THAT IS CALLED CYBER SECURITY…..!

Q1) What is the effect of proliferation of mobile and wireless devices over cybercrime?

PROLIFERATION refers to the growth in mobile and Wireless devices.

Today, incredible advances are being made for mobile devices. The trend is for smaller devices
and more processing power. A few years ago, the choice was between a wireless phone and a
simple PDA. Now the buyers have a choice between high-end PDAs with integrated wireless
modems and small phones with wireless Web-browsing capabilities. A long list of options is
available to the mobile users. A simple hand-held mobile device provides enough computing
power to run small applications, play games and music, and make voice calls. A key driver for the
growth of mobile technology is the rapid growth of business solutions into hand-held devices
As the term "mobile device" includes many products. We first provide a clear distinction among
the key terms: mobile computing, wireless computing and hand-held devices. Figure below helps
us understand how these terms are related. Let us understand the concept of mobile computing and
the various types of devices. Mobile computing is "taking a computer and all necessary files and
software out into the field." Many types of mobile computers have been introduced since 1990s.
They are as follows:
1. Portable computer: It is a general-purpose computer that can be easily moved from one place
to another, but cannot be used while in transit, usually because it requires some "setting-up" and
an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has features of a
touchscreen with a stylus and handwriting recognition software. Tablets may not be best suited for
applications requiring a physical keyboard for typing but are otherwise capable of carrying out
most tasks that an ordinary laptop would be able to perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the Internet tablet
does not have much computing power and its applications suite is limited. Also, it cannot replace a
general-purpose computer. The Internet tablets typically feature an MP3 and video player, a Web
browser, a chat application and a picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer with limited
functionality. It is intended to supplement and synchronize with a desktop computer, giving access
to contacts, address book, notes, E-Mail and other features.
5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-purpose operating
system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current Smartphones have
a wide range of features and installable applications7. Carputer: It is a computing device installed
in an automobile. It operates as a wireless computer, sound system, global positioning system (GPS)
and DVD player. It also contains word processing software and is Bluetooth compatible.
7. Computer:- It is a computing device install in an automobile. It operates as a wireless computer,
sound system, GPS etc.
8. Fly Fusion Pen top computer: It is a computing device with the size and shape of a pen. It
functions as a writing utensil, MP3 player, language translator, digital storage device and
calculator.

Effect of proliferation over cybercrime:- Due to proliferation (Growth) of mobile and wireless
devices the Cyber Security is becoming a severe issue for individuals, enterprises, and
governments alike. In a world where everything is on the internet, from cute kitten videos and our
travel diaries to our credit card information, ensuring that our data remains safe is one of the biggest
 THAT IS CALLED CYBER SECURITY…..!
challenges of Cyber Security. Cyber Security challenges come in many forms, such as
ransomware, phishing attacks and malware attacks.

IOT devices transmit data over a network Examples of IoT devices include desktops, laptops,
mobile phones, smart security devices, etc. As the adoption of IoT devices is increasing at an
unprecedented rate, so are the challenges of Cyber Security. Attacking IoT devices can result in
the compromise of sensitive user data. Safeguarding IoT devices is one of the biggest challenges
in Cyber Security.

To protect your devices and data against cyber threats, you can adopt simple measures such as
using the latest hardware and software for your digital needs. You will also need to adopt advanced
measures such as installing a firewall to add an extra security layer.

Q2) What are the measures should be taken for organizational security policies in mobile
computing?

1) Proliferation of hand-held devices used makes the cybersecurity issue graver than we can
think. people are storing more types of confidential information on mobile computing
devices. Such as credit card and bank account numbers, passwords, confidential E-Mails and
strategic information about organization, merger or takeover plans. If such important and
valuable information leak that could impact on their business or stock values.

2) If an employee's USB, pluggable drive or laptop was lost or stolen, revealing sensitive
customer data such as credit reports, social security numbers (SSNs) and contact
information. Not only would this be a public relations (PR) disaster, but it could also violate
laws and regulations. It could be a potential legal trouble for a public company whose sales
reports, employee records or expansion plans may fall into wrong hands.
3) The simplest solution is to prevent users from storing proprietary information on platforms
that are insufficiently secure. by increasing awareness of 'the user, it can be reasonably
effective. Information classification and handling policy should clearly define what sorts of
data may be stored on mobile devices. In the absence of other controls, simply not storing
confidential data on at-risk platforms will mitigate the risk of theft or loss.

