Unit 3
Unit 3
Wireless Devices, Trends in Mobility, Credit card Frauds in Mobile and Wireless
Computing Era, Security Challenges Posed by Mobile Devices, Registry Settings for
► Smartphones combine the best aspects of mobile and wireless technologies and blend
them into a useful business tool
3.2 Proliferation (Growth) of Mobile and Wireless Devices
🕐 A few years ago, the choice was between a wireless phone and a simple PDA (
Personal digital assistant)
🕐 Now the buyers have a choice between high-end PDAs and small phones with wireless
Web-browsing capabilities.
🕐 A simple hand-held mobile device provides enough computing power to run small
applications, play games and music, and make voice calls.
🕐 As the term “mobile device” includes many products. We first provide a clear
distinction among the key terms: mobile computing, wireless computing and hand-held
devices.
Mobile computing
► Mobile Computing refers a technology that allows transmission of data, voice
and video via a computer or any other wireless enabled device.
1. Portable computer: It is a general-purpose computer that can be easily moved from
one place to another, but cannot be used while in transit, usually because it requires
some “setting-up” and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has
features of a touch screen with a stylus and handwriting recognition software. Tablets
may not be best suited for applications requiring a physical keyboard for typing, but
are otherwise capable of carrying out most tasks that an ordinary laptop would be able
to perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the
Internet tablet does not have much computing power and its applications suite is
limited. Also it cannot replace a general-purpose computer. The Internet tablets
typically feature an MP3 and video player, a Web browser, a chat application and a
picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer with
limited functionality. It is intended to supplement and synchronize with a desktop
computer, giving access to contacts, address book, notes, E-Mail and other features.
5. Ultramobile PC: It is a full-featured, PDA-sized computer running a general-
purpose operating system (OS).
6. Smartphone: It is a PDA with integrated cell phone functionality. Current
Smartphones have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as a
wireless computer, sound system, global positioning system (GPS) and DVD
player. It also contains word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and shape
of a pen. It functions as a writing utensil, MP3 player, language translator,
digital storage device and calculator.
Wireless computing
1. Malwares, viruses and worms: Although many users are still in the transient process of switching from 2G, to 3G, it
is a growing need to educate the community people and provide awareness of such threats that exist while using mobile
• Skull Trojan: It targets Series 60 phones equipped with the Symbian mobile OS.
• Cabir Worm: It is the first dedicated mobile-phone worm; infects phones running on Symbian OS and scans other
mobile devices to send a copy of itself to the first vulnerable phone it finds through Bluetooth Wireless technology.
The worst thing about this worm is that the source code for the Cabir-H and Cabir-I viruses is available online.
• Mosquito Trojan: It affects the Series 60 Smart phones and is a cracked version of “Mosquitos” mobile phone
game.
• Brador Trojan: It affects the Windows CE OS by creating a svchost.exe file in the Windows start-up folder which
allows full control of the device. This executable file is conductive to traditional worm propagation vector such as
• Lasco Worm: It was released first in 2005 to target PDAs and mobile phones running the Symbian OS. Lasco is
► These are new trends in cybercrime that are coming up with mobile computing –
mobile commerce (M- Commerce) and mobile banking (M-Banking).
∙ The current topic is about credit card frauds in mobile and wireless computing era, however, we
would like to include these tips to prevent credit card frauds caused due to individual ignorance
about a few known facts.
Do’s
1. Put your signature on the card immediately upon its receipt.
2. Make the photocopy of both the sides of your card and preserve it at a safe place to remember
4. Always carry the details about contact numbers of your bank in case of loss of your card.
10. Destroy all the receipts after reconciling it with the monthly invoice/statement.
11. Inform your bank in advance, about any change in your contact details such as home address, cell phone number and E-Mail
address.
12. Ensure the legitimacy of the website before providing any of your card details.
13. Report the loss of the card immediately in your bank and at the police station, if necessary.
Dont’s
►Traditional Techniques
🕐 The traditional and the first type of credit card fraud is paper-based fraud –
application fraud, wherein a criminal uses stolen or fake documents such as utility
bills and bank statements that can build up useful personally Identifiable Information
(PII) to open an account in someone else’s name.
