Cyber Unit 2
Cyber Unit 2
2. Short Message Service (SMS): MS is originally created for a phone/mobile that uses
GSM Global System for Mobile communication). This service is used to send text
messages even without the Internet connection between two or more mobile devices.
This technique is very easy, user-friendly, comfortable and the most effective means of
wireless communication.
3. General Packet Radio Service (GPRS): The GPRS is a non-voice high-speed packet
switching system developed for GSM networks. GPRS is a packet-aligned, wireless
communication service that transmits a mobile signal on 3G and 2G cellular
transmission networks.
Importance of mobile and wireless devices: Mobile and wireless devices are
important because they make life easier and more convenient, and they have many
uses
• Communication
Mobile devices allow for instant and constant communication, breaking down
geographical barriers. You can use them to make voice and video calls, send messages,
and use social media.
• Productivity
Mobile devices can help you be more efficient and productive at work. You can use
them to send and receive documents, meet schedules, and provide introductions.
• Entertainment
You can use mobile devices to watch movies, listen to music, and play games.
• Information
You can use mobile devices to stay informed about the world around you. For example,
you can check the traffic and weather on your phone.
• Other utilities
Mobile devices can also function as a calculator, camera, clock, alarm, timer, stopwatch,
and compass.
Proliferation of Mobile and Wireless Devices:
The proliferation of mobile and wireless devices refers to the rapid increase in the production
of these devices, driven by technological advancements. This has led to a number of
changes, including.
• Social change
The new mobile culture has changed social behaviour, with people using their devices
for a variety of activities, including shopping, browsing the internet, and working.
• Competitive landscape
Companies are now competing with each other to satisfy customers, which has led to a
decline in the quality of mobile devices.
• Security risks
The increased use of mobile devices has led to new security threats, such as malicious
software (malware) that can affect privacy, identity, and financial theft.
• Corporate security
Wireless devices pose a security threat to organizations, which need to implement
policies and procedures to assess and monitor risks.
The wireless revolution began in the 1990s, with the introduction of digital wireless
networks and the proliferation of commercial wireless technologies.
Trends in Mobility:
Mobile computing is moving into a new era, third generation (3G), which promises greater
variety in applications and have highly improved usability as well as speedier networking.
"iPhone" from Apple and Google-led "Android" phones are the best examples of this trend and
there are plenty of other developments that point in this direction. This smart mobile
technology is rapidly gaining popularity and the attackers (hackers and crackers) are among
its biggest fans.
Here are some trends in mobile computing and enterprise mobility:
• 5G: The fifth generation of mobile internet connectivity, 5G offers faster speeds and
more reliable connections than previous generations. It allows for the integration of
smart devices and the wireless transfer of large amounts of data.
• Mobile application management (MAM): MAM is a more flexible yet stricter
approach to managing the use of smartphones and tablets in the workplace. It's a
transition from conventional mobile device management (MDM).
• Bring Your Own Device (BYOD): BYOD allows employees to use their personal
devices for work-related tasks. This can increase employee happiness, enhance
flexibility, and save businesses money
Other trends in mobility and mobile computing include:
• Advanced connectivity
• Applied AI
• Cloud and edge computing
• Generative AI
• Immersive-reality tech
• Industrialization of machine learning
• Next-generation software development
• Quantum tech
• Trust architecture and digital-identity tools
• Web3
Credit card Frauds in Mobile and Wireless Computing Era
Mobile and wireless devices can be susceptible to credit card fraud through Man-in-the-Middle
(MitM) attacks. In these attacks, an attacker intercepts network communications to either
eavesdrop on or modify the data being transmitted. SMS messages and mobile applications
can be easily intercepted, making mobile devices especially vulnerable to MitM attacks.
In this modern era, the rising importance of electronic gadgets – which became an integral part
of business, providing connectivity with the internet outside the office brings many challenges
to secure these devices from being a victim of cybercrime. These Credit card frauds and all are
the new trends in cybercrime that are coming up with mobile computing – mobile commerce
(M- COMMERCE) and mobile banking (M-Banking).
Today belongs to” Mobile computing” that is anywhere any time computing. The
developments in wireless technology have fuelled this new mode of working for white collar
workers. This is true for credit card processing too. Credit card (or debit card) fraud is a form
of identity theft that involves an unauthorized taking of another’s credit card information for
the purpose of charging purchases to the account or removing funds from it.
2. Modern Techniques:
Skimming to Commit Fraud is a kind of crime in which dishonest employees make
unlawful copies of credit or debit cards with the help of a ‘skimmer’. A skimmer is a
gadget that captures credit card numbers and other account information which
should be personal. The data and records held on either the magnetic stripe on the
lower back of the deposit card or the records saved on the smart chip are copied
from one card to another.
Registry settings are stored in a hierarchical structure of values, subkeys, and keys. They
can be used for a variety of purposes, including: Configuring system settings, customizing
application settings, troubleshooting application issues, managing hardware devices, and
Automating software deployment.
In the context of mobile devices and ActiveSync, let's explore how registry settings and
group policy play a crucial role in ensuring security and establishing trusted
configuration.
Data Synchronisation: Active Sync enables users to synchronise critical data between
their PC and mobile device, ensuring that information remains consistent and up-to-date on
both platforms.
E-mail Synchronisation: Users can synchronise their e-mails, including inbox, sent items,
drafts and other folders, allowing for real-time access to e-mail messages on both the PC
and mobile device.
Calendar and Contacts Sync: Active Sync ensures that calendar events and contact
information are synchronised between the PC and mobile device, enabling users to stay
organised and up to date
Task and Note Synchronisation: Tasks and notes can be synchronised, providing a
unified experience across devices for managing to-do lists and notes
File and Document Transfer: Active Sync allows the transfer of files and documents,
including Microsoft Office files (e.g., Word, Excel, PowerPoint), pictures, videos and other
multimedia content, between the PC and mobile device.
