MOD 4 - Overview of Mobile Threats and Vulnerabilities

CMT 451 - MOBILE
SECURITY
MOD 4 – Overview of Mobile
Threats and Vulnerabilities
Learning Objectives
• Introduction to Mobile Threats and Vulnerabilities
• Physical security controls
• Tools and attacks against mobile devices
• Mobile devices and security infrastructures
• High-Level threats and vulnerabilities
• Securing mobile hardware
• The camera
• Microphones
• Sensors
• Radios
MOD 4 – Overview of Mobile Threats and Vulnerabilities 2
Introduction to Mobile Threats and
Vulnerabilities
• Just as mobile apps are popular in virtually every facet of life, they’ve
become an essential part of business.
• With consumers now spending over 90% of their five hours a day of smart
device time on apps, it’s no surprise that apps have become unavoidable
both from a usage and application point of view.
• However, this raises the very serious issue of what kind of security threats
and vulnerabilities mobile apps pose, as offering apps to customers or
relying on apps for your business can also increase risk production
perspective.

Arising Issues
• Here are some significant and negative repercussions when mobile code
technologies get compromised:
i. Financial damage: Many apps contain “shopfronts” that process payment
or subscription information, creating a monetary vulnerability
for businesses.
• By compromising the mobile code technologies used, consumers and
businesses themselves can be stolen from directly or lose information that
can help scammers target them in the future.
• That’s before even getting into the fines from regulatory authorities for
security breaches.

ii. Loss of data: Information on customers and leads is hugely valuable
for any business, and marketing could hardly do much of a job without
it.
• This makes it valuable to a lot of other people too, so hackers attack
apps to try and steal personal data.
• When stolen, lost, or shared illegally, this information loses its value.

iii. Reputational harm: Customer trust can take a long time to build but
can disappear instantly if personal data is found to have been breached
through the company’s mobile app.
• Ensuring the safety and the security of your customer’s data is vital
for maintaining a trustworthy reputation.

iv. Innovation aversion: When it comes to major financial or business
decisions in any company, the maxim “once bitten, twice shy” can be
taken as standard protocol.
• Despite the lessons that may be learned about improving mobile code
technologies following an attack, stakeholders may be reticent about
pursuing similar app projects in the future despite their benefits.

Physical security controls
• Physical Security Definition
The physical measures & their associated procedures to safeguard &
protect against:
i. Damage
ii. Loss
iii. Theft
• Implementing controls that discourage attackers by convincing them
that the cost of attacking is greater than the value received from the
attack.

Goals of Information Security
• The common thread among good information security objectives is that they
address all three core security principles.
i. Availability
ii. Confidentiality: Prevents unauthorized disclosure of systems and
information.
iii. Integrity: Prevents unauthorized modification of systems and information.
• Prevents disruption of service and productivity.
• The cornerstone of information Security.
• In physical security, it is important to ensure all three elements are
addressed.

Physical Security Requirements
• Life Safety
• Safety of people is the primary concern.
• Life safety is the primary goal.
• In an emergency situation, the organization must ensure the safety of
personnel before the safety of the facility.

Goals of Physical Security
• Deter
• Delay
• Detect
• Assess
• Respond

• Physical security technology is comprised of barriers, entry and search
controls, intrusion detection, alarm assessment, and testing and
maintenance.
• Collectively this system, along with organizational practices and
procedures, are intended to deter, delay, detect, assess, and
appropriately respond to an unauthorized activity.

Threats to Physical Security
• Natural/Environmental (e.g., earthquakes, floods, storms, hurricanes,
fires)
• Utility Systems (e.g., communication outages, power outages)
• Human-Made/Political Events (e.g., explosions, vandalism, theft,
terrorist attacks, riots)

Natural Events
• Malicious Threats, Theft, HVAC, Access, Espionage, Shoulder Surfing
• Internal/external results in increased costs

• Espionage
• Loss of intellectual property & market share
• Dumpster Diving
• Access to sensitive corporate information
• Social Engineering
• Intelligence Attack
• Shoulder Surfing
• Results in unauthorized access
• HVAC
• Access via HVAC vents
• HVAC Access
• Theft
• Espionage
• 3 Key Threats
i. Shoulder Surfing
ii. Dumpster Diving
iii. Social Engineering