🕐 Application fraud can be divided into
1. ID theft: Where an individual pretends to be someone else
2. Financial fraud: Where an individual gives false information about his or her
financial status to acquire credit.
3. Illegal use of lost and stolen cards is another form of traditional technique.
4. Stealing a credit card is either by pickpocket or from postal service before it reaches
its final destination.
Modern Techniques
🕐 Skimming is where the information held on either the magnetic strip on the back of
the credit card or the data stored on the smart chip are copied from one card to
another.
🕐 Site cloning and false merchant sites on the Internet are becoming a popular method
of fraud and to direct the users to such bogus/fake sites is called Phishing.
🕐 Such sites are designed to get people to hand over their credit card details without
realizing that they have been directed to a fake weblink /website (i.e., they have been
scammed).
1.Triangulation
• The criminal offers the goods with heavy discounted rates through a website designed
and hosted by him, which appears to be legitimate merchandise website.
• The customer registers on this website with his/her name, address, shipping address
and valid credit card details.
• The criminal orders the goods from a legitimate website with the help of stolen credit
card details and supply shipping address that have been provided by the customer while
registering on the criminal’s website.
• The goods are shipped to the customer and the transaction gets completed.
• The criminal keeps on purchasing other goods using fraudulent credit card details of
different customers till the criminal closes existing website and starts a new one.
2. Credit card generators: It is another modern technique – computer emulation software
– that creates valid credit card numbers and expiry dates. The criminals highly rely on
these generators to create valid credit cards. These are available for free download on the
Internet
3.5 Security Challenges Posed by Mobile Devices
► https://www.youtube.com/watch?v=OOQHxAs2tiE
🕐 The CPM extends encryption services to any application written to take advantage
of these capabilities, allowing the encryption of only selected data or of all data and
resources on the device.
3.7.4 LDAP (Lightweight Directory Access Protocol) Security for
Hand-Held Mobile Computing Devices
► RAS (Remote Access Server) is an important consideration for protecting the business-
sensitive data that may reside on the employees’ mobile devices
► In terms of cybersecurity, mobile devices are sensitive. Figure 3.11 : organization’s
sensitive data can happen through mobile hand-held devices carried by employees.
► A RAS is deployed within an organization and directly connected with the
organization's internal network and systems. Once connected with a RAS, a
user can access his or her data, desktop, application, print and/or other
supported services.
RAS is deployed within an organization and directly connected with the
organization's internal network and systems. Once connected with a RAS, a user can
access his or her data, desktop, application, print and/or other supported
services.
WAP enables the access of internet in the mobile devices.
3.7.4 Media Player Control Security
🕐 Various leading software development organizations have been warning the users
about the potential security attacks on their mobile devices through the “music
gateways.”
🕐 There are many examples to show how a media player can turn out to be a source of
threat to information held on mobile devices.
🕐 For example, in the year 2002, Microsoft Corporation warned about this.
🕐 According to this news item, Microsoft had warned people that a series of flaws in its
Windows Media Player could allow a malicious hacker to hijack people’s computer
systems and perform a variety of actions.
🕐 According to this warning from Microsoft, in the most severe exploit of a flaw, a
hacker could take over a computer system and perform any task the computer’s owner
is allowed to do, such as opening files or accessing certain parts of a network.
3.7.5 Networking API Security for Mobile Computing Applications
🕐 With the advent of electronic commerce (E-Commerce) and its further off -shoot into M-
Commerce, online payments are becoming a common phenomenon with the payment gateways
accessed remotely and possibly wirelessly.
🕐 Furthermore, with the advent of Web services and their use in mobile computing
applications, the API becomes an important consideration.
🕐 Already, there are organizations announcing the development of various APIs to enable
software and hardware developers to write single applications
🕐 Most of these developments are targeted specifically at securing a range of embedded and
consumer products, including those running OSs such as Linux, Symbian, Microsoft Windows
CE and Microsoft Windows Mobile (the last three are the most commonly used OSs for mobile
devices).
🕐 Mobile phones have become an integral part of everbody’s life and the mobile
phone has transformed from being a luxury to a bare necessity.
🕐 Theft of mobile phones has risen dramatically over the past few years.
