Mobile Device Security and Wireless Networks

Questions and Answers

Nomophobia is the fear of not being with your mobile phone.

True

Which of the following are common types of wireless networks? (Select all that apply)

Wi-Fi (correct)

Bluetooth (correct)

Near Field Communication (correct)

Cellular Network

What does the term "evil twin" refer to in the context of wireless networks?

A type of malware targeting wireless networks

A rogue access point designed to mimic a legitimate Wi-Fi network (correct)

A malicious software program that exploits vulnerabilities in mobile devices

A type of denial-of-service attack launched against wireless routers

What does WPA stand for?

Wi-Fi Protected Access

What is the primary function of a wireless router?

All of the above

Jailbreaking an Apple device or rooting an Android device can potentially compromise the device's security.

True

Which of the following is NOT a commonly used security measure for mobile devices?

Downloading apps from unofficial sources

Text messages can be as dangerous as phishing emails, so you should always be cautious when opening them.

True

Which of the following is a good practice to protect your mobile device from theft?

Avoid using your phone on escalators

What is the recommended practice for securing a wireless router in terms of its default password?

Change the default password to a stronger one.

What does the term "bluesnarfing" refer to in the context of Bluetooth attacks?

Stealing data from a Bluetooth-enabled device without authorization

Study Notes

Module 5: Mobile Security

• Users now spend over half of their computing time each day using a mobile device.
• Nomophobia is the fear of not being with your phone.
• Wireless networks have become a prime target for attackers, aiming to capture unprotected wireless signals.

Module Objectives

• Explain how Wi-Fi, Bluetooth, and Near Field Communication operate.
• Identify attacks on wireless networks.
• Describe different types of mobile devices.
• Describe the risks associated with mobile devices.
• Explain how to implement mobile defenses.

Mobile Attacks

• Attacks are directed at mobile devices and wireless networks.
• Mobile devices are targeted in several ways.

Attacks on Wireless Networks (1-13)

• Popular wireless networks include Wi-Fi, Bluetooth, and Near Field Communication.
• Wi-Fi networks (WLANs) use radio frequency (RF) transmissions.
• Devices within range can send and receive information.
• The IEEE is responsible for establishing Wi-Fi standards.
• Table 5-1 details Wi-Fi names and their standards, including versions from 802.11 to 802.11ax and 6E. This goes up to Wi-Fi 7 (802.11be).

Attacks on Wireless Networks (3 of 13)

• Wi-Fi equipment includes a chipset for sending/receiving signals and special bridging software to link to other devices.
• A wireless router, used mostly in home-based Wi-Fi, is a base station for sending and receiving signals and connecting to the Internet.

Attacks on Wireless Networks (5 of 13)

• Figure 5-2 diagrams a home Wi-Fi network with a personal computer, laptop, smartphone, printer, scanner and modem connected via the wireless router to the Internet.

Attacks on Wireless Networks (6 of 13)

• A mesh Wi-Fi network uses a main router and satellite modules (nodes) around the house.
• An access point (AP) is more sophisticated and used in business/school settings.
• Signals in an AP can only travel a few hundred feet and APs often give you multiple cells or areas of coverage (useful for larger homes/businesses).
• Users can move from cell to cell (roaming), and the AP closest to the user becomes the new base station providing coverage.

Attacks on Wireless Networks (7 of 13)

• Risks from attacks on home Wi-Fi networks include: reading data transmissions, stealing data, injecting malware, and downloading harmful content.

Attacks on Wireless Networks (8 of 13)

• Bluetooth is a short-range wireless technology (up to 33 feet; 10 meters), with 1 Mbps transmission rate.
• Common Bluetooth attacks include: Bluejacking (sending unsolicited messages) and Bluesnarfing (accessing unauthorized information).

Attacks on Wireless Networks (9 of 13)

• Table 5-2 lists Bluetooth products and their uses, including car systems, headphones, cameras, fitness trackers, medical devices.

Attacks on Wireless Networks (10 of 13)

• Near Field Communication (NFC) is a standard for communication between devices in close proximity (4cm).
• Passive NFC devices contain information that can be read, while active devices can both read and transmit information.

Attacks on Wireless Networks (11 of 13)

• Examples of NFC use include tickets for events, office access, retail coupons/rewards, transportation (turnstiles) or contactless payments.

Attacks on Wireless Networks (13 of 13)

• Table 5-3 displays NFC vulnerabilities (eavesdropping, data theft, man-in-the-middle attack, device theft).
• Defenses for each risk include measures for users (close proximity required for eavesdropping; turning off NFC in large crowds; pairing devices to limit transmissions; using strong device passwords).

Attacks on Mobile Devices (1-8)

• Mobile devices generally have a common set of core features.
• The core features of mobile devices include including tablets, smartphones, wearables and portable computers.

Attacks on Mobile Devices (2 of 8)

• Common core mobile features consist of a small form factor, a mobile operating system, wireless data interface (Wi-Fi or cellular), apps, local storage, and data synchronization with other devices.
• Common additional features include Global Positioning System (GPS), a microphone/camera, wireless cellular connections, wireless personal area networks (like Bluetooth or NFC) and removable storage.

