Section 4: Hardware exploits

Questions and Answers

What is the most appropriate action to take if you find a USB device on the sidewalk?

Do not plug it in; it may contain malware. (correct)

Connect it to an IT personnel's computer for better security.

Plug it into a computer to identify its owner.

Use it immediately to access data for personal use.

Which statement about mobile phones and security is correct?

GPS tracking on smartphones prevents them from being targeted by spyware.

Mobile phone cameras are secure if not in use.

Voice recorders on mobile phones can be turned into eavesdropping devices. (correct)

Switching to flight mode guarantees protection from spyware.

Which mobile security measure is not advised?

Clicking on suspicious links. (correct)

Using antivirus software on mobile devices.

Updating security settings regularly.

Thoroughly researching apps before installation.

What can secretly activate a mobile phone's camera?

Malicious software installed without user consent.

Why are smartphones considered vulnerable to security threats?

Their GPS functionality aids in tracking software installation.

What is a potential risk associated with using USB drives?

They can be used to transfer malicious code to target computers.

Which characteristic of USB drives makes them susceptible to cyber threats?

Their high storage capacity means they can hold more malicious software.

What is one of the main purposes of a USB drive's integrated USB interface?

To enable easy connection to a computer.

Why is it important to address hardware vulnerabilities in cybersecurity?

Physical devices can also pose significant cyber threats.

What is an effective prevention mechanism against USB-related threats?

Using USB drives only with official devices.

How can hackers exploit USB drives?

By transferring malicious code onto target computers.

Which of the following statements is true regarding USB drives?

USB drives have become a common vector for malware spread.

What type of malware can be installed by a malicious device through an infected USB stick?

Backdoor Trojans

What was the consequence of the Stuxnet attack on Iran?

It caused physical damage to Iran's nuclear centrifuges.

Which method is recommended to protect sensitive personal data on a USB drive?

Using encryption

How can one ensure the security of a device before using an unfamiliar USB drive?

Plugging it into an isolated network

Which of the following statements about USB drive safety features is true?

Fingerprint authentication is available on some newer models.

What action is advised regarding unknown files on a USB drive?

Avoid opening them.

What is a drawback of all technology being internet-connected?

Heightened vulnerability to cyberattacks.

Why should home and office devices be kept separate?

To limit the risk of cross-contamination of malware.

What feature helps to prevent unauthorized access to data on a USB drive?

Fingerprint authentication

What was the primary purpose of the web-based keyloggers planted in e-commerce websites in 2016?

To steal credit card data during purchases

Which of the following is NOT a recommended practice for protection against remote take-overs?

Leaving cell phones on silent

What common characteristic do smartphones share with computers?

They have processors and RAM

Which of the following threats specifically targets mobile devices?

Malware that can infect mobile devices

Why should sensitive issues be discussed with cell phones away from the conversation?

To prevent potential eavesdropping

What is a common misconception about the role of default passwords in device security?

They can easily be guessed by attackers

Which of the following statements is true about smartphones?

They store information such as contacts and stored passwords

What should users do to strengthen their cybersecurity on mobile devices?

Implement strong password practices

What type of malware pose a threat to smartphones?

Malware that can exploit vulnerabilities in mobile systems

What is a critical action to take regarding web cameras for better security?

Cover or close them when not in use

Which feature is essential for ensuring data on a smartphone cannot be easily accessed if stolen?

File encryption

What capability should a smartphone provider have to enhance security against malware?

Remote wiping of data

Which of the following is NOT part of ensuring the security of your smartphone?

Publishing your phone number publicly

To safeguard against spoof calling, what practice is suggested?

Verify the identity of the caller

What authentication method helps secure access to a smartphone?

Access passwords

What should one look for in a smartphone to ensure it can protect against malicious applications?

Robust antivirus capabilities

What is a recommended action to take regarding your phone number for better security?

Keep it private and share only when necessary

Why is encrypting backups important for smartphone security?

It prevents unauthorized access to sensitive data

When assessing a smartphone for safety, which feature helps combat unauthorized app installations?

Software updates

What can aid in minimizing the risk of malicious content installation on a smartphone?

Utilizing a good antivirus program

Study Notes

Hardware Exploits and Mobile Security

• This section covers cyber threats related to hardware, USB drives, remote takeover, and mobile security.
• Cyber threats related to hardware are discussed.
• USB drive-related threats and prevention methods are explored.
• Remote takeover related threats are detailed.
• Mobile security is also addressed.

Hardware Vulnerabilities and Mobile Security

• Software and cyber space security issues were previously discussed.
• This section focuses on hardware—physical devices and connections used for internet access, and how they can cause threats.

USB Drives

• A USB flash drive is a data storage device using flash memory, which is electrically erasable and reprogrammable.
• It features an integrated USB interface for easy computer connection.
• Most drives weigh less than 30 grams and have up to 2 terabyte capacity.
• Hackers can use USB drives to introduce malicious code onto target computers.
• Infected USB drives can then infect any device to which they are plugged.
• Malware such as backdoors, Trojans, and hijackers may be installed to redirect the user to malicious websites.
• The Stuxnet attack on Iranian nuclear centrifuges is example of a malware infection transmitted through a USB drive.

USB Drive Protection Guidelines

• Avoid sensitive personal data on USB drives; use encryption if necessary.
• Download encryption programs from reliable websites.
• Use fingerprint authentication or built-in encryption for more secure USB drives.
• Use personal USB drives only.
• Be cautious when inserting unknown USB drives to avoid introducing malicious code.
• Keep home and office devices separate.
• Avoid opening unknown files on your device.

Remote Takeover

• Modern technology is increasingly connected to the internet.
• Connected devices, like TVs, cameras, hard drives, and webcams, facilitate communication and data sharing.
• These devices can also be vulnerable to hacking.
• Hackers can remotely control devices and access data or systems through security flaws.
• A significant number of internet-connected devices exist making it easier for hackers to target and exploit such devices.
• Malicious software such as keyloggers can be used to record and monitor keystrokes.
• The potential to hack into systems through default passwords and lack of security measures is very likely and often present in networked systems.
• The use of strong passwords and security measures for all connected devices is critical to avoid remote takeovers.

Mobile Security

• Smartphones function like computers with processors, RAM, and operating systems, storing significant data.
• Steps to secure smartphones from infiltration can be applied to avoid sensitive information extraction if stolen.
• Social media applications and location services can compromise device security if not appropriately protected.
• Hackers may use fraudulent methods, such as spoofing calls, to obtain sensitive data.
• Secure web connections are crucial, as are measures to avoid suspicious links and apps prior to installation.
• Mobile security entails protecting smartphones from remote takeover and malware by utilizing security measures specific to mobile devices.
• Using strong passwords, disabling unnecessary connections, and employing two-factor authentication are recommended.
• Sensitive data should be protected by employing strong security protocols for secure data storage and use to mitigate the risks of infiltration.

Wearable Devices

• Wearable technologies like smartwatches can also pose security risks.
• Aggregated, public data from fitness tracking devices or other wearable technologies can be susceptible to malware or data theft.
• Sensitive information or locations from these devices can be revealed.
• Data privacy and security concerns remain with the use of such devices.