► Many Insurance Companies have stopped offering Mobile Theft Insurance due to a
large number of false claim
🕐 After PC, the criminals’ (i.e., attackers’) new playground has been cell phones,
reason being the increasing usage of cell phones and availability of Internet using
cell phones.
🕐 Another reason is increasing demand for Wi-Fi zones in the metropolitans and
extensive usage of cell phones in the youths with lack of awareness/knowledge about
the vulnerabilities of the technology.
The following factors contribute for outbreaks on mobile devices:
Ensure to note the following details about your cell phone and preserve it in a safe place:
1. Your phone number;
2. the make and model;
3. color and appearance details;
4. PIN and/or security lock code;
5. IMEI number.
The International Mobile Equipment Identity (IMEI)
∙ It is a number unique to every GSM, WCDMA and iDEN cell phone. It is a 15-digit
number and can be obtained by entering *#06# from the keypad.
∙ The IMEI number is used by the GSM network to identify valid devices and therefore
can be used to stop a stolen phone from accessing the network in that country.
∙ For example, if a mobile phone is stolen, the owner can call his or her service provider
and instruct them to “lock” the phone using its IMEI number.
∙ This will help to stop the usage of phone in that country, even if a SIM is changed.
1. GadgetTrak: http://www.gadgettrak.com/products/mobile/
2. Back2u: http://www.bak2u.com/phonebakmobilephone.php
3. Wavesecure: https://www.wavesecure.com/
► F-Secure: http://www.f-secure.com/
3.8.2 Mobile Viruses
► A mobile virus is similar to a computer virus that targets mobile phone data or
applications/software installed in it.
🕐 In total, 40 mobile virus families and more than 300(+) mobile viruses have been
identified.
► First mobile virus was identified in 2004 and it was the beginning to understand that
mobile devices can act as vectors to enter the computer network
🕐 Mobile viruses get spread through two dominant communication protocols –
Bluetooth and MMS.
🕐 Bluetooth virus can easily spread within a distance of 10–30 m, through Bluetooth-
activated phones
🕐 MMS virus can send a copy of itself to all mobile users whose numbers are
available in the infected mobile phone’s address book.
How to Protect from Mobile Malwares Attacks
►Following are some tips to protect mobile from mobile malware attacks:
1. Download or accept programs and content (including ring tones, games, video clips
and photos) only from a trusted source.
2. If a mobile is equipped with Bluetooth, turn it OFF or set it to non-discoverable mode
when it is not in use and/or not required to use.
3. If a mobile is equipped with beam (i.e., IR), allow it to receive incoming beams, only
from the trusted source.
4. Download and install antivirus software for mobile devices.
3.8.3 Mishing
🕐 Mishing is a combination of mobile and Phishing.
🕐 Mishing attacks are attempted using mobile phone technology.
🕐 M-Commerce is fast becoming a part of everyday life. If you use your mobile phone
for purchasing goods/services and for banking, you could be more vulnerable to a
Mishing scam.
🕐 A typical Mishing attacker uses call termed as Vishing or message (SMS) known as
► Smishing.
🕐 Attacker will pretend to be an employee from your bank or another organization and
will claim a need for your personal details.
🕐 Attackers are very creative and they would try to convince you with diferent reasons
why they need this information from you.
3.8.4 Vishing
2. BlueSniff: This is a GUI-based utility for fi nding discoverable and hidden Bluetooth enabled devices.
3. BlueBugger: The buggers exploit the vulnerability of the device and access the images, phonebook, messages
and other personal information.
4.Bluesnarfer: If a Bluetooth of a device is switched ON, then Bluesnarfing makes it possible to connect to
the phone without alerting the owner and to gain access to restricted portions of the stored data.
5. BlueDiving: Bluediving is testing Bluetooth penetration. It implements attacks like Bluebug and BlueSnarf.
3.9 Mobile Devices: Security Implications for Organizations
3.9.1 Managing Diversity and Proliferation of Hand-Held Devices
🕐 Most organizations fail to see the long-term significance of keeping track of who
owns what kind of mobile devices.
🕐 Mobile devices of employees should be registered to the organization.
