Unit III: Cybercrime and Mobile Devices

Questions and Answers

What is the primary distinction between mobile and wireless devices?

• Mobile devices require a physical connection to operate.
• Mobile devices can be used on the move while wireless refers to a transmission method. (correct)
• Wireless devices can only send data when stationary.
• Mobile devices rely solely on radio waves for communication.

Which of the following would NOT be considered a mobile device?

• Laptop
• Smartphone
• Desktop computer (correct)
• Tablet

Which characteristic is essential for an application to be considered mobile?

• It needs to function without any connectivity.
• It must utilize a physical network connection.
• It must have high network bandwidth requirements.
• It should operate independently of location. (correct)

What does wireless specifically refer to in the context of mobile and wireless devices?

The transmission of voice and data without a physical connection. (A)

Which of the following statements is true about fixed wireless networks?

They allow network access in fixed environments. (B)

Which scenario best illustrates the use of a mobile device?

Accessing data on a smartphone while commuting. (C)

How does the relationship between mobile and wireless devices generally function?

Mobile applications can function without wireless capabilities. (B)

What factor is NOT a consideration when designing applications for mobile and wireless devices?

High bandwidth requirements (A)

What is a key feature of mobile applications that do not require wireless connectivity?

They synchronize data using a fixed connection. (A)

What does mobile technology primarily rely on for communication?

Cellular communication systems (B)

Which of the following is NOT considered a mobile technology?

Post office communication (B)

What is SMS an abbreviation for?

Short Messaging Service (D)

Which of the following statements best describes the evolution of mobile technology?

It has evolved into a multi-tasking platform for various applications. (C)

Which technology allows multiple transmitters to deliver data on a single channel simultaneously?

CDMA (B)

What is the projected size of the global mobile workforce by 2022?

1.87 billion (C)

Which of the following represents one of the advantages of mobile technology today?

Ability to communicate and access internet from anywhere. (C)

What is a common misconception about mobile applications that are not wireless?

They cannot benefit from wireless connectivity when available. (D)

What is the maximum length of a text message delivered via SMS?

140 characters (B)

Which of the following multimedia content can be sent via MMS?

A video lasting up to forty seconds (A)

What year marked the introduction of mainstream Internet use on mobile phones?

2001 (D)

What type of messages does 3G technology primarily enhance?

SMS messages (C)

How long does it take to upload a 3-minute MP3 song on a 3G network?

About 15 seconds (B)

What benefit does MMS provide to businesses when used for communication?

Increased customer engagement through multimedia (D)

What characteristic distinguishes 4G networks from previous generations?

Support for mobile networking technology advancement (A)

How does SMS function during a phone's power-off state?

Messages queue until the phone is turned on (D)

Which feature is NOT a part of the capabilities of MMS?

Sending text-only messages (C)

What defines the primary function of GSM in relation to SMS?

It was developed as the foundation for SMS messaging (B)

What significant feature does 4G network connectivity offer compared to 3G?

Consistent internet speeds almost anywhere (A)

Which technology operates at various frequency ranges including 850 MHz and 1900 MHz?

GSM (A)

What is a primary benefit of mobile technology in the workplace?

Ability to work from any location (D)

How much faster are premium 4G download speeds compared to those of 3G?

Over five times (A)

Which access mechanism allows multiple transmitters to deliver data over a single channel?

CDMA (A)

What is a significant characteristic of Wi-Fi technology?

Operates over radio frequencies wirelessly (B)

Which of the following tasks can be performed on mobile devices due to the advancements in 4G technology?

Watching HD films (D)

What advantage do cloud-based mobile technology applications have over traditional smartphone functionalities?

Greater available storage space (A)

Which advantage of mobile technology can lead to significant time savings for employees?

Mobile application integration (C)

What major shift is expected in the use of 4G contracts in the UK?

Lower 4G contract costs and expanded coverage (C)

What is one positive impact of mobile phones on daily tasks?

They enable checking of current traffic situations. (C)

Which of the following is identified as a disadvantage of mobile technology?

It leads to less in-person communication. (C)

By 2023, how many global mobile devices and connections are estimated to exist?

13.1 billion (C)

What has been a trend in mobile computing connectivity from 2G?

Advancements through 3G, 4G, and now 5G networks. (A)

What is a significant risk associated with the use of mobile social networking?

Potential loss of personal security. (B)

Which of the following statements about credit card fraud is true?

Fraud can occur when cards are misplaced or stolen. (A)

Why are restaurants using Wi-Fi processing tools?