Countermeasures; Theft, Espionage & Dumpster Diving
• Layered Defense System

• Disposal Policy
• Dumpster Diving
• Employee Tracking & Job Rotation
• Strict Internal Controls
• Espionage
• IDS & Locked Doors and Keys
• Access Control
• Theft
Layered Defense Model Building Floors/
Office Suites Building Grounds
• Perimeter
• Building Entrance
• Offices/Data Centers/Equipment
• Supplies
• Media
• Different layers that need protection.
• What would you need?
• Concept of “defense in depth.”
• Focuses from the outside to the inside.
• It is the combination of controls at various layers that provide the security.
Crime Prevention Through Environmental
Design
• Three Key Strategies
i. Territoriality - people protect territory that is their own
ii. Surveillance - high degree of visual control
iii. Access Control - limit access and control the flow of access
• Some security practitioners have misunderstood CPTED by developing
target programs that focus on tools such as locks, lighting, and alarms, but
they miss important CPTED design elements.
• It is how the tools are used that makes the difference.
• Essentially, the security program is integrated into the environment, not just
added on.
Tools and attacks against mobile devices
• Four mobile device security threats and three tools to manage them
• Mobile devices pose very real risks to organisations.
• The ongoing consumerisation of IT has increased pressure on organisations
to support mobile workers who demand the latest smartphones and
tablets.
• These devices offer a convenient way to work when out of the office,
whether it be for checking email or using the device as a sales tool.
• Because these devices are so different from working on a traditional laptop,
it's often thought existing security practices are not required.

• The same threats that exist against traditional computing devices also
apply to mobile devices.
• These include malware (such as the iPhoneOS.ikee.worm), social
engineering attacks (where a mobile device user is tricked into visiting a
malicious site that automatically installs malware), data loss and man-in-
the-middle attacks.

i. Malware
• The standard security practice of applying antivirus to corporate machines
should also be applied to mobile devices.
• Antivirus products exist for both BlackBerry and Android devices; these
should be investigated by the security team and deployed as needed.
• Malicious apps can be a source of malware, so policies should be put in
place to restrict which apps can be installed on a device.
• Policy should forbid users from using jailbreaking tools on mobile devices,
since these bypass the built-in security features of the device and make it
much more likely that malware can be installed.
21
MOD 4 – Overview of Mobile Threats and Vulnerabilities
ii. Social engineering attacks
• Users are often educated about the threat of phishing emails on their
laptops and desktops, but they may not apply the same caution to their
mobile device.
• Users should be educated to avoid following email links, opening
attachments, or visiting websites that are not confirmed as safe.
• MDM products can provide a whitelist of websites that are considered safe,
automatically allowing access to these sites.
• Alternatively, a secure browser can be installed on the device, allowing access
only to approved sites.

iii. Data loss
• A significant threat to corporate data is the manual or automatic
synchronisation of devices.
• In a typical implementation, mobile devices can be synchronised with
multiple cloud services or a home or work PC, to provide a consolidated
view of the user's email, calendar and contacts.
• However, this can potentially be abused by employees, and corporate
data may be placed on a machine outside of the organisation's control,
which will not be governed by approved security controls.
• Security policy should therefore forbid the synchronisation of devices with
home PCs.

