Professional Documents
Culture Documents
The increased use of mobile technology in business, combined with the Bring Your
Own Device (BYOD) trend, means that businesses can’t neglect mobile device
security. There are many sources of risk to information security that come with the
use of cell phones, tablets, and other mobile devices.
1. Unsafe apps. Although the mobile phone vendors try to ensure app security
through requiring apps to be signed to be downloaded from the official app
stores, misuse of certificates means that even apps downloaded from vendor
stores or enterprise sites aren’t guaranteed to be free from malware. Even
legitimate apps often request more permission than needed to perform their
function, which can expose more data than necessary.
3. Unsafe devices. When users jailbreak or root devices, they work around the
built-in restrictions of the device. While users feel that jail breaking gives
them freedom and more access to the device’s capabilities, jail breaking also
eliminates many controls that provide security.
4. Unsafe connections. Users often rely on public Wi-Fi to stay connected
when they work outside the office. These unsecured Wi-Fi networks can
allow malware to be installed on devices or eavesdroppers to intercept data.
6. Uncontrollable users. No matter how well you publicize your safe mobile
computing policies, there will be employees who find them too inconvenient
to follow. Organizations need tools to enforce policies rather than relying on
employees’ good will.
SMiShing
With the widespread usage of cellphones, smishing has grown more prevalent.
Short Message Service (SMS) is used by SMiShing to transmit fraudulent text
messages or links. By calling, the crooks deceive the user. Victims may provide
sensitive information like credit card numbers, account numbers, and so on. When
a user visits a website, he or she may unwittingly download malware that infects
the device.
War Driving
WEP attack
WEP is a security standard that attempts to offer the same level of protection for a
wireless local area network as it does for a wired LAN. WEP aims to offer
comparable protection for data transferred through WLAN using encryption, as
physical security measures assist to secure a wired LAN.
WEP encrypts data with a key. With Wired Equivalent Privacy, there is no
provision for key management, therefore the number of persons sharing the key
will continue to rise. The criminal has access to a big volume of traffic for analytic
assaults because everyone is using the same key.
WPA attack
Bluejacking
Replay attack
When an attacker steals the victim's information from his device, this is known as
bluesnarfing. An attacker can gain access to a user's calendar, contact list, e-mail,
and SMS messages without leaving any trace of the intrusion.
RF Jamming
1. Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving
permission. Among the causes of unauthorized access attacks are weak passwords,
lacking protection against social engineering, previously compromised accounts,
and insider threats.
5. Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand
their reach. Horizontal privilege escalation involves attackers gaining access to
additional, adjacent systems, and vertical escalation means attackers gain a higher
level of privileges for the same systems.
6. Insider threats
A network is especially vulnerable to malicious insiders, who already have
privileged access to organizational systems. Insider threats can be difficult to
detect and protect against, because insiders do not need to penetrate the network in
order to do harm. New technologies like User and Even Behavioral Analytics
(UEBA) can help identify suspicious or anomalous behavior by internal users,
which can help identify insider attacks.