🕐 When an employee leaves, it is important to remove logical and physical access to
organization networks.
🕐 Thus, mobile devices that belong to the company should be returned to the IT
department and, at the very least, should be deactivated and cleansed.
3.9.2 Unconventional/Stealth Storage Devices
► Compact disks (CDs) and Universal Serial Bus (USB) drives (also called zip drive,
memory sticks) used by employees are the key factors for cyber attacks.
🕐 It is advisable to prohibit the employees in using these devices.
► Not only can viruses, worms and Trojans get into the organization network, but can
also destroy valuable data in the organization network
► Using “DeviceLock” software solution, one can have control over unauthorized access
to plug and play devices
3.9.3Threats through Lost and Stolen Devices
🕐 Often mobile hand-held devices are lost while people are on the move.
► Lost mobile devices are becoming even a larger security risk to corporations
🕐 The cybersecurity threat under this scenario is scary; owing to a general lack of security
► in mobile devices, it is often not the value of the hand-held device that is important
but rather the content that, if lost or stolen, can put a company at a serious risk of
sabotage, exploitation or damage to its professional integrity, as most of the times
the mobile hand-held devices are provided by the organization.
3.9.4 Organizational Measures for Handling Mobile
Standardize the mobile computing devices and the associated security tools being
used with them.
4. Develop a specific framework for using mobile computing devices.
5. Maintain an inventory so that you know who is using what kinds of devices.
6. Establish patching procedures for software on mobile devices.
7. Label the devices and register them with a suitable service.
8. Establish procedures to disable remote access for any mobile.
9. Remove data from computing devices that are not in use
10. Provide education and awareness training to personnel using mobile devices.
3.12 Laptops
🕐 The thefts of laptops have always been a major issue, according to the cybersecurity industry
and insurance company statistics.
🕐 Cybercriminals are targeting laptops that are expensive, to enable them to fetch a quick
profit in the black market.
🕐 Most laptops contain personal and corporate information that could be sensitive.
🕐 Such information can be misused if found by a malicious user.
Physical Security Countermeasures
1. Cables and hardwired locks: The most cost-efficient and ideal solution to safeguard any
mobile device is securing with cables and locks, specially designed for laptops.
2. Laptop safes: Safes made of polycarbonate – the same material that is used in bulletproof
windows, police riot shields and bank security screens – can be used to carry and safeguard
the laptops
3. Motion sensors and alarms: Alarms and motion sensors are very efficient in securing
laptops.
4. Warning labels and stamps: Warning labels containing tracking information and
identification details can be fixed onto the laptop to deter aspiring thieves. These labels cannot
be removed easily and are a low-cost solution to a laptop theft.
Other measures for Protecting laptops are as follows:
• keeping the laptop close to oneself wherever possible;
• carrying the laptop in a different and unobvious bag
• creating the awareness among the employees about the sensitive information contained in the
laptop;
• making a copy of the purchase receipt of laptop
• installing encryption software to protect information stored on the laptop;
• using personal firewall software to block unwanted access and intrusion;
• updating the antivirus software regularly;
• tight office security using security guards and securing the laptop by locking it down in lockers
when not in use;
• never leaving the laptop unattended in public places
• disabling IR ports and wireless cards when not in use.
• Choosing a secure OS
• Registering the laptop with the laptop manufacturer to track down the laptop in case of theft.
• Disabling unnecessary user accounts and renaming the administrator account.
• Backing up data on a regular basis.
Box 3.13 | Spy Phone Software!!!
Spy Phone software is installed on the mobile/cell phone of employees, if the employers wants to monitor phone usage.
The Spy Phone software is completely hidden from the user, once it is installed and collects all the available data such as
SMS messages, ingoing/outgoing call history, location tracking, GPRS usage and uploads the collected data to a remote
server.
The employer can simply access the designated website hosted by Spy Phone vendor, and after entering his/her account
details, he/she can have full access to all the data collected 24 hours a day, 7 days a week. The employer can access this
website through the Internet; hence, he/she can keep an eye on their employees, regardless where he/she is in the
world. The employer can read all SMS messages (both incoming and outgoing), know who they (employees) are calling or
who is calling them and where they were when the call was received.