iv. Man-in-the-middle attacks
• The most compelling reason to allow mobile devices is the productivity
increase that can be gained from allowing users to connect anytime,
anywhere.
• However, public wireless networks are usually unencrypted.
• If a user connects from a hotel, café or the guest network of another
company, data passed over the connection can be seen and intercepted by
third parties, and potentially even altered.
• To defend against this threat, connections into the corporate network must
be conducted over a secure, encrypted VPN.
• Modern smartphones support VPN configurations, and your security policy
should require users to connect via a VPN when outside the corporate
network.
Mobile device security tools
i. Mobile Device Management (MDM)
• In addition to the mobile device security policies guidelines described above,
there are additional security technologies that help protect against all these
threats.
• The first is called mobile device management (MDM).
• MDM can be used to enforce a consistent, approved security model across
all enterprise-owned devices, and changes to the policy can automatically be
pushed to the devices remotely.
• There are a variety of MDM products available for smartphone platforms.
Security team should consider MDM technology as a means to enforce VPN
settings, passcodes and screen-lock duration.
• MDM can even be used to block the installation of new apps, which
mitigates the threat associated with
MOD 4 – Overview malware
of Mobile delivered via malicious apps.
Threats and Vulnerabilities 25
ii. Sandboxing
• The second tool that can be employed is sandboxing.
• With sandboxing, the mobile device is separated into two sections.
• All corporate data is stored in and accessed via one of the sections,
called a sandbox, which requires the user to login.
• This can be explicitly controlled by the security team and access can be
granted and revoked at will.
• Thus, if the device is reported stolen, the secure login can be disabled
and the sandboxed area of the device is safe.

iii. Secure Browsers
• Secure browsers are the third tool in a mobile device defense plan.
• A secure browser can be installed to replace the default browser on mobile
devices.
• A secure browser can check against a blacklist of known malicious sites each
time a website is requested.
• This can be a defense against social engineering and malware installation,
but is only as effective as the blacklist in use.
• Vendors such as Symantec, McAfee, Trend Micro, F-Secure, Lookout and
Webroot, offer secure browsers plus blacklists for various smartphone
platforms.

Mobile devices and security infrastructures
• Most Americans (77%) now own a smartphone, up from just 35% in 2011,
according to the Pew Research Center.
• Additionally, about half of American adults own tablet computers.
• As mobile device ownership has become the norm, smartphones and tablets
have made their way into the workplace.
• The practice of using personal mobile devices at the office to access company
data presents a new set of cybersecurity risks.
• Your IT infrastructure isn’t truly safeguarded against IT security threats unless
you’ve accounted for and taken steps to protect mobile devices and other
endpoints.

• That’s why the 11th step in our process for ensuring your IT infrastructure is
secure involves protecting mobile devices and other endpoints from
malicious parties and software looking to gain unauthorized access to your
company’s network.
• Before we explore this topic, however, here are the previous steps:

1. Performing a security audit
2. Creating and enforcing IT security policies
3. Updating your anti-virus solution
4. Updating workstations and servers
5. Guarding your email with a hosted spam solution
6. Implementing a hosted DNS solution
7. Updating your firewall
8. Implementing a backup solution
9. Auditing your servers
10. Securing your WiFi

Mobility and Vulnerability
• Many businesses have embraced the growing popularity of mobile devices
by adopting “bring your own device” (BYOD) policies, which allow employees
to bring in their own smartphones, tablets, and other mobile gadgets and
use them to complete projects.
• Although a BYOD plan could lower your organization’s technology costs since
workers supply some of their own tech tools, allowing personal devices in
the office creates a bunch of new points of vulnerability where security is
concerned.

BYOD Scenarios
• Here are some questions and scenarios you’ll want to consider regarding
mobile devices and security risks:
1. What happens if a device that has sensitive corporate data on it gets lost?
2. What if an employee leaves the company and takes their personal devices
(still containing company data) with them?
3. What if an employee uses their mobile device to access a non-secure/non-
corporate network?
• This could happen, for example, if they use public WiFi to access the Internet
while at a coffee shop.
• People looking to gain unauthorized access to sensitive data could do so
through the unsecured network.
High-Level threats and vulnerabilities
• Every business is under constant threat from a multitude of sources.
• From the biggest Fortune 500 companies down to the smallest of
mom-and-pop stores, no business is 100% safe from an attack.
• The simple fact is that there are too many threats out there to
effectively prevent them all.

What is Vulnerability in Computer Security and How is It Different
from a Cyber Threat?
• To put it in the most basic terms, a computer system vulnerability is a flaw
or weakness in a system or network that could be exploited to cause
damage, or allow an attacker to manipulate the system in some way.
• This is different from a “cyber threat” in that while a cyber threat may
involve an outside element, computer system vulnerabilities exist on the
network asset (computer) to begin with.
• Additionally, they are not usually the result of an intentional effort by an
attacker—though cybercriminals will leverage these flaws in their attacks,
leading some to use the terms interchangeably.

