wireless and mobile

device attack
Cyber Security Essential
Jibril Dauda Muhammad
muhammadjibrildauda@gmail.com | 08184018469
• The widespread use of the Internet and mobile devices means that
now, more than ever before, we can communicate and work on
the go, without the need for cables and wires! But this also breeds
more opportunity for cybercriminals to access the sensitive
information they are after.
Grayware and SMiShing
Grayware and SMiShing

• Grayware is any unwanted application that behaves in an annoying

or undesirable manner. And while grayware may not carry any
recognizable malware, it may still pose a risk to the user by, for
example, tracking your location or delivering unwanted
advertising.
• Authors of grayware typically maintain legitimacy by including
these ‘gray’ capabilities in the small print of the software license
agreement. This factor poses a growing threat to mobile security
in particular, as many smartphone users install mobile apps
without really considering this small print. 
Grayware and SMiShing
Grayware and SMiShing

• Short message service phishing or SMiShing is another tactic used

by attackers to trick you. Fake text messages prompt you to visit a
malicious website or call a fraudulent phone number, which may
result in malware being downloaded onto your device or personal
information being shared. 
Grayware and SMiShing
Rogue Access Points
Bluejacking and Bluesnarfing

• Due to the limited range of Bluetooth, an attacker must be within

range of their target. Here are some ways that they can exploit a
target’s device without their knowledge.
• Bluejacking uses wireless Bluetooth technology to send
unauthorized messages or shocking images to another Bluetooth
device.
• Bluesnarfing occurs when an attacker copies information, such as
emails and contact lists, from a target’s device using a Bluetooth
connection.
Bluejacking and Bluesnarfing
Attacks Against Wi-Fi Protocols
Attacks Against Wi-Fi Protocols
Risky Business

• You are enjoying a coffee in the local cafe and decide to catch up on
your emails while you wait for your friend to arrive. You try to log on
to the café’s Wi-Fi but the connection looks very weak. Fortunately,
there is a second Wi-Fi with a similar name, so you log on to that.
• However, unknown to you, an attacker sits nearby, having created a
Wi-Fi hotspot on their mobile, which they have paired with their
laptop. They are monitoring the online activity of everyone who
connects to this Wi-Fi, including you — that wasn’t the café’s Wi-Fi
after all!
• What type of attack is this?
ANS

• This is an example of an evil twin attack. The attacker has set up

a Wi-Fi hotspot to look like a better connection option for anyone
looking to access the cafe’s Wi-Fi. Once you are connected to the
evil access point, the attacker can analyze your network traffic
and execute MitM attacks.
• Always use a virtual private network (VPN) to stay secure on public
networks, especially if you are accessing personal data or
confidential organizational information.
Wi-Fi and Mobile Defense

• There are several steps that organizations and users need to take to
defend against wireless and mobile device attacks. These include the
following:
• Take advantage of basic wireless security features such as
authentication and encryption by changing the default configuration
settings.
• Restrict access point placement by placing these devices outside the
firewall or within a demilitarized zone — a perimeter network that
protects an organization’s LAN from untrusted devices.
• Develop a policy for guest access to an organization’s Wi-Fi network.
• You have seen how cybercriminals are taking advantage of
vulnerabilities in wireless security. But they also use techniques to
exploit vulnerabilities in web applications and email browsers to
launch their attacks.
Q/A
|
END