Operating Guidelines for Implementing Mobile Device Security Policies

1. Determine whether the employees in the organization need to use mobile computing
devices at all, based on their risks and benefits within the organization, industry and
regulatory environment.
2. Implement additional security technologies, as appropriate to fit both the organization and
the types of devices used. Most (and perhaps all) mobile computing devices will need to
have their native security augmented with such tools as strong encryption, device
passwords and physical locks. Biometrics techniques can be used for authentication and
encryption and have great potential to eliminate the challenges associated with passwords.
3. Standardize the mobile computing devices and the associated security tools being used
with them. As a matter of fundamental principle, security deteriorates quickly as the tools
and devices used become increasingly disparate.
4. Develop a specific framework for using mobile computing devices, including guidelines for
data syncing, the use of firewalls and anti-malware software and the types of information
that can be stored on them.
 THAT IS CALLED CYBER SECURITY…..!
5. Centralize management of your mobile computing devices. Maintain an inventory so that
you know who is using what kinds of devices.,
6. Establish patching procedures for software on mobile devices. This can often be simplified
by integrating patching with syncing or patch management with the centralized inventory
database.
7. Label the devices and register them with a suitable service that helps recovered devices to
the owners.
8. Establish procedures to disable remote access for any mobile devices reported as lost or
stolen. Many devices allow the users to store usernames and passwords for website
portals, which could allow a thief to access even more information than on the device itself.
9. Remove data from computing devices that are not in use or before re-assigning those
devices to new owners. This is to preclude incidents through which people obtain "old"
computing devices that still had confidential company data.
10. Provide education and awareness training to personnel using mobile devices. People
cannot be expected to appropriately secure their information if they have not been told
how.

Q3) what one risks of mobile computing explain in detail?

Mobile computing provides a variety of wireless devices that has the mobility to allow people to
connect to the internet. It provides wireless transmission to access data and information from the
locations they are stored. As we know that mobile computing is the communication between
computing devices without any physical connection between them, we use wireless networks to
establish connections in mobile computing. So, there are always some chances of threats and
security issues due to wireless connections. Mobile Computing faces many improper and unethical
practices and problems such as hacking, industrial espionage, pirating, online fraud and malicious
destruction.

Device Security Risk

Mobile devices are very prone to new types of security attacks and fraud issues. These issues are
not only because of the mobile devices' vulnerability but also because of the sensitive data that the
mobile devices have stored. These security issues and threats such as Virus, Spyware and Trojan
may damage or destroy the mobile devices and steal the information stored on them. A virus is a
part of malicious software or spyware that tends to gather information about the user without his/her
knowledge.
Following is a list of some mobile computing risk which we face while using mobile devices:
Mobile phone theft:-
Theft of mobile phone has risen dramatically over the past few years. If a person loses his phone In
such cases the person lose his all information stored in device. And thief can miss use that
information against victim for blackmailing or by using that information he can transfer money from
victim’s bank accounts.
Phishing
Phishing is a type of social engineering attack often used to steal user data, including login
credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted
entity, dupes a victim into opening an email, instant message, or text message. The recipient is
then tricked into clicking a malicious link, which can lead to the installation of malware, the
freezing of the system as part of a ransomware attack or the revealing of sensitive information.
Smishing
 THAT IS CALLED CYBER SECURITY…..!
Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known
as SMS phishing. As a variant of phishing, victims are deceived into giving sensitive information to
a disguised attacker. SMS phishing can be assisted by malware or fraud websites

