutual authentication between the device and the base station
or web servers. So that authenticated devices can be
connected to the network to get requested services. In this
regard Authentication Service Security is important due to
typical attacks on mobile devices through WAN:
 DoS attacks: –
 Traffic analysis:-
 Eavesdropping:-
 Man-in-the-middle attacks: –
 Security in network: – Security measures in this regard come
from
 Wireless Application Protocol (WAP)
 use of Virtual Private Networks (VPN)
 MAC address filtering
Security implication for Organization
 Install Apps that are necessary and useful.
 Research apps before downloading, preferably check the publisher and
app reviews.
 Look out for app permissions during the installations and check the
market listing or developer any suspicious permission(s).
 Users’ whereabouts can be exposed via smart phones and tablets
because most of them have a feature called location tracking that can
be used by apps to deliver services tailored to the tablet or phone’s
current location.
 Be wary of phishing scams and malware via the Web browser or SMS
messages
 Limit the amount of personal information you post.
 Be skeptical, don’t believe everything you read online.
 Evaluate your settings – Take advantage of a site’s privacy settings.