Unit II
Cyber Crime in Mobile and Wireless Devices
Unit Overview
This unit examines security challenges specific to mobile and wireless computing environments. It covers the evolution of mobile networks, unique security vulnerabilities, authentication mechanisms, and organizational policies for managing mobile device security.
Topics Covered
- Mobile Device Characteristics
- Network Evolution (1G-5G)
- Security Challenges
- Credit Card Fraud
- Mobile Attack Types
- Authentication Methods
- Organizational Policies
- Authentication vs Authorization
- Financial Fraud Adaptation
- Mobile Phishing Detection
2.1 Mobile and Wireless Devices: Introduction
Mobile Devices
Portable computing devices that can access network resources and perform various functions including communication, data storage, and application execution. Examples include smartphones, tablets, laptops, and wearable devices.
Wireless Devices:
Electronic devices that can connect to networks or other devices without physical wired connections, using technologies such as Wi-Fi, Bluetooth, cellular networks, or NFC.
Characteristics of Mobile Devices
- Portability: Small form factor enabling mobility
- Connectivity: Multiple wireless connection options
- Computing Power: Significant processing capabilities
- Storage: Large data storage capacity
- Sensors: GPS, accelerometer, camera, biometric sensors
- Personal Nature: Contain sensitive personal and professional data
Evolution of Mobile Computing
Mobile networks have evolved through five generations, each bringing enhanced capabilities and new security challenges:
| Generation | Technology | Characteristics | Security Features |
|---|---|---|---|
| 1G | Analog Cellular (AMPS) | Voice-only communication, introduced in 1980s | No encryption, easily intercepted with scanners |
| 2G | Digital (GSM, CDMA) | Voice and SMS, limited data (up to 64 Kbps), introduced encryption | A5/1, A5/2 algorithms (later found vulnerable), SIM card authentication |
| 3G | UMTS, HSPA, CDMA2000 | Mobile internet, multimedia (up to 2 Mbps), video calling | Improved encryption (KASUMI), mutual authentication, stronger key management |
| 4G | LTE, LTE-Advanced | High-speed broadband (100 Mbps-1 Gbps), all-IP network, HD streaming | AES encryption, EPS-AKA authentication, stronger ciphers (SNOW 3G, ZUC) |
| 5G | NR (New Radio) | Ultra-high speed (up to 20 Gbps), IoT support, ultra-low latency (1ms) | Enhanced authentication, network slicing security, improved privacy, 256-bit encryption |
Security Evolution Across Generations
- 1G: No security - communications could be intercepted with simple radio scanners
- 2G: Basic encryption introduced but with known vulnerabilities (A5/1 cracked in minutes)
- 3G: Mutual authentication added, stronger encryption algorithms, but implementation flaws existed
- 4G: All-IP architecture with AES-based encryption, but increased attack surface with internet integration
- 5G: Enhanced security features including improved authentication, privacy protections, but new challenges with massive IoT connectivity
2.2 Proliferation of Mobile and Wireless Devices
The rapid proliferation of mobile and wireless devices has fundamentally transformed how individuals and organizations operate. This expansion has created new security challenges.
Factors Driving Proliferation
- Decreasing Costs: Affordable smartphones and wireless infrastructure
- Improved Connectivity: Widespread availability of cellular and Wi-Fi networks
- Enhanced Capabilities: Devices increasingly powerful and feature-rich
- Application Ecosystem: Extensive availability of mobile applications
- Work Culture Changes: Remote work and BYOD (Bring Your Own Device) policies
Security Implications of Proliferation
| Factor | Security Concern |
|---|---|
| Increased Attack Surface | More devices create more potential entry points for attackers |
| Data Mobility | Sensitive data accessible from multiple locations and devices |
| Diverse Platforms | Multiple operating systems complicate security management |
| Personal Use | Mixing personal and professional use increases risk |
| Lost/Stolen Devices | Physical loss leads to potential data breaches |
Key Points for Examination:
- Mobile device proliferation has expanded the attack surface
- BYOD policies create management and security challenges
- Data mobility increases exposure to unauthorized access
- Platform diversity complicates security implementation
2.3 Trends in Mobility
Current Trends
1. Internet of Things (IoT)
The proliferation of connected devices beyond traditional computers and phones, including smart home devices, wearables, industrial sensors, and vehicles. IoT devices often lack robust security features.