To enhance the security of credit card transactions. (A)

Among numerous advantages, mobile technology is also noted particularly for its usage as what?

A wallet for making payments. (A)

What has influenced the rising prices of mobile phones?

Their increasing functionality and value. (B)

What is a potential consequence of becoming overly reliant on mobile phones?

Reduced ability to disconnect from digital devices. (A)

What is paper-based fraud primarily characterized by?

The use of stolen or fake documents to impersonate someone. (A)

Which of the following is NOT a challenge in credit card fraud detection?

Insufficient public awareness about financial fraud. (C)

What is a skimmer used for in committing fraud?

To capture credit card information without consent. (B)

What approach can help in managing imbalanced data in fraud detection?

Properly utilizing methods to address the imbalance. (D)

What type of threat is primarily associated with malicious software installed on mobile devices?

Application-based threat (D)

Which of the following accurately describes identity theft in the context of financial fraud?

Impersonating someone else to access their financial accounts. (A)

Which of these is an element of credit card fraud?

Forging someone else's card information for personal purchases. (B)

Which of the following is a common form of mobile malware that encrypts files and demands a ransom for decryption?

Mobile Ransomware (C)

How can models for fraud detection remain reliable against adaptive techniques from scammers?

By ensuring they are simple and interpretable. (A)

What is a typical characteristic of web-based threats faced by mobile devices?

Drive-by downloads from websites (A)

What is the main function of modern credit card processing in relation to cybercrime?

To create challenges in securing devices against fraud. (C)

Which of the following describes a network-based threat that targets mobile devices?

WiFi sniffing (B)

Which of the following threats is most directly related to social engineering tactics?

Phishing (A)

What might enhance the privacy of users in fraud detection models?

Reducing the dimensionality of the data. (A)

What is the most common physical threat to mobile device security?

Theft or loss of the device (C)

Which method is NOT effective in detecting fraudulent credit card transactions?

Using a single-source data verification process. (A)

Which method is primarily used by phishing attacks on mobile devices?

Email and SMS messaging (C)

How can mobile devices be uniquely vulnerable compared to traditional computers?

They typically support multiple network connections (C)

What kind of exploit do trojan apps typically perform?

Committing ad and click scams (C)

Which term describes vulnerabilities directly linked to the underlying software of mobile devices?

Operating System Flaws (A)

Which type of credit card fraud involves a fraudster obtaining a new card in the victim's name after tricking them into providing personal information?

Account takeover (C)

What is the largest category of payment card fraud in Asia-Pacific?

Mail order/telephone order fraud (A)

What practice should you adopt to protect your credit card information while shopping?

Carry only the necessary card (C)

Which credit card fraud type refers to when a new or replacement card is stolen from the mail?

Never received (C)

How can fraudsters use collusion to commit credit card fraud?

Working with merchant employees (B)

How should you deal with old credit card receipts to prevent fraud?

Shred them before disposal (D)

What is a proactive measure to take if you are traveling or your address changes?

Notify your card issuer (B)

What is an important step to verify a company before sharing your account number over the phone?

Search for online reviews or complaints (A)

Which fraud category is characterized by using another person's information to apply for a credit card?

Fraudulent application (B)

What does 'card skimming' refer to in the context of credit card fraud?

Duplicating card data from magnetic strips (D)

Which of the following describes cyber terrorism?

Using the Internet for political advantage through violence. (B)

What is the main consequence of virus dissemination?

It can lead to corruption or destruction of data. (D)

Which type of attack involves sending fraudulent messages via SMS?

Smishing (A)

What common security threat does using free Wi-Fi pose?

Risk of data theft. (D)

What can be a potential result of weak passwords on mobile devices?

Data leakage and unauthorized access. (B)

Which of these is a method of hacking used to exploit computer system weaknesses?

Malware-injecting devices (C)

What might occur during a war driving attack?

Unauthorized retrieval of Wi-Fi credentials. (B)

Which component is least likely to be affected by improper session handling in mobile security?

Malicious app downloads. (B)

What might be a direct result of a phishing attack?

Downloading of malicious files. (C)

Which of the following best describes computer vandalism?

Maliciously altering or deleting user data. (C)

What is a major flaw of the WEP protocol in providing network security?

There is no provision for key management. (B)

How does WPA2 improve upon WEP in terms of security?

It prevents attackers from analyzing encrypted packets. (A)

What is the primary characteristic of a Wi-Fi spoofing attack?

It disguises a fake access point as a legitimate network. (B)

In a replay attack, what is the main action taken by the attacker?