Q4) What types of internet frauds are most common? Explain in detail?
 The term ‘internet fraud’ refers to any type of fraud scheme that uses email, web sites, chat
rooms or message boards to foul prospective victims, to conduct fake transactions or to
transmit the proceeds of fraud to financial institutions or to others connected with the
scheme.
 Internet fraud may include spam, scams, spyware, identity theft, phishing or internet
banking fraud.
Phishing
“Phishing” (pronounced “fishing”) is when criminals use email to try to lure you to fake
websites, where you are asked to disclose confidential, financial, or personal information like
passwords, account numbers, or transaction information.
The most common type of phishing is an email threatening some dire consequence if you do
not immediately log in and take action.
You should never respond or reply to email that:
 Requires you to enter organizational or personal information directly into the email or
submit that information some other way
 Threatens to close or suspend your account if you do not take immediate action by
providing specific information about you or your company
 Solicits your participation in a survey where you are asked to enter personal information
 States that your account has been compromised or that there has been third-party activity
on your account and requests you to enter or confirm your account information
 States that there are unauthorized transactions on your account(s) and requests your
account information
 Asks you to enter your User ID, password, or account numbers into an email or non-secure
website
 Asks you to confirm, verify, or refresh your account information
 Directs you to a screen that asks you to provide additional data beyond your normal login
information
 Asks you to validate account information for banking systems you do not use
Vishing
Phishing scams can have a phone connection. First, it was “phishing,” where criminals send
email by the thousands in hopes of tricking unsuspecting users into sharing confidential
information.
Now, there is “vishing.” In this latest twist, fraudsters use a telephone number in the phishing
email instead. If you call, a person or an automated response system will ask for your personal
or account information.
When you call J.P. Morgan, only call the phone numbers we have provided directly to you
during your program implementation.
REMINDER: J.P. Morgan will never ask you for your password.
EXAMPLE
Employment Scam :- There are many online employment platforms (i.e. LinkedIn, Glassdoor,
Zip Recruiter etc.). Companies use these to be cost effective and convenient when hiring.
Unfortunately, scammers can use these websites to gain access to the personal information of
 THAT IS CALLED CYBER SECURITY…..!
their targets. They post fake job recruitments and ask for money while victim applying for the
job.

Q5) what kind of attacks are possible on mobile cell phone discuss in detail?
Mobile devices can be attacked at different levels. This includes the potential for malicious apps,
network-level attacks, and exploitation of vulnerabilities within the devices and the mobile OS.
As mobile devices become increasingly important, they have received additional attention from
cybercriminals. As a result, cyber threats against these devices have become more diverse.
Malicious Apps and websites
Like desktop computers, mobile devices have software and Internet access. Mobile malware (i.e.
malicious applications) and malicious websites can accomplish the same objectives (stealing data,
encrypting data, etc.) on mobile phones as on traditional computers.
Malicious apps come in a variety of different forms. The most common types of malicious mobile
apps are trojans that also perform ad and click scams.
Mobile Ransomware
Mobile ransomware is a particular type of mobile malware, but the increased usage of mobile
devices for business has made it a more common and damaging malware variant. Mobile
ransomware encrypts files on a mobile device and then requires a ransom payment for the
decryption key to restore access to the encrypted data.
Phishing
“Phishing” (pronounced “fishing”) is when criminals use email to try to lure you to fake websites,
where you are asked to disclose confidential, financial, or personal information like passwords,
account numbers, or transaction information.
The most common type of phishing is an email threatening some dire consequence if you do not
immediately log in and take action.
Man-in-the-Middle (MitM) Attacks
Man-in-the-Middle (MitM) attacks involve an attacker intercepting network communications to
either eavesdrop on or modify the data being transmitted. While this type of attack may be
possible on different systems, mobile devices are especially susceptible to MitM attacks. Unlike
web traffic, which commonly uses encrypted HTTPS for communication, SMS messages can be
easily intercepted, and mobile applications may use unencrypted HTTP for transfer of potentially
sensitive information

How to protect yourself from mobile security threats

Mobile security threats may sound scary, but here are six steps you can take to help protect yourself
from them.
1. Keep your software updated. Only 20 percent of Android devices are running the newest
version and only 2.3 percent are on the latest release.1 Everything from your operating
system to your social network apps are potential gateways for hackers to compromise your
mobile device. Keeping software up to date ensures the best protection against most mobile
security threats.
2. Choose mobile security. Just like computers, your mobile devices also
need internet security. Make sure to select mobile security software from a trusted
provider and keep it up to date.
3. Install a firewall. Most mobile phones do not come with any kind of firewall protection.
Installing a firewall provides you with much stronger protection against digital threats and
allows you to safeguard your online privacy.
 THAT IS CALLED CYBER SECURITY…..!
4. Always use a passcode on your phone. Remember that loss or physical theft of your mobile
device can also compromise your information.
5. Download apps from official app stores. Both the Google Play and Apple App stores vet
the apps they sell; third-party app stores don’t always. Buying from well-known app stores
may not ensure you never get a bad app, but it can help reduce your risk.
6. Always read the end-user agreement. Before installing an app, read the fine
print. Grayware purveyors rely on your not reading their terms of service and allowing their
malicious software onto your device.

Q 6) What are organizational measures for handling mobile devices?

1. Implement strong asset management, virus checking, loss prevention and other
controls for mobile systems that will prohibit