2. 5G Networks
Fifth-generation cellular networks providing higher speeds, lower latency, and greater capacity. While enabling new applications, 5G also introduces new security considerations.
3. Mobile Cloud Computing
Integration of cloud services with mobile devices, enabling storage, processing, and application delivery from remote servers.
4. Mobile Payments
Use of mobile devices for financial transactions through NFC, QR codes, and mobile banking applications. Requires robust security for financial data protection.
5. Edge Computing
Processing data closer to the source rather than centralized data centers, reducing latency but creating distributed security challenges.
Security Implications of Mobility Trends
- IoT devices expand attack surfaces with limited security capabilities
- 5G network architecture requires new security frameworks
- Cloud dependency creates data sovereignty and access control issues
- Mobile payments require protection against financial fraud
- Edge computing distributes security responsibilities
2.4 Credit Card Frauds in Mobile and Wireless Computing Era
Credit Card Fraud:
Unauthorized use of credit or debit card information to make purchases or withdraw funds. In the mobile era, this includes digital wallet fraud, mobile payment exploitation, and card-not-present transactions.
Types of Mobile Credit Card Fraud
| Type | Description | Method |
|---|---|---|
| Card-Not-Present (CNP) | Fraud using card details without physical card | Online purchases, phone orders |
| Mobile Wallet Compromise | Unauthorized access to digital wallets | Device theft, credential theft |
| SIM Swapping | Taking control of victim's phone number | Social engineering carrier support |
| App-Based Fraud | Malicious apps stealing payment data | Fake banking apps, keyloggers |
| NFC Skimming | Intercepting contactless payment data | Proximity-based data capture |
Prevention Measures
- Enable two-factor authentication for mobile payments
- Use device encryption and strong passwords
- Monitor transaction alerts and statements
- Download apps only from official stores
- Enable remote wipe capabilities
- Use tokenization for payment transactions
Key Points for Examination:
- CNP fraud dominates in mobile commerce
- SIM swapping bypasses SMS-based authentication
- Tokenization protects actual card numbers
- Two-factor authentication is essential for mobile payments
2.5 Security Challenges Posed by Mobile Devices
Technical Challenges
| Challenge | Description |
|---|---|
| Limited Resources | Battery, processing power, and memory constraints limit security implementations |
| Diverse Platforms | Multiple operating systems (Android, iOS, others) with different security models |
| Rapid Updates | Frequent OS and app updates create patch management challenges |
| Wireless Vulnerabilities | Multiple wireless interfaces (Wi-Fi, Bluetooth, NFC) each with vulnerabilities |
| Data Storage | Local storage of sensitive data vulnerable to extraction |
Operational Challenges
- Device Management: Tracking and managing numerous mobile devices
- Policy Enforcement: Ensuring compliance with security policies
- User Behavior: Users may disable security features for convenience
- Physical Security: Devices easily lost or stolen
- Application Control: Managing third-party application installation
Data-Related Challenges
- Data leakage through applications
- Unauthorized data synchronization
- Backup and recovery complexities
- Data residue on disposed devices
2.6 Registry Settings for Mobile Devices
Registry and configuration settings on mobile devices control security features and system behavior. Proper configuration is essential for security.
Android Security Settings
| Setting | Purpose | Recommended Configuration |
|---|---|---|
| Screen Lock | Prevents unauthorized access | PIN, pattern, or biometric enabled |
| Encryption | Protects stored data | Full device encryption enabled |
| Unknown Sources | Controls app installation | Disabled (allow only Play Store) |
| USB Debugging | Developer access to device | Disabled for regular users |
| Location Services | GPS and location tracking | Limited to necessary apps |
iOS Security Settings
- Passcode: Strong alphanumeric passcode
- Face ID/Touch ID: Biometric authentication
- Find My iPhone: Remote tracking and wipe
- App Permissions: Granular control over app access
- Automatic Updates: Keep system and apps current
Android vs iOS: Configuration Storage Architecture
Architectural Differences:
Unlike Windows desktop operating systems, mobile platforms do NOT use a Windows-style registry. Understanding how Android and iOS store configurations is important for both security management and forensic investigation.