Intercepting and retransmitting packets. (A)

What distinguishes bluesnarfing from bluejacking?

Bluesnarfing does not require user interaction. (A)

What is a key vulnerability of SMS spoofing?

It can be easily detected by aware users. (A)

Which of the following is a disadvantage of packet sniffing?

The attacker must be physically close to the target. (A)

What advantage does bluejacking provide to attackers?

It can send messages without needing user consent. (D)

Which attack method requires possession of the target's cell phone number?

SMS Spoofing (B)

What is the purpose of RF Jamming?

To distort the transmission of wireless signals. (D)

What percentage of mobile phishing attacks are attributed to emails?

15% (A)

What is the primary method used in Man-in-the-Middle (MitM) attacks?

Intercepting network communications (C)

What is the purpose of jailbreaking or rooting a mobile device?

To gain administrator access (D)

What type of attacks do device and OS exploits primarily focus on?

Exploiting lower levels of the software stack (A)

Which security measure can mitigate the risk of MitM attacks on mobile devices?

Implementing a virtual private network (VPN) (C)

What is a key principle that businesses should follow for effective mobile threat defense?

Providing maximum flexibility and scalability (B)

Why are mobile devices particularly susceptible to Man-in-the-Middle (MitM) attacks?

Users are often connected to untrusted networks. (B)

What can make jailbreaking or rooting mobile devices easier for attackers?

Users intentionally seeking to install untrusted apps (A)

What does the presence of vulnerabilities in lower layers of the software stack mean for security?

They are typically more damaging than higher-level exploits. (C)

What aspect is crucial for maintaining data privacy in a mobile security solution?

Privacy protection by design (B)

What is a significant advantage of malware attacks?

They can be executed remotely without close proximity. (B)

Which types of attacks can mobile devices be subjected to via wireless networks?

Crash, pull, and push attacks (B)

What is the role of ActiveSync in mobile computing?

To facilitate synchronization between PCs and mobile devices. (C)

What measure can enhance security for mobile device networks?

Employing Virtual Private Networks (VPNs). (B)

Which authentication method is deemed unsuitable for secure networks?

Password-based authentication (C)

What do DoS attacks primarily target in mobile computing?

Network availability (C)

Which component is crucial for secure network access in mobile computing?

Mutual authentication between devices and servers (A)

What is a consequence of connecting to unsecured networks for mobile devices?

Increased vulnerability to attacks (A)

What function does MAC address filtering serve in mobile device security?

Blocking unauthorized devices from accessing the network (B)

Which of the following is a method to help protect against malware attacks?

Keeping software and devices up-to-date (B)

What is a primary purpose of Mutual Authentication in wireless networks?

To prevent rogue access points (A)

Which protocol introduced the use of Advanced Encryption Standard algorithms for better security?

WPA2 (D)

What is a significant disadvantage of the Wired Equivalent Privacy (WEP) standard?

It can be easily cracked by cyber criminals (C)

What technique can cybercriminals use to manipulate data during a Phishing attack?

Sending fake emails that appear legitimate (B)

What is one of the main security improvements of WPA compared to WEP?

Enhanced encryption key management (D)

Which of the following is a common type of cyber attack that can lead to data breaches?

Denial of Service attacks (C)

What encryption key length does WPA typically use?

256-bit (A)

Which attack method is characterized by the use of malicious software that disguises itself as legitimate?

Trojan viruses (D)

What is one of the primary goals of cyber security measures?

To protect computers from cyber threats (C)

Which of the following is a feature of WPA that helps ensure data integrity?

Message integrity checks (C)

Flashcards are hidden until you start studying

Study Notes

Introduction to Mobile and Wireless Devices

• Mobile refers to the ability to be on the move, encompassing devices like laptops and mobile phones.
• Wireless involves transmitting voice and data over radio waves, allowing access to enterprise data without fixed connections.
• A mobile application can be wireless or non-wireless, depending on connectivity requirements.
• Fixed wireless networks serve environments like offices or remote locations, while smart client applications work offline with periodic synchronization.

Proliferation of Mobile and Wireless Devices

• Mobile technology includes cellular communication systems, portable devices, and networking equipment.
• The shift from basic communication to multitasking capabilities includes GPS, internet browsing, and gaming.
• Global estimates indicate over 3 billion smartphone users and a workforce of 1.87 billion by 2022.