Security Features: Active Sync incorporates security measures to protect sensitive data
during synchronisation, including encryption and remote wipe capabilities to safeguard
data in case of loss or theft. Active Sync has been a fundamental tool for users who rely on
Microsoft's ecosystem, providing a streamlined and efficient way to keep their data in sync
across their PC and mobile devices.
Gateway for Data Transfer: Active Sync acts as a gateway, facilitating the secure transfer
of applications and data between a user's desktop and their mobile devices.
Synchronisation with Exchange Server: Active Sync allows direct synchronisation with
Microsoft Exchange Server, ensuring users can keep their e-mails, calendar, notes and
contacts updated wirelessly even when they areaway from their PCs.
Role of Registry Settings: Registry settings in the Windows operating system contain
critical configurations and parameters that dictate the behaviour of the system and
applications
In the context of Active Sync and mobile devices, registry settings are crucial for
configuring how Active Syn cooperates and ensuring secure synchronisation between
devices and servers.
Establishing Trusted Groups through Registry Settings: Active Sync, being a critical
application for synchronisation, often needs to define access rights and configurations using
registry settings to ensure secure data transmission. Registry settings can establish trusted
groups by defining permissions, access levels and security policies related to Active Sync
usage.
Group Policy and Local Group Policy Editor (GPEDIT.MSC): Group Policy is a
feature of Windows Active Directory that allows administrators to define configurations
and security settings for users and computers within a domain. The Local Group Policy
Editor (accessed via the GPEDIT. MSC command) is a tool to modify group policy settings
on a local machine.
To add a registry key and value to a mobile device profile, you can do the following:
1. Select the profile name from the Profiles tab
2. Click Edit
3. Click New in the Registry Entries panel
4. Select Root from the drop-down list
5. Type the key name in the Key text box
6. Type the key value entry in the Name text box
7. Enter the value entry data in the Data text box
8. Select the value type from the drop-down list
9. Select Create key as the Action
10.Click Add to add the registry key and value to the list
11.Click Save when finished
Authentication is a cybersecurity service that verifies a user's identity to ensure they have
the correct permissions to access a system. Authentication is used by a server when the
server needs to know exactly who is accessing their information or site. Authentication is
used by a client when the client needs to know that the server is system it claims to be. In
authentication, the user or computer has to prove its identity to the server or client.
1. Single-Factor Authentication: This was the first method of security that was developed.
On this authentication system, the user has to enter the username and the password to
confirm whether that user is logging in or not. Now if the username or password is wrong,
then the user will not be allowed to log in or access the system.
The main objective of authentication is to allow authorized users to access the computer and
to deny access to unauthorized users. Operating Systems generally identify/authenticates users
using the following three ways: Passwords, Physical identification, and Biometrics. These are
explained as following below.
1. Passwords: Password verification is the most popular and commonly used authentication
technique. A password is a secret text that is supposed to be known only to a user. In a
password-based system, each user is assigned a valid username and password by the system
administrator. The system stores all usernames and Passwords. When a user logs in, their
username and password are verified by comparing them with the stored login name and
password. If the contents are the same then the user is allowed to access the system
otherwise it is rejected.
Smishing: Smishing become common now as smartphones are widely used. Smishing uses
Short Message Service (SMS) to send fraud text messages or links. The criminals cheat the
user by calling. Victims may provide sensitive information such as credit card information,
account information, etc. Accessing a website might result in the user unknowingly
downloading malware that infects the device.
War driving: War driving is a way used by attackers to find access points wherever they can
be. With the availability of free Wi-Fi connection, they can drive around and obtain a very
huge amount of information over a very short period of time.
Wi-Fi Spoofing: Wi-Fi spoofing involves setting up a fake wireless access point to trick users
into connecting to it instead of the legitimate network. This attack can be used to steal sensitive
information such as usernames, passwords, and credit card numbers. One advantage of this
attack is that it is relatively easy to carry out, and the attacker does not need sophisticated tools
or skills. However, it can be easily detected if users are aware of the legitimate network’s name
and other details.
SMS Spoofing: SMS spoofing involves sending text messages that appear to come from a
trusted source, such as a bank or a government agency. This attack can be used to trick users
into revealing sensitive information or downloading malware. One advantage of this attack is
that it can be carried out without the user’s knowledge. However, it requires the attacker to
have the victim’s phone number, and it can be easily detected if users are aware of the
legitimate source of the message.
Malware: Malware is software designed to infect a device and steal or damage data. Malware
can be distributed through email attachments, software downloads, or malicious websites. One
advantage of this attack is that it can be carried out remotely, without the attacker needing to
be physically close to the victim. However, it requires the attacker to have a way to deliver the
malware to the victim’s device, such as through a phishing email or a fake website.
Security Implications for organizations
Security implications for organizations in the mobile computing era include protecting
sensitive data, restricting user access, and preventing unauthorized use of mobile devices:
• Data protection: Organizations can protect sensitive data by encrypting it at rest and
in transit.
• User access: Organizations can restrict user actions and access by assigning policies
to roles instead of individual users.
• Unauthorized use: Organizations can prevent unauthorized use of mobile devices by
implementing user authentication, regularly updating devices and apps, and avoiding
public Wi-Fi.
• Mobile applications: Organizations can reduce security risks by vetting apps,
analysing code, and using secure coding practices.
• Secure web gateway: A secure web gateway can help prevent online security threats
by enforcing security policies and defending against malware and phishing.
• Mobile threat defence: Mobile threat defence systems can protect mobile devices
from threats like malware, phishing, and network-based attacks.