| Aspect | Android | iOS |
|---|---|---|
| Configuration Storage | XML files, SQLite databases, SharedPreferences API | Property list (plist) files, NSUserDefaults system |
| App Data Location | /data/data/[package_name]/ (per-app sandbox) | /var/mobile/Containers/Data/Application/[GUID]/ |
| System Configuration | system/build.prop, settings.db, accounts.db | SystemConfiguration.plist, preferences directories |
| Security Model | Linux-based sandboxing, SELinux policies, app permissions | App sandboxing, entitlements, code signing |
| Access Control | Unix file permissions, SELinux contexts | Sandboxing, entitlements, Keychain for credentials |
| Forensic Value | SQLite databases, XML files contain user data, app history, credentials | Plist files, SQLite databases contain call logs, messages, browsing history |
Key Forensic Artifacts:
- Android: contacts2.db (contacts), mmssms.db (messages), accounts.db (user accounts), browser history, Wi-Fi connection history
- iOS: AddressBook.sqlitedb (contacts), sms.db (messages), CallHistory.storedata (call logs), Safari browsing data, location history
Enterprise Configuration Management
Organizations use Mobile Device Management (MDM) solutions to enforce security configurations:
- Enforce password policies
- Mandate encryption
- Control application installation
- Enable remote wipe capabilities
- Monitor device compliance
2.7 Authentication Service Security
Authentication:
The process of verifying the identity of a user, device, or system before granting access to resources. Mobile authentication presents unique challenges due to device constraints and use patterns.
Authentication Methods for Mobile Devices
| Method | Description | Security Level |
|---|---|---|
| PIN/Password | Knowledge-based numeric or alphanumeric codes | Moderate (depends on complexity) |
| Pattern Lock | Gesture-based authentication | Low to Moderate |
| Fingerprint | Biometric using fingerprint sensor | High |
| Facial Recognition | Biometric using camera-based face matching | Moderate to High |
| Iris Scan | Biometric using iris patterns | Very High |
| Two-Factor Authentication | Combination of two different methods | High |
Multi-Factor Authentication (MFA)
MFA combines two or more of the following factors:
- Something You Know: Password, PIN, security questions
- Something You Have: Phone, token, smart card
- Something You Are: Biometrics (fingerprint, face, iris)
- Somewhere You Are: Location-based authentication
- Something You Do: Behavioral biometrics
Security Considerations
- SMS-based OTP is vulnerable to SIM swapping
- Biometric data must be securely stored
- Fallback mechanisms should be equally secure
- Session management is critical after authentication
Key Points for Examination:
- Multi-factor authentication significantly improves security
- Biometrics provide convenience but require secure storage
- SMS-based authentication has known vulnerabilities
- Authentication is only one component of access control
2.8 Attacks on Mobile/Cell Phones
Categories of Mobile Attacks
1. Malware-Based Attacks
| Type | Description |
|---|---|
| Mobile Trojans | Malicious apps disguised as legitimate software |
| Spyware | Secretly monitors user activity and collects data |
| Ransomware | Encrypts data and demands payment for decryption |
| Banking Trojans | Specifically targets banking and payment applications |
| Adware | Displays unwanted advertisements, may collect data |
2. Network-Based Attacks
- Man-in-the-Middle (MITM): Intercepting communications between device and server
- Rogue Access Points: Fake Wi-Fi networks that intercept traffic
- Bluetooth Attacks: Bluejacking, Bluesnarfing, Bluebugging
- SS7 Vulnerabilities: Exploiting signaling system weaknesses
3. Application-Level Attacks
- Repackaged Apps: Legitimate apps modified with malicious code
- Overlay Attacks: Fake screens overlaid on legitimate apps
- Permission Abuse: Apps requesting excessive permissions
- API Exploitation: Targeting application programming interfaces
4. Physical Attacks
- Device Theft: Physical stealing of the device
- Shoulder Surfing: Observing screen or keypad input
- Juice Jacking: Malicious charging stations
- Evil Maid Attacks: Physical access to unattended devices
Juice Jacking:
Juice Jacking is a cyber attack where attackers use compromised or malicious public USB charging stations to steal data from mobile devices or install malware.
How It Works:
- USB cables carry both power AND data through the same connection
- Malicious charging stations can read data from connected devices
- Attackers may install malware, keyloggers, or spyware during charging
- Users often don't realize their device is being compromised while charging
Common Locations: Airports, hotels, shopping malls, conference centers, public transportation hubs
Prevention Measures:
- Use AC power outlets instead of USB charging stations
- Carry portable power banks for emergency charging
- Use USB data blockers (also called "USB condoms") that allow power but block data
- Use charge-only cables that don't have data wires
- Decline "Trust this computer?" prompts when charging
- Keep devices updated with latest security patches
SIM Swapping Attack (SIM Hijacking):
SIM Swapping is a social engineering attack where attackers convince a mobile carrier to transfer a victim's phone number to a SIM card controlled by the attacker.
