Unit-III

Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of

Mobile and Wireless Devices, Trends in Mobility, Credit card Frauds in
Mobile and Wireless Computing Era, Security Challenges Posed by
Mobile Devices, Registry Settings for Mobile Devices, Authentication
service Security, Attacks on Mobile/Cell Phones, Mobile Devices:
Security Implications for Organizations, Organizational Measures for
Handling Mobile, Organizational Security Policies an Measures in Mobile
Computing Era,Laptops.
Learning Objectives
Proliferation of mobile and wireless devices
Types of Mobile Computer
Wireless, Mobile and Handheld Devices
Trends in Mobility
Security
Risk Factors
Key findings of Mobile Computing Scenario
Attacks against 3G Mobile Networks
Skull Trojan
Cabir Worm
Mosquito Worm
Mobile Vulnerabilities
Mobile Users Tendency
Closed Loop Environment for Wireless (CLEW)

Basic Flow:
• Merchant send
transaction to Bank
• Bank transmits the
request to the
authorized cardholder
• Cardholder approves or
rejects (Pwd protected)
• Bank/ Merchant is
notified
• Credit card transaction is
completed
 Types and Techniques for Credit card Frauds
Traditional Techniques
• Paper based Fraud-application fraud
– Opening account on someone else’s name by stealing the required
documents (PII is built-Personally Identifiable Information)
Types:
– ID Theft
– Financial fraud
Modern Techniques
• Criminals produce Fake or doctored cards (or)
• Skimming is used to commit Fraud (or)
• Site cloning or False merchant sites (Phishing)
Types:
– Triangulation
– Credit card Generators
 Security Challenges Posed by Mobile Devices
Mobility brings two main challenges to cyber security:
i. first, on the hand-held devices, information is being taken outside the
physically controlled environment and
ii.second remote access back to the protected environment is being granted.

Perceptions of the organizations to these cyber security challenges are

important in devising appropriate security operating procedure.

As the number of mobile device users increases, two challenges are

presented:
i. one at the device level called "micro challenges" and
ii.another at the organizational level called "macro challenges."

Some well-known technical challenges in mobile security are: managing the

registry settings and configurations, authentication service security,
cryptography security, Lightweight Directory Access Protocol (LDAP) security,
remote access server (RAS) security, media player control security, networking
application program interface (API), security etc.
Security Challenges Posed by Mobile Devices
 Registry Settings for Mobile Devices
• Microsoft Activesync is meant for synchronization with Windows-powered
personal computers (PCs) and Microsoft Outlook.
• ActiveSync acts as the "gateway between Windows-powered PC and
Windows mobile-powered device, enabling the transfer of applications
such as Outlook information, Microsoft Office documents, pictures, music,
videos and applications from a user's desktop to his/her device.
• In addition to synchronizing with a PC, ActiveSync can synchronize directly
with the Microsoft exchange server so that the users can keep their E-
Mails, calendar, notes and contacts updated wirelessly when they are
away from their PCs.
• In this context, registry setting becomes an important issue given the ease
with which various applications allow a free flow of information.
Register Value Browsing
 Authentication Service Security
There are two components of security in mobile computing:
Ø security of devices and security in networks.
A secure network access involves authentication between the device and the
base stations or Web servers.
This is to ensure that only authenticated devices can be connected to the
network for obtaining the requested services.
No Malicious Code can impersonate the service provider to trick the device
into doing something it does not mean to. Thus, the networks also play a
crucial role in security of mobile devices.
Some eminent kinds of attacks to which mobile devices are subjected to are:
push attacks, pull attacks and crash attacks.
Authentication services security is important given the typical attacks on
mobile devices through wireless networks: Dos attacks, traffic analysis,
eavesdropping, man-in-the-middle attacks and session hijacking. Security
measures in this scenario come from Wireless Application Protocols (WAPs),
use of VPNs, media access control (MAC) address filtering and development in
802.xx standards.
Devices: Push Attack
Pull attack on Mobile Devces
Crash Attack on Mobile Devices(DoS)
Cryptographic Security for Mobile Devices
 Notes on CGA
Cryptographially Generated Addresses (CGA) is Internet Protocol version 6 (IPv 6 ) that
addresses up to 64 address bits that are generated by hashing owner's public-key
address.
The address the owner uses is the corresponding private key to assert address
ownership and to sign messages sent from the address without a public-key
infrastructure (PKI) or other security infrastructure.
Deployment of PKI provides many benefits for users to secure their financial
transactions initiated from mobile devices. C
GA-based authentication can be used to protect IP-layer signaling protocols including
neighbor discovery and mobility protocols. It can also be used for key exchange in
opportunistic Internet Protocol Security (IPSec).
Palms are one of the most common hand-held devices used in mobile computing,
Cryptographic security controls are deployed on these devices.
For example, the Cryptographic Provider Manager (CPM) in Palm OS5 is a system-wide
suite of cryptographic services for securing data and resources on a palm-powered
device.
The CPM extends encryption services to any application written to take advantage of
these capabilities, allowing the encryption of only selected data or of all data and
resources on the device.
LDAP Security for Hand held Devices
RAS Security for Mobile Devices
RAS Security for Mobile Devices

Communication from Mobile Client to organization information store

Media Player Control Security
Media Player Control Security
Networking API Security for Mobile Computing
Applications
Networking API Security for Mobile Computing
Applications
Attacks on Mobile/ Cell Phones
Mobile Phone Theft
Protection of Mobile Phone from being Stolen
Protection of Mobile Phone from being Stolen
Protection of Mobile Phone from being Stolen
Protection of Mobile Phone from being Stolen
Protection of Mobile Phone from being Stolen
Protection of Mobile Phone from being Stolen
Mobile Viruses
Mishing
Vishing
Vishing
How Vishing Works?
How to protect from Vishing Attacks?
SMISHING
How Smishing works?
How to protect from Smishing Attacks
 Bluetooth

Bluetooth Hacking
Threats of Bluetooth Hacking
Common Bluetooth Attacks
Common Bluetooth Attacks
Common Bluetooth Attacks
Common Bluetooth Attacks
Assignment Questions