Types of Mobile Technologies

• SMS (Short Message Service): Widely used for text messaging, allowing messages up to 140 characters, sent via cellular networks.
• MMS (Multimedia Messaging Service): Supports multimedia content like images and videos, extending beyond text-based SMS.
• 3G: Introduced internet access on mobile devices with speeds up to 3 Mbps, enhancing connectivity for smartphones.
• 4G: Offered significant improvements over 3G, allowing HD content streaming and speeds up to 150 Mbps for downloads.
• GSM (Global System for Mobile Communication): Digital cellular technology utilizing various frequency bands for mobile communication.
• CDMA (Code Division Multiple Access): Allows multiple data streams on a single channel simultaneously.
• Wi-Fi: Wireless networking technology enabling data transmission across devices within a Local Area Network.

Use of Mobile Technology

• Enhances telecollaboration, allowing workers to access necessary documents from remote locations.
• Redefines work by providing flexibility, enabling employees to work from anywhere.
• Offers cost savings for businesses through reduced technology needs and increased productivity.

Advantages of Mobile Technology

• Facilitates constant communication and interaction through various applications.
• Simplifies day-to-day tasks such as checking weather and traffic.
• Provides entertainment options and use for legitimate business activities like scheduling meetings.
• Enables mobile payment functionalities, allowing transactions from anywhere.

Disadvantages of Mobile Technology

• Increased dependency on mobile phones leading to reduced personal interactions.
• Privacy risks due to data availability on social media and other platforms.
• Rising costs of mobile devices, detracting from potential investment in education or other resources.

Trends in Mobility

• By 2023, a projected 13.1 billion mobile devices and connections globally.
• Evolution from lower to higher-generation network connectivity with a focus on improved usability.
• Smart mobile technology advances are attracting both users and cybercriminals, highlighting cybersecurity challenges.

Credit Card Fraud in the Mobile Era

• Wireless credit card processing allows convenient transactions in mobile environments but increases fraud risk.
• Traditional fraud techniques include identity theft and financial fraud, utilizing sensitive data for fraudulent accounts.
• Modern techniques focus on skimming, where devices capture card information leading to unauthorized transactions.

Challenges in Fraud Detection

• Large data volumes complicate timely anomaly detection.
• Imbalanced data makes it difficult to identify fraudulent transactions amidst legitimate ones.
• Protecting user privacy while gathering reliable data is essential for effective monitoring.

Solutions to Fraud Challenges

• Implement fast and simple models for anomaly detection to identify fraud quickly.
• Address data imbalance with specific analytical methods.
• Utilize trustworthy sources for training fraud detection models for improved accuracy and efficacy.### Cybercrime Overview
• Cybercrime includes illegal acts targeting computers or networks to steal data, commit fraud, and more.
• Common types of cybercrime: harassment, cyber-stalking, and bullying.

Credit Card Fraud

• Credit card fraud involves unauthorized use of another's card information for purchases or fund withdrawals.
• Elements of credit card fraud include:
  • Fraudulently obtaining or using someone else's card.
  • Using an expired or revoked card with knowledge of its status.
  • Selling goods while knowing the card transaction is unauthorized.

Categories of Credit Card Fraud

• Lost or Stolen Cards: Common and should be reported immediately.
• Account Takeover: Fraudster collects personal info to change bank details and obtain a new card.
• Counterfeit Cards: Cloning existing card information for unauthorized purchases.
• Never Received Cards: New cards stolen from the mail.
• Fraudulent Applications: Using someone else’s information to apply for a credit card.
• Multiple Imprint Fraud: Recording one transaction multiple times on older machines.
• Collusive Merchants: Merchants work with fraudsters to commit fraud.
• MO/TO Fraud: Includes e-commerce, representing a major fraud category in Asia-Pacific.

Preventing Credit Card Fraud

• Record account details securely and report any fraud immediately.
• Avoid lending cards to anyone, including family.
• Shred unneeded documents containing personal information.
• Keep cards separate from wallets to minimize loss.
• Monitor statements regularly for suspicious charges.

Mobile Device Security Challenges

• Mobile devices face unique security risks, including application-based, web-based, network-based, and physical threats.
• Application-based threats: Include malware, spyware, and zero-day vulnerabilities from downloadable applications.
• Web-based threats: Risk includes phishing scams and operating system flaws, due to constant device connectivity.
• Network-based threats: Vulnerable through Wi-Fi, Bluetooth, and cellular networks.
• Physical threats: Loss or theft is a major concern for mobile devices.