How It Works:
- Attacker gathers personal information about the victim (through phishing, data breaches, or social media)
- Attacker contacts victim's mobile carrier, impersonating the victim
- Using gathered information, attacker convinces carrier to transfer the phone number to a new SIM
- Victim's phone loses service; all calls and SMS go to attacker's device
- Attacker receives SMS-based 2FA codes and can access victim's accounts
Impact:
- Bypasses SMS-based two-factor authentication
- Enables access to banking apps and cryptocurrency accounts
- Allows password resets via SMS verification
- Can lead to identity theft and significant financial loss
Prevention Measures:
- Use authenticator apps (Google Authenticator, Microsoft Authenticator) instead of SMS for 2FA
- Set up a PIN or password with your mobile carrier for account changes
- Enable additional carrier security features (port freeze, account lock)
- Use hardware security keys (YubiKey) for critical accounts
- Be cautious about information shared on social media
- Monitor for signs of SIM swapping: sudden loss of service, unexpected carrier notifications
Bluetooth-Specific Attacks
| Attack | Description |
|---|---|
| Bluejacking | Sending unsolicited messages to Bluetooth-enabled devices |
| Bluesnarfing | Unauthorized access to information from a wireless device |
| Bluebugging | Taking control of a device through Bluetooth vulnerabilities |
| BlueBorne | Attack vector affecting devices through Bluetooth implementation flaws |
Key Points for Examination:
- Mobile malware is distributed primarily through third-party app stores
- Network attacks exploit wireless communication vulnerabilities
- Bluetooth should be disabled when not in use
- Physical security of devices is equally important
2.9 Mobile Devices: Security Implications for Organizations
Organizational Risks
- Data Leakage: Sensitive corporate data exposed through personal devices
- Compliance Violations: Regulatory requirements may be breached
- Network Compromise: Infected devices connecting to corporate networks
- Intellectual Property Theft: Trade secrets and proprietary information at risk
- Reputation Damage: Security breaches affecting organizational image
BYOD (Bring Your Own Device):
BYOD is an organizational policy that allows employees to use their personal mobile devices (smartphones, tablets, laptops) for work-related activities, including accessing corporate email, data, and applications.
Detailed Explanation: BYOD policies have become increasingly common as employees prefer using their personal devices for work. While this offers benefits such as increased productivity and employee satisfaction, it introduces significant security challenges that organizations must address.
Key Characteristics:
- Flexibility: Employees can work from anywhere using familiar devices
- Cost Savings: Reduced device procurement costs for organizations
- Security Concerns: Personal devices may not meet corporate security standards
- Data Protection: Requires clear policies for handling corporate data on personal devices
- MDM Requirements: Often requires Mobile Device Management solutions
- Data Leakage Risk: Personal apps may access or share corporate data
BYOD (Bring Your Own Device) Challenges
| Challenge | Description |
|---|---|
| Device Diversity | Multiple device types and operating systems to manage |
| Ownership Issues | Balancing personal privacy with corporate security |
| Data Separation | Isolating corporate data from personal data |
| Support Complexity | Providing security support for diverse devices |
| Exit Procedures | Handling devices when employees leave |
2.10 Organizational Measures for Handling Mobile Devices
MDM (Mobile Device Management):
Mobile Device Management (MDM) is a software solution that allows organizations to monitor, manage, and secure employees' mobile devices deployed across multiple mobile service providers and operating systems.