Attacks on Mobile Devices (3 of 8)

• Tablets are portable computing devices larger than smartphones, using touch screens rather than keyboards.
• The most common sizes for tablets are 5-8.5 and 8.5-10 inches.

Attacks on Mobile Devices (5 of 8)

• Smartphones include an operating system (OS) used for running apps and accessing the Internet, making them essentially handheld computers.
• Wearable devices, such as smartwatches and fitness trackers, are portable devices designed to be worn by the user

Attacks on Mobile Devices (7 of 8)

• Examples of portable computers include laptops, notebooks, subnotebooks, along with 2-in-1 computers, and web-based computers.

Mobile Device Risks (1-6)

• Installing unofficial apps (sideloading) on mobile devices can bypass built-in security protections (jailbreaking on Apple, rooting on Android).
• Accessing untrusted content on mobile devices, including text messages (SMS), multimedia messages (MMS), or rich communication services (RCS), can be risky.
• Quick Response (QR) codes can be used to store data (including malicious links) on mobile devices.

Mobile Device Risks (4 of 6)

• Limited physical security makes mobile devices susceptible to loss/theft.
• Security patches/updates are often deployed wirelessly and can limit security for older mobile devices.

Mobile Device Risks (5 of 6)

• Connecting to public networks puts devices at risk of attackers intercepting and viewing sensitive information, and possible "evil twin" networks.

Mobile Device Risks (6 of 6)

• Mobile devices using location services (GPS tagging) are vulnerable to geographic attacks.

Mobile Defenses

• Defenses for wireless networks include use of a secure router/password, security patches and turning off remote administration settings.
• Defenses for wireless devices include using WPA2/WPA3, turning off Bluetooth when not needed, connecting to secure networks, and securing personal information on the device.

Wireless Network Security (1 of 11)

• To protect your home Wi-Fi network, secure the router (e.g., turn on Wi-Fi Protected Access Personal and set a strong password).

Wireless Network Security (2 of 11)

• Use strong, unique passwords for your wireless router; strong passwords are critical for network security.
• Installing security patches for the router will protect against security flaws/weaknesses.
• Disable remote administration of wireless routers for greater protection.

Wireless Network Security (4 of 11)

• Enabling WPA personal settings (WPA2/3) optimizes security and encrypts signal transmissions, preventing unauthorized access.

Wireless Network Security (5 of 11)

• Use WPA2 setup on Wireless Routers (WPA2 PSK [AES], WPA2 shared key, or a passphrase) This is important to use a passphrase).
• Many wireless routers also support WPS (Wi-Fi Protected Setup) for setup and configuring security.

Wireless Network Security (9 of 11)

• Change the SSID (Service Set Identifier) to a random/non-descriptive name in order to make it harder for someone to guess who owns the network (e.g; no longer showing "Sullivan_House").
• Enable guest access to allow guests access to the network; the main network is isolated from the guest network.

Wireless Network Security (10 of 11)

• If you use public Wi-Fi, limit your work to non-sensitive tasks.
• Use a virtual private network (VPN) to encrypt your connections when using public Wi-Fi.

Wireless Network Security (11 of 11)

• For Bluetooth devices, disable/enable the device's Bluetooth connectivity only when needed or set the device to an undiscoverable state.

Mobile Device Security (1 of 8)

• Mobile device security requires security configuration, following best practices, and handling potential theft or loss of the device.

Mobile Device Security (2 of 8)

• Configuring devices includes disabling unused features (threat vectors), setting up lock screens (requiring PINs, passwords, facial recognition, swipe patterns, or fingerprint scans)

Mobile Device Security (5 of 8)

• Extending the mobile device's lockout period if incorrect passwords are used. The lockout time may double with each additional incorrect entry.
• Resetting the device to factory settings may be required if the device is experiencing continued security issues.

Mobile Device Security (6 of 8)

• Avoiding installation of unofficial apps (called jailbreaking), backing up data frequently on mobile devices, use secure sanitation/disposal, and treat text messages with caution as they may be phishing attempts.

Mobile Device Security (7 of 8)

• Securing personal wireless devices includes, keeping a grip on your devices, avoiding high-risk areas, and avoiding using devices on escalators or public transportation, thereby preventing loss or theft scenarios.

Mobile Device Security (8 of 8)

• If a smartphone is lost or stolen, steps to take include alerting the mobile carrier, using the built-in "Find My Phone" feature, remotely erasing device data, and contacting and alerting police.

Knowledge Check Activity 5-1

• A wireless router serves as a base station for wireless devices.
• Bluetooth is a short-range wireless technology for interconnecting two devices.

Knowledge Check Activity 5-2

• Creating a strong password for the wireless router is the first step.
• Turning off Bluetooth when not in use prevents bluesnarfing.

Description

Test your knowledge on mobile device security, wireless networks, and the potential threats associated with them. This quiz covers concepts such as common wireless networks, security measures, and best practices for protecting your devices. Enhance your understanding of important terms and practices in today's tech-savvy world.