Top Mobile Security Threats

• Malicious Apps: Can steal or encrypt data, similar to desktop malware.
• Mobile Ransomware: Encrypts files and demands payment for recovery.
• Phishing: Delivered through various media, including SMS and social media, accounting for the majority of mobile phishing attacks.
• Man-in-the-Middle Attacks: Attackers intercept communications, often on unsecured networks.
• Jailbreaking/Rooting: Gives attackers access to more data by exploiting OS vulnerabilities.
• Device and OS Exploits: Vulnerabilities at lower software levels can be targeted.

Protecting Against Mobile Threats

• Implement a comprehensive mobile threat defense solution for organizations.
• Ensure security across devices, applications, and networks.
• Focus on privacy protection and optimal user experience.

Types of Wireless and Mobile Device Attacks

• Smishing: Fraudulent SMS messages trick users into revealing sensitive data.
• War Driving: Attackers drive around to locate and exploit Wi-Fi access points.
• WEP Attack: Exploits weaknesses in WEP encryption for wireless networks.
• WPA Attack: While offering better security, WPA is still vulnerable to packet analysis.
• Bluejacking: Sending unsolicited messages via Bluetooth.
• Replay Attacks: Interception of data for retransmission to deceive users.
• Bluesnarfing: Accessing information from a victim’s device without detection.

Security Threats to Mobile Devices

• Data Leakage: Occurs when confidential information is unintentionally exposed.
• Unsecured Wi-Fi: Avoid using free Wi-Fi for sensitive transactions.
• Phishing Attacks: Often bundled in malicious emails or texts.
• Weak Passwords: Low-security passwords increase the risk of data breaches.
• IoT Mobile Security: Connected devices pose risks if compromised.

Conclusion

• Awareness and diligent protection practices can significantly reduce the risks associated with mobile and credit card fraud.### Packet Sniffing
• Involves intercepting and analyzing data packets over wireless networks.
• Can capture sensitive information including emails, messages, and web traffic.
• Carried out stealthily, requiring proximity to the victim and technical skills.

Bluejacking

• Sends unsolicited messages to Bluetooth-enabled devices.
• Commonly used for spam, phishing, or malware.
• Does not need a network connection, but requires knowledge of the victim’s Bluetooth address.

SMS Spoofing

• Involves sending fake messages that appear from trusted sources (e.g., banks).
• Used to trick users into revealing personal information or downloading malware.
• Can be executed secretly but requires the victim’s phone number.

Malware

• Software designed to infect devices to steal or damage data.
• Distribution methods include email attachments, downloads, and malicious sites.
• Can be executed remotely, needing a delivery method like phishing.

Conclusion on Wireless Attacks

• Risks include data theft, identity theft, financial loss, and reputational damage.
• Protection measures: strong passwords, updated software, avoiding unsecured networks, and using reputable app stores.
• Businesses should implement firewalls, intrusion detection systems, and employee security training.

Mobile Device Registry Settings

• Microsoft ActiveSync synchronizes Windows mobile devices with PCs and Outlook.
• Supports wireless updates for emails, calendars, notes, and contacts.
• Proper registry settings help protect information flow between devices and applications.

Authentication Service Security

• Mobile security encompasses device security and network security.
• Secure network access involves authentication between devices and servers.
• Common mobile attacks: DoS, traffic analysis, eavesdropping, man-in-the-middle, session hijacking.

Device Security Measures

• Utilize Wireless Application Protocols (WAP) and Virtual Private Networks (VPN).
• MAC address filtering enhances network security.
• Collective tools and techniques are essential in device hardening.

Mutual Authentication

• Addresses vulnerabilities associated with rogue access points.
• Both the client and access point authenticate each other, ensuring secure connections.

Wired Equivalent Privacy (WEP)

• An early Wi-Fi security standard established in 1999.
• Provides authentication and encryption but is outdated and easily compromised.

Wi-Fi Protected Access (WPA/WPA2)

• WPA uses 256-bit keys; WPA2 obligates Advanced Encryption Standard algorithms for enhanced security.
• WPA2 allows longer passwords (up to 63 characters) and has better encryption protocols.

Attacks on Mobile Devices

• Cyber-attacks can disable systems and steal sensitive data.
• Common attack types: malware (including spyware, Trojans, ransomware) and phishing.
• Password attacks exploit user credentials; other threats include SQL injection and Denial of Service (DoS).

Cyber Security Overview

• Cybersecurity has evolved significantly since the 1970s to address increasing cyber threats.
• Encompasses measures to protect hardware, software, and data.
• Essential for maintaining operational integrity against various cyber threats.