Key Features of MDM:
- Device Enrollment: Automated onboarding of new devices with security policies and configurations
- Policy Enforcement: Centrally deploy and enforce security policies (password requirements, encryption, restrictions)
- Remote Wipe: Ability to erase all data or only corporate data from lost or stolen devices
- App Management: Control which apps can be installed, deploy enterprise apps, and block unauthorized applications
- Compliance Monitoring: Detect non-compliant devices (jailbroken, outdated OS) and take remediation actions
- Location Tracking: Track device location for lost device recovery (with user consent)
- Content Management: Securely distribute and manage corporate documents
Popular MDM Solutions: Microsoft Intune, VMware Workspace ONE, IBM MaaS360, Jamf (for Apple devices), MobileIron
Technical Measures
- Mobile Device Management (MDM): Centralized management and control of devices
- Mobile Application Management (MAM): Control over applications and their data
- Containerization: Separating corporate and personal data on devices
- VPN: Secure tunnel for corporate network access
- Encryption: Data-at-rest and data-in-transit encryption
- Remote Wipe: Capability to erase data from lost devices
Administrative Measures
- Acceptable Use Policy: Define permitted and prohibited activities
- Security Training: Regular awareness programs for employees
- Incident Response: Procedures for handling security incidents
- Access Control: Role-based access to corporate resources
- Regular Audits: Periodic security assessments
2.11 Organizational Security Policies and Measures in Mobile Computing Era
Essential Policy Components
1. Device Security Policy
- Minimum security requirements for devices accessing corporate resources
- Mandatory security features (encryption, passcode, etc.)
- Approved device list and operating system versions
- Jailbroken/rooted device restrictions
2. Application Policy
- Approved application sources (enterprise app store, official stores)
- Prohibited application categories
- Application vetting and approval process
- Application update requirements
3. Data Protection Policy
- Data classification and handling procedures
- Encryption requirements for sensitive data
- Cloud storage restrictions
- Data backup and retention policies
4. Network Access Policy
- Wi-Fi connection guidelines
- VPN usage requirements
- Public network restrictions
- Network access control procedures
Implementation Framework
| Phase | Activities |
|---|---|
| Assessment | Identify risks, current state analysis, requirement gathering |
| Policy Development | Create policies aligned with business needs and security requirements |
| Technology Selection | Choose appropriate MDM, MAM, and security tools |
| Deployment | Roll out solutions, enroll devices, train users |
| Monitoring | Continuous monitoring, compliance checking, incident response |
| Review | Regular policy review and updates |
Key Points for Examination
- Mobile security requires comprehensive policies covering devices, apps, data, and networks
- MDM solutions enable centralized security management
- BYOD requires balancing security with user privacy
- Continuous monitoring and policy updates are essential
2.12 Authentication vs. Authorization
Authentication
Authentication is the process of verifying the identity of a user or device before granting access to a system. It answers the question: "Who are you?"
Authorization
Authorization is the process of determining what resources, data, or actions an authenticated user is permitted to access or perform. It answers the question: "What are you allowed to do?"
Comparison: Authentication vs. Authorization
| Parameter | Authentication | Authorization |
|---|---|---|
| Purpose | Verifies identity (WHO you are) | Grants permissions (WHAT you can do) |
| Sequence | Happens FIRST — before authorization | Happens SECOND — after authentication |
| Mechanism | Passwords, biometrics, OTP, smart cards, certificates | Access Control Lists (ACLs), roles, permissions, policies |
| Successful Result | Confirms user is who they claim to be | Grants or denies access to specific resources |
| Failure Case | User cannot log in at all | User can log in but cannot access certain resources |
| Example | Entering username + password or fingerprint scan | Admin can delete users; regular user cannot |
| Standards/Protocols | OAuth (authentication part), SAML, OpenID Connect | OAuth (authorization part), RBAC, ABAC |
| Visibility to User | Visible — user provides credentials | Often invisible — system enforces rules in background |
Authentication Factors (Used in MFA)
| Factor Type | Definition | Example |
|---|---|---|
| Something You Know | Knowledge-based | Password, PIN, security questions |
| Something You Have | Possession-based | OTP via SMS, hardware token, smart card |
| Something You Are | Biometric-based | Fingerprint, face recognition, iris scan |
| Somewhere You Are | Location-based | IP geolocation, GPS location |
Authorization Models
- DAC (Discretionary Access Control): Resource owner sets permissions (e.g., file owner decides who can read/write)
- MAC (Mandatory Access Control): System enforces access based on security labels (used in military systems)
- RBAC (Role-Based Access Control): Access granted based on user's role (admin, user, auditor)
- ABAC (Attribute-Based Access Control): Access based on attributes (user department, time of day, device type)
Key Points for Examination:
- Authentication ALWAYS precedes authorization
- MFA combines two or more authentication factors for stronger security
- RBAC is the most commonly used authorization model in organizations
- Both authentication and authorization are needed — one without the other is insufficient
2.13 How Financial Institutions Adapt to Mobile Credit Card Fraud
As mobile banking and digital payments have grown, so too have fraudulent activities. Financial institutions have responded with a multi-layered approach combining technology, policy, and customer education.
