2. Introduction
The term mobile security is a broad one that covers
everything from protecting mobile devices from
malware threats to reducing risks and
securing mobile devices and their data in the case of
theft, unauthorized access or accidental loss of
the mobile device.
3.
4.
5.
6.
7.
8.
9.
10. Application security
Application security describes security measures at
the application level that aim to prevent data or code
within the app from being stolen or hijacked.
Application security may include hardware, software,
and procedures that identify or
minimize security vulnerabilities.
11. End-User Education
In information technology the term end user is used
to distinguish the person for whom a hardware or
software product is designed.
Our end-users are the first line of defense against
cyber security attacks (like phishing scams).
12. Mobile Security Threats
Data Leakage
Network Spoofing(Unsecured Wi-Fi)
Social engineering
Malicious Apps
Improper Session Handling
13. Data Leakage
These are typically free apps found in official app stores
that perform as advertised, but also send personal—and
potentially corporate—data to a remote server, where it is
mined by advertisers or even cybercriminals.
Apps pose a real problem for mobile users, who give them
sweeping permissions, but don’t always check security.
14.
15.
16. Army blacklists 3 apps, warns troops against using WeChat, Smesh, Line
17.
18.
19.
20.
21.
22. Network Spoofing
Network spoofing is when hackers set up fake access
points (connections that look like Wi-Fi networks but
are actually traps) in high-traffic public locations such as
coffee shops, libraries and airports.
cybercriminals give the access points common names,
like “Free Airport Wi-Fi” or “Coffeehouse,” which
encourage users to connect.
attackers require users to create an “account” to access
these free services, complete with a password.
many users employ the same email and password
combination for multiple services, allowing the hackers
to compromise their email, e-commerce, and other
secure information.
23.
24. Social engineering
Social engineering is the practice of obtaining
confidential information by manipulation of legitimate
users.
A social engineer will commonly use the telephone or
Internet to trick a person into revealing sensitive
information or getting them to do something that is
against typical policies.
25. Thereare two types of Social Engineeringattacks
Technical attacks
Non-technical attacks.
“Technical attacks are those attacks that deceive the user into
believing that the application in use is truly providing them with
security which is not the factalways.”
Example:- Phishing
Common bait
Vishing
Spam mail
Popup Window
Interesting Software
26. Phishing
Phishing is the process of crafting
emails that appear to be from a
trusted source and typically invite
the recipient to either supply
confidential information or click on
amalicious link or attachment.
36. Common Bait
• “Sweet Deals”
– Free Stuff
– Limited Time
Offers
– PackageDelivery
• Help Me, Help
You!
– TechSupport
37.
38.
39. Vishing It is the practice of leveraging Voice over Internet
Protocol (VoIP) technology to trick private personal and
financial information from the public for the purpose of
financial reward. This term is a combination of "voice" and
phishing. Vishing exploits the public's trust in telephone
services.
Spam Mails E-mails that offer friendships, diversion, gifts
and various free pictures and information take advantage of
the anonymity and camaraderie of the Internet to plant
malicious code.
Popup Window The attacker's rogue program generates a
pop up window, saying that the application connectivity was
dropped due to network problems, and now the user needs to
reenter his id and password to continue with his session.
Interesting Software In this case the victim is convinced to
download and install a very useful program or application
which might be 'window dressed' .
40.
41.
42. The non- technicalattacks
Non-technical approach are perpetrated purely through
deception; i.e. by taking advantage of the victim's human
behavior weaknesses.
Pretexting / Impersonation
Dumpster Diving
Spying and Eavesdropping
Acting as a Technical Expert
Support Staff
43. Pretexting / Impersonation: This is the act of creating
and using an invented scenario (the pretext) to persuade a
target to release information. It's more than a simple lie as
it most often involves some prior research or set up and
makes use of pieces of known information (e.g. date of
birth, mother's maiden name, billing address etc.) to
establish legitimacy in the mind.
Dumpster Diving: If the junk mail contains personal
identification information, a 'dumpster diver' can use it in
carrying out an identity theft. A hacker can retrieve
confidential Information from the hard disk of a
computer as there are numerous ways to retrieve
information from disks, even if the user thinks the data
has been 'deleted' from the disk.
44. Spying and Eavesdropping: A clever spy can determine
the id and password by observing a user typing it in (Shoulder
Surfing). All that needs to be done is to be there behind the
user and be able to see his fingers on the keyboard.
Acting as a Technical Expert: This is the case where an
intruder pretends to be a support technician working on a
network problem requests the user to let him access the
workstation and 'fix' the problem.
Support Staff: Here a hacker may pose as a member of a
facility support staff and do the trick. A man dressed like the
cleaning crew, walks into the work area, carrying cleaning
equipment. In the process of appearing to clean your desk
area, he can snoop around and get valuable information - such
as passwords, or a confidential file that you have forgotten to
lock up.
45. Malicious Apps
A malware attack is a type of cyber attack in
which malware or malicious software performs
activities on the victim's computer system,
usually without his/her knowledge.
Nowadays, people use words like malware,
spyware, and ransom ware a lot more than the
word "virus." ... Computer viruses operate via
similar means.
46.
47. Improper session handling
Improper session handling occurs when
the session token is unintentionally shared with the
adversary during a subsequent transaction between the
mobile app and the backend servers.
48.
49.
50.
51. Install Some Security App on Your Device.
Create Strong Passwords and unlock patterns.
Important Apps like browser, Antivirus and payment wallet apps
should be updated regularly.
Uninstall unnecessary Apps.
Understand app permissions before accepting them.
Do not connect unsecure wifi in public place.
Avoid opening links of lotteries, prizes, gifts, discounts etc.
Never give your full name or address to strangers.
Wipe data on your old phone before you donate, resell or recycle it.
Report stolen phones.
Watch out for pirated apps.
While logging in to any site, check the URL (the one in the address
bar), it should be exactly the same as the site you want to log in to .
Notes de l'éditeur
Statistics. Cybercrime cases in India, registered under the IT Act, increased at a rate of 300 percent between 2011 and 2014. In 2015, there were 11,592 cases of cyber crime registered in India.12317 in 2016
Implement a cybersecurity policy and procedure document.Have cybersecurity tools in place to help prevent the potential for compromise.
These are typically free apps found in official app stores that perform as advertised, but also send personal—and potentially corporate—data to a remote server, where it is mined by advertisers or even cybercriminals.