• The way that a computer vulnerability is exploited depends on the nature of
the vulnerability and the motives of the attacker.
• These vulnerabilities can exist because of unanticipated interactions of
different software programs, system components, or basic flaws in an
individual program.

Security Vulnerability and Security Threat
1) Malware:- new malware is being created all the time.
• However, while the statistic of 360,000 new malware files a day

sounds daunting, it’s important to know one thing: Many of these
“new” malware files are simply rehashes of older malware programs
that have been altered just enough to make them unrecognizable to
antivirus programs.

• Different kinds of malware have been created, each one affecting the target’s
systems in a different way:
a. Ransomware: This malicious software is designed to encrypt the victim’s
data storage drives, rendering them inaccessible to the owner.
• An ultimatum is then delivered, demanding payment in return for the

encryption key.
• If the ransom demand isn’t met, the key will be deleted and the data lost
forever with it.

b. Trojans: This references a kind of delivery system for malware.
• A Trojan is any piece of malware that masquerades as a legitimate

program to trick victims into installing it on their systems.
• Trojans can do a lot of damage because they slip behind your outermost
network security defenses by posing as something harmless while
carrying a major threat inside—like a certain infamous horse did to the
city of Troy in Homer’s “Iliad.”

c. Worms: Worms are programs that can self-replicate and spread through a
variety of means, such as emails.
• Once on a system, the worm will search for some form of contacts database
or file sharing system and send itself out as an attachment.
• When in email form, the attachment is part of an email that looks like it’s
from the person whose computer was compromised.

2) Unpatched Security Vulnerabilities
• While there are countless new threats being developed daily, many of
them rely on old security vulnerabilities to work.
• With so many malwares looking to exploit the same few
vulnerabilities time and time again, one of the biggest risks that a
business can take is failing to patch those vulnerabilities once they’re
discovered.

3) Hidden Backdoor Programs
• This is an example of an intentionally-created computer security
vulnerability.
• When a manufacturer of computer components, software, or whole
computers installs a program or bit of code designed to allow a computer
to be remotely accessed (typically for diagnostic, configuration, or
technical support purposes), that access program is called a backdoor.
• When the backdoor is installed into computers without the user’s
knowledge, it can be called a hidden backdoor program.
• Hidden backdoors are an enormous software vulnerability because they
make it all too easy for someone with knowledge of the backdoor to
illicitly access the affected computer system and any network it is
connected to.
Example of a Backdoor Program
• A recent article by Bloomberg highlights a case where a security vulnerability
that could be used as a backdoor was left in a manufacturer’s routers.
According to the author:

“Europe’s biggest phone company identified hidden backdoors in the software
that could have given Huawei unauthorized access to the carrier’s fixed-line
network in Italy, a system that provides internet service to millions of homes and
businesses…
Vodafone asked Huawei to remove backdoors in home internet routers in 2011
and received assurances from the supplier that the issues were fixed, but further
testing revealed that the security vulnerabilities remained."

• This software vulnerability in the Huawei routers is concerning
because, if used by malicious actors, it could give them direct access
to millions of networks.

4) Superuser or Admin Account Privileges
• One of the most basic tenets of managing software vulnerabilities is to limit
the access privileges of software users.
• The less information/resources a user can access, the less damage that user
account can do if compromised.
• Many organizations fail to control user account access privileges—allowing
virtually every user in the network to have so-called “Superuser” or
administrator-level access.
• Some computer security configurations are flawed enough to allow
unprivileged users to create admin-level user accounts.

• Verifying that user account access is restricted to only what each user
needs to do their job is crucial for managing computer security
vulnerabilities.
• Also, ensuring that newly-created accounts cannot have admin-level
access is important for preventing less-privileged users from simply
creating more privileged accounts.