Institutional Strategies Against Mobile Credit Card Fraud
| Strategy | Description | Technology Used |
|---|---|---|
| Multi-Factor Authentication | Require OTP + card PIN + biometric for high-value transactions | SMS OTP, TOTP apps, fingerprint |
| AI-Based Fraud Detection | Machine learning models analyze spending patterns and flag anomalies in real-time | Neural networks, behavioral analytics |
| Tokenization | Replace card number with a unique token for each transaction — actual card number never transmitted | EMV tokens (Apple Pay, Google Pay) |
| Real-Time Transaction Alerts | Instant SMS/push notification for every transaction; customers can flag unauthorized activity immediately | Mobile push notifications, SMS |
| Card Controls via App | Users can freeze/unfreeze cards, set geographic restrictions, set transaction limits via app | Mobile banking app features |
| 3D Secure (3DS) | Additional authentication step for online card transactions (OTP to registered mobile) | Verified by Visa, Mastercard SecureCode |
| SIM Swap Detection | Monitor telecom records for recent SIM swaps; delay OTP delivery after SIM change | Telecom-bank data sharing partnerships |
| Zero Liability Policy | Customers not held liable for fraudulent transactions if reported promptly | Policy mechanism (Visa Zero Liability, RBI guidelines) |
RBI Guidelines for Mobile Payment Security (India)
- Mandatory two-factor authentication for all online transactions above Rs. 5,000
- Limit on first-time UPI transaction to Rs. 5,000 within 24 hours of linking new device
- Bank must provide 24/7 channel to report fraud and block cards
- Liability on bank if fraud occurs due to bank negligence
- Mandatory fraud monitoring systems for all scheduled commercial banks
Key Points for Examination:
- Tokenization removes real card data from transactions — stolen token is useless elsewhere
- AI fraud detection can identify unusual patterns (e.g., purchase in two countries within minutes)
- RBI mandates banks to compensate customers for fraud due to bank negligence
- SIM swap fraud is a major attack on mobile banking OTP systems
2.14 Phishing Attacks on Mobile Devices: Detection and Response
Mobile devices are increasingly targeted by phishing attacks due to smaller screens that truncate URLs, always-on connectivity, and users' tendency to act quickly on mobile notifications.
Types of Mobile Phishing Attacks
| Attack Type | Medium | Example |
|---|---|---|
| Smishing | SMS messages | "Your parcel is on hold. Click to reschedule: [link]" |
| Vishing | Voice calls | Caller claiming to be bank officer asking for OTP |
| Email Phishing on Mobile | Email apps (Gmail, Outlook mobile) | Fake invoice with malicious attachment |
| Social Media Phishing | WhatsApp, Instagram, Facebook Messenger | Fake lottery win message with link to phishing site |
| App-Based Phishing | Fake look-alike apps | Fake banking app outside official app store harvesting credentials |
| QR Code Phishing (Quishing) | QR codes in physical or digital spaces | Malicious QR code redirecting to phishing site or auto-downloading malware |
Detection — Warning Signs
- Urgency and fear: "Your account will be suspended in 2 hours — act now"
- Shortened URLs: bit.ly, tinyurl hiding actual malicious domain
- Unexpected requests: Banks never ask for OTP, CVV, or account password via SMS or call
- Look-alike domains: paypa1.com, sbi-bank-alert.com
- Poor grammar/spelling: Sign of bulk phishing campaigns
- Unknown sender: Texts from random numbers claiming to be official organizations
- Excessive app permissions: Fake app requesting access to calls, SMS, contacts
Response Steps
- Do NOT interact: Do not click links, call back numbers, or download attachments from suspicious messages
- Verify independently: Contact the organization directly using official website or app, not through the suspicious message
- If credentials entered: Immediately change password + enable MFA on affected accounts
- If financial data disclosed: Call bank's 24/7 helpline to block card and report fraud
- Scan device: Run mobile antivirus if suspicious app was installed
- Report: Report smishing to telecom provider; report to cybercrime.gov.in
- Revoke app permissions: Remove or restrict suspicious apps immediately
Prevention Measures
- Install a reputable mobile security app with anti-phishing filter
- Use Google Safe Browsing (built into Chrome) or Safari's Fraudulent Website Warning
- Enable spam filtering on your SMS app
- Download apps only from Google Play Store or Apple App Store
- Keep OS and apps updated — security patches close phishing exploits
- Train users to be skeptical of unsolicited messages demanding urgent action
Key Points for Examination:
- Smishing (SMS phishing) is the most common mobile phishing vector
- Mobile screens truncate URLs, making phishing links harder to spot
- Legitimate organizations NEVER ask for OTP/password via SMS or phone call
- QR code phishing (quishing) is a growing threat in physical and digital environments
- Report mobile phishing to cybercrime.gov.in (India)
2.15 IoT Security Challenges
Definition:
The Internet of Things (IoT) refers to the network of physical devices, vehicles, appliances, and other objects embedded with sensors, software, and connectivity that enable them to collect and exchange data. When connected to mobile phones, these devices create new security challenges.
Device-Level Vulnerabilities
| Vulnerability | Description | Impact |
|---|---|---|
| Limited Processing Power | Many IoT devices have insufficient resources for robust security implementations | Cannot run complex encryption or security software |
| Default Credentials | Factory-set usernames and passwords often remain unchanged | Easy unauthorized access (e.g., admin/admin, admin/password) |
| Lack of Update Mechanism | Many IoT devices have no way to receive security updates | Vulnerabilities remain unpatched indefinitely |
| Insufficient Encryption | Data transmitted or stored without adequate encryption | Data interception and theft |
| Insecure Boot | Lack of secure boot mechanisms to verify firmware integrity | Malicious firmware installation |
Communication Vulnerabilities
- Insecure Protocols: Use of HTTP instead of HTTPS, unencrypted Bluetooth, or weak Wi-Fi security
- Vulnerable Pairing Mechanisms: Weak authentication during initial device pairing with smartphones
- Man-in-the-Middle Susceptibility: Lack of certificate validation allows traffic interception
- Weak Authentication: Simple or no authentication between IoT device and mobile app
- API Security Issues: Insecure APIs between mobile apps and IoT devices/cloud
Data Privacy Concerns
- Sensitive Data Collection: Health data (fitness trackers), location data, home activity patterns
- Cloud Storage Security: IoT data stored in cloud servers with varying security practices
- Third-Party Data Sharing: IoT vendors may share data with partners or advertisers
- Data Retention: Unclear policies on how long data is retained
Application Security Issues
- Insecure Companion Apps: Mobile apps controlling IoT devices may have vulnerabilities
- Excessive Permissions: Apps requesting unnecessary access to phone features
- Poor API Security: Weak or missing authentication for IoT APIs
- Hardcoded Credentials: API keys or passwords embedded in app code
Notable IoT Security Incidents
- Mirai Botnet (2016): Compromised IoT devices (cameras, routers) launched massive DDoS attacks
- Smart Home Hacks: Ring camera compromises allowing attackers to spy on families
- Medical Device Vulnerabilities: Insulin pumps and pacemakers with exploitable flaws
Mitigation Strategies
| Strategy | Implementation |
|---|---|
| Change Default Credentials | Immediately change factory passwords on all IoT devices |
| Regular Firmware Updates | Enable automatic updates; check for updates regularly |
| Network Segmentation | Place IoT devices on separate network (VLAN) from main devices |
| Strong Encryption | Ensure TLS/SSL for data transmission; WPA3 for Wi-Fi |
| Disable Unnecessary Features | Turn off features like remote access if not needed |
| Monitor Network Traffic | Use network monitoring tools to detect anomalous IoT behavior |
Key Points for Examination:
- IoT devices often lack sufficient security due to resource constraints
- Default credentials are a major vulnerability - always change them
- Many IoT devices cannot be updated, creating permanent security risks
- Network segmentation helps isolate IoT vulnerabilities
- Mirai botnet demonstrated the massive scale of IoT security risks
2.16 Tools and Technologies for Cybercrime Protection
Overview:
Protecting against cybercrime requires a layered approach using multiple security tools and technologies. Each tool addresses specific aspects of security, and together they provide comprehensive protection.