5) Automated Running of Scripts without
Malware/Virus Checks
• One common network security vulnerability that some attackers learned to
exploit is the use of certain web browsers’ (such as Safari) tendencies to
automatically run “trusted” or “safe” scripts.
• By mimicking a trusted piece of code and tricking the browser,
cybercriminals could get the browser software to run malware without the
knowledge or input of the user—who often wouldn’t know to disable this
“feature.”
• While keeping employees from visiting untrustworthy websites that would
run malware is a start, disabling the automatic running of “safe” files is
much more reliable—and necessary for compliance with the Center for
Internet Security’s (CIS’)
6) Unknown Security Bugs in Software or
Programming Interfaces
• Computer software is incredibly complicated.
• When two or more programs are made to interface with one another,
the complexity can only increase.
• The issue with this is that within a single piece of software, there may
be programming issues and conflicts that can create security
vulnerabilities.
• When two programs are interfaced, the risk of conflicts that create
software vulnerabilities rises.

7) Phishing (Social Engineering) Attacks
• In a phishing attack, the attacker attempts to trick an employee in the
victim organization into giving away sensitive data and account
credentials—or into downloading malware.
• The most common form of this attack comes as an email mimicking
the identity of one of your company’s vendors or someone who has a
lot of authority in the company.

Example of phishing attacks
• The attacker may say something like: “This is Mark from IT, your user
account shows suspicious activity, please click this link to reset and
secure your password.”
• The link in such an email often leads to a website that will download
malware to a user’s computer, compromising their system.
• Other phishing attacks may ask users to give the attacker their user
account credentials so they can solve an issue.

Ways to thwart Phishing Attacks
• The basic goal of this strategy is to exploit an organization’s employees to bypass one
or more security layers so they can access data more easily.
• There are several ways to defend against this attack strategy, including:
i. Email Virus Detection Tools. To check email attachments for malware that could
harm your network.
ii. Multifactor Authentication (MFA). Using multiple authentication methods (such as
biometrics, one-use texted codes, and physical tokens) for giving users access to
your network makes it harder for attackers to hijack user accounts with just the
username and password.
iii. Employee Cybersecurity Awareness Training. An educated employee is less likely to
fall for phishing schemes than one who doesn’t know basic cybersecurity protocols.
• Cybersecurity awareness training helps to provide employees with the basic
knowledge they need to identify and avoid phishing attacks.
iv. Defense in Depth. Using a defense-in-depth approach to network
security adds extra layers of protection between each of the individual
assets on the network.
• This way, if attackers bypass the outermost defenses of the network,
there will still be other layers of protection between the compromised
asset and the rest of the network.

8) Your IoT Devices
• The Internet of Things (IoT) encompasses many “smart” devices, such
as Wi-Fi capable refrigerators, printers, manufacturing robots, coffee
makers, and countless other machines.
• The issue with these devices is that they can be hijacked by attackers
to form slaved networks of compromised devices to carry out further
attacks.
• Worse yet, many businesses don’t even realize just how many IoT
devices they have on their networks—meaning that they have
unprotected vulnerabilities that they aren’t aware of.

• These unknown devices represent a massive opportunity to attackers
—and, a massive risk for businesses.
• To minimize the risk from IoT devices, a security audit should be
performed that identifies all of the disparate assets on the network
and the operating systems they’re running.

9) Your Own Employees
• The biggest security vulnerability in any organization is its own
employees.
• Whether it’s the result of intentional malfeasance or an accident, most
data breaches can be traced back to a person within the organization
that was breached.
• For example, employees may abuse their access privileges for personal
gain.
• Or, an employee may click on the wrong link in an email, download the
wrong file from an online site, or give the wrong person their user
account credentials—allowing attackers easy access to your systems.

• Some of the same prevention techniques mentioned in the anti-
phishing bullets can be applied to prevent data breaches caused by
employees.
• For example, using a policy of least privilege keeps users from having
access to too much data at once, making it harder for them to steal
information.
• Additionally, cybersecurity awareness training helps employees spot
phishing attempts and other social engineering-style attacks so they
won’t fall for them.

Securing Mobile Hardware
• Mobile software protection is nearing its limit.
• Because security is based on software protecting software, it will
never be as reliable as hardware-backed protection.
• Risk management teams tend to deploy iOS devices, but because
Apple controls most everything on its devices, application developers
struggle to provide flexible solutions and leverage true (hardware-
based) security.
• With Android devices, meanwhile, developers often lack information
on available and accessible hardware security.

• A potential solution is the Trusted Execution Environment, which provides
hardware-based mobile security without increasing the device's bill of
materials.
• Specifications for secure chip technologies such as Secure Elements will
greatly help.
• The deployment and lifecycle management of a trusted application can be
simply carried out via a secured server, which will both verify that the
device is genuine and enable application management.
• The server can be in-house or cloud-based, making the solution providers
fully independent from hardware manufacturers and giving them the
autonomy to develop, deploy and manage their own solutions.
• Because of its unique security features and ease of access on Android, there
is huge value to be derived by users.
CCTV Security Cameras
• Security camera CCTV systems come in a variety of different image
resolutions, integration capabilities and use cases.
• Some business security cameras are used indoors while others are
used outdoors, some pan, tilt and zoom for broader coverage while
others are built to read license plates coming into a parking lot.
• All businesses need a security camera system.
• Why?
• Because having video evidence of any crime happening on your
property can not only help catch the perpetrator but it can also show
where the building’s security system is vulnerable and you can make
the necessary changes so that it doesn’t happen again.
Security Camera Microphones
• CCTV audio microphones are an easy way to add sound to any
surveillance system where the DVR recorder has audio inputs.
• All of the recorders sold by CCTV Camera World have at least one audio
input.
• We carry three types of microphones.
• Two are indoor mics:
i. In line surveillance microphone that shares DC power with the camera
using a pass through connection, and
ii. A standalone security camera mic that can be used with its own 12V
power adapter or share a power supply using a 1 to 2 dc power
splitter.
iii. You can do the same with the third type outdoor CCTV
microphone which is also a standalone mic.
• The inline mics require the camera cable to have an audio connector
such as our audio video power siamese cable and must be located
close the camera.
• The standalone microphones can be placed anywhere using a Siamese
Cable with BNC to RCA connectors or next to the camera using a
power splitter and siamese cable with audio.

Sensors
• Infrared sensors utilize infrared light to detect motion.
• In a security system, that motion triggers an alarm, turns on lights, or
sends an alert.
There ate two types of IR Sensors:
i. Active infrared (IR) sensors utilize an emitter and receiver to monitor
the distance from an object to a sensor.
• The emitter first shines an infrared light on an object.
ii. A passive infrared sensor (PIR sensor) is an electronic sensor that
measures infrared (IR) light radiating from objects in its field of view.

Radios
• Like other technologies, RFID is exposed to security threats and,
specifically, to attacks on the confidentiality, integrity, and availability of
the data stored on the tags or on the information exchanged between a
reader and a tag.

RFID security tags
• RFID security tags are the simplest way for your business to keep track
of inventory, shipments, and protect against theft.
• Small, inexpensive, and effective, if you don’t currently use them then
you need to seriously reconsider!

What are RFID security tags?
• Standing for Radio Frequency Identification, RFID tags are small microchips
which send a radio signal to a receiver.
• And when we say small, we mean it!
• Because RFID tags are so basic and contain such little information (such as
price/SKU number) they can literally fit onto a sticker on the back of a label.
• The technology is more common than you think – in fact, you’ve
almost certainly used them before without realising.
• They are used in passports, Metro transport cards, hotel room key cards,
and pet microchips to name but a few.

How do RFID security tags work?
• So how does something so small do so much?
• The answer lies in its power source; it doesn’t have one!
• The tag is made up of 2 simple parts; a circuit and an antenna.
• Both of these things are useless without something to power them,
and that’s where the magic happens.
• When the circuit comes into contact with radio waves at low, high,
and ultra-high frequencies, an electrical field is generated.

• It is this field that powers the circuit, allowing it to transmit its
information to a nearby source.
• RFID readers, such as hotel room locks, security gates, and stock PDA’s
power the very chip they are scanning, and from there use the
information for whatever purpose necessary.

***END***

MOD 4 - Overview of Mobile Threats and Vulnerabilities

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MOD 4 - Overview of Mobile Threats and Vulnerabilities

Uploaded by

Copyright:

Available Formats

CMT 451 - MOBILE

MOD 4 – Overview of Mobile Threats and Vulnerabilities 3

MOD 4 – Overview of Mobile Threats and Vulnerabilities 4

MOD 4 – Overview of Mobile Threats and Vulnerabilities 5

MOD 4 – Overview of Mobile Threats and Vulnerabilities 6

MOD 4 – Overview of Mobile Threats and Vulnerabilities 7

MOD 4 – Overview of Mobile Threats and Vulnerabilities 8

MOD 4 – Overview of Mobile Threats and Vulnerabilities 9

MOD 4 – Overview of Mobile Threats and Vulnerabilities 10

MOD 4 – Overview of Mobile Threats and Vulnerabilities 11

MOD 4 – Overview of Mobile Threats and Vulnerabilities 12

MOD 4 – Overview of Mobile Threats and Vulnerabilities 13

• Internal/external results in increased costs

MOD 4 – Overview of Mobile Threats and Vulnerabilities 15

• Layered Defense System

MOD 4 – Overview of Mobile Threats and Vulnerabilities 19

MOD 4 – Overview of Mobile Threats and Vulnerabilities 20

MOD 4 – Overview of Mobile Threats and Vulnerabilities 22

MOD 4 – Overview of Mobile Threats and Vulnerabilities 23

MOD 4 – Overview of Mobile Threats and Vulnerabilities 26

MOD 4 – Overview of Mobile Threats and Vulnerabilities 27

MOD 4 – Overview of Mobile Threats and Vulnerabilities 28

MOD 4 – Overview of Mobile Threats and Vulnerabilities 29

MOD 4 – Overview of Mobile Threats and Vulnerabilities 30

MOD 4 – Overview of Mobile Threats and Vulnerabilities 31

MOD 4 – Overview of Mobile Threats and Vulnerabilities 33

MOD 4 – Overview of Mobile Threats and Vulnerabilities 34

MOD 4 – Overview of Mobile Threats and Vulnerabilities 35

• However, while the statistic of 360,000 new malware files a day

MOD 4 – Overview of Mobile Threats and Vulnerabilities 36

• An ultimatum is then delivered, demanding payment in return for the

MOD 4 – Overview of Mobile Threats and Vulnerabilities 37

• A Trojan is any piece of malware that masquerades as a legitimate

MOD 4 – Overview of Mobile Threats and Vulnerabilities 38

MOD 4 – Overview of Mobile Threats and Vulnerabilities 39

MOD 4 – Overview of Mobile Threats and Vulnerabilities 40

According to the author:

MOD 4 – Overview of Mobile Threats and Vulnerabilities 42

MOD 4 – Overview of Mobile Threats and Vulnerabilities 43

MOD 4 – Overview of Mobile Threats and Vulnerabilities 44

MOD 4 – Overview of Mobile Threats and Vulnerabilities 45

MOD 4 – Overview of Mobile Threats and Vulnerabilities 47

MOD 4 – Overview of Mobile Threats and Vulnerabilities 48

MOD 4 – Overview of Mobile Threats and Vulnerabilities 49

MOD 4 – Overview of Mobile Threats and Vulnerabilities 51

MOD 4 – Overview of Mobile Threats and Vulnerabilities 52

MOD 4 – Overview of Mobile Threats and Vulnerabilities 53

MOD 4 – Overview of Mobile Threats and Vulnerabilities 54

MOD 4 – Overview of Mobile Threats and Vulnerabilities 55

MOD 4 – Overview of Mobile Threats and Vulnerabilities 56

MOD 4 – Overview of Mobile Threats and Vulnerabilities 60

MOD 4 – Overview of Mobile Threats and Vulnerabilities 61

MOD 4 – Overview of Mobile Threats and Vulnerabilities 62

MOD 4 – Overview of Mobile Threats and Vulnerabilities 63

MOD 4 – Overview of Mobile Threats and Vulnerabilities 64

MOD 4 – Overview of Mobile Threats and Vulnerabilities 65

MOD 4 – Overview of Mobile Threats and Vulnerabilities 66

MOD 4 – Overview of Mobile Threats and Vulnerabilities 67

You might also like