Network Security Tools
| Tool/Technology | Function | Examples |
|---|---|---|
| Firewall | Monitors and filters incoming/outgoing network traffic based on security rules | pfSense, Cisco ASA, Windows Defender Firewall |
| Next-Generation Firewall (NGFW) | Advanced firewall with deep packet inspection, application awareness, and integrated IPS | Palo Alto, Fortinet FortiGate, Check Point |
| Intrusion Detection System (IDS) | Monitors network for suspicious activity and alerts administrators | Snort, Suricata, OSSEC |
| Intrusion Prevention System (IPS) | Detects and automatically blocks malicious traffic | Suricata, Cisco IPS |
| VPN (Virtual Private Network) | Creates encrypted tunnel for secure communication over public networks | OpenVPN, WireGuard, Cisco AnyConnect |
| Web Application Firewall (WAF) | Protects web applications from attacks like SQL injection, XSS | ModSecurity, Cloudflare WAF, AWS WAF |
Endpoint Security Tools
| Tool/Technology | Function | Examples |
|---|---|---|
| Antivirus/Anti-Malware | Detects and removes malicious software using signatures and behavior analysis | Windows Defender, Kaspersky, Bitdefender, Malwarebytes |
| Endpoint Detection and Response (EDR) | Advanced endpoint monitoring, threat detection, and incident response | CrowdStrike Falcon, Carbon Black, Microsoft Defender for Endpoint |
| Data Loss Prevention (DLP) | Prevents unauthorized data transmission outside the organization | Symantec DLP, Microsoft Purview, Digital Guardian |
| Mobile Security Software | Protects mobile devices from malware, phishing, and network attacks | Lookout, Mobile Defender, Norton Mobile Security |
Encryption Technologies
- TLS/SSL: Encrypts data in transit between clients and servers (HTTPS)
- AES (Advanced Encryption Standard): Industry-standard symmetric encryption for data at rest
- RSA: Asymmetric encryption for secure key exchange and digital signatures
- End-to-End Encryption (E2EE): Only sender and recipient can decrypt messages (WhatsApp, Signal)
- Full Disk Encryption: Encrypts entire storage device (BitLocker, FileVault)
Authentication Technologies
- Multi-Factor Authentication (MFA): Requires multiple verification factors (password + OTP + biometric)
- Biometric Authentication: Fingerprint, face recognition, iris scan
- Hardware Security Keys: Physical devices for authentication (YubiKey, Titan Security Key)
- Single Sign-On (SSO): One login for multiple applications (Okta, Azure AD)
- Passwordless Authentication: FIDO2/WebAuthn standards for password-free login
Security Monitoring and Analysis
| Tool/Technology | Function |
|---|---|
| SIEM (Security Information and Event Management) | Collects, correlates, and analyzes security events from multiple sources for threat detection |
| SOAR (Security Orchestration, Automation, and Response) | Automates incident response and security operations workflows |
| Threat Intelligence Platforms | Aggregates threat data from multiple sources for proactive defense |
| Vulnerability Scanners | Identifies security weaknesses in systems and applications (Nessus, Qualys, OpenVAS) |
User Awareness and Training
- Security Awareness Training: Regular education on recognizing threats (KnowBe4, Proofpoint)
- Phishing Simulations: Controlled phishing tests to assess and improve user awareness
- Security Policies: Clear guidelines for acceptable use, password management, incident reporting
Key Points for Examination:
- Defense-in-depth requires multiple layers of security tools
- Firewalls filter traffic; IDS detects threats; IPS blocks threats
- Encryption protects data at rest (AES, BitLocker) and in transit (TLS/SSL)
- MFA significantly reduces account compromise risk
- EDR provides advanced endpoint threat detection beyond traditional antivirus
- SIEM centralizes security monitoring and threat correlation
- User awareness training is essential - humans are often the weakest link
Unit II Summary
- Mobile devices are portable computing devices with connectivity, sensors, and personal data, creating unique security challenges.
- Network evolution from 1G to 5G has increased capabilities but also expanded attack surfaces.
- Security challenges include limited resources, device diversity, multiple interfaces, and BYOD complexity.
- Credit card fraud in mobile contexts includes skimming, application-based attacks, and NFC vulnerabilities.
- Mobile attacks encompass malware, network attacks (rogue AP, MITM), and physical threats (theft, juice jacking).
- Bluetooth attacks include bluejacking, bluesnarfing, and bluebugging targeting short-range communications.
- Authentication methods range from PINs and patterns to biometrics, with MFA providing strongest protection.
- Organizational measures include MDM, MAM, containerization, encryption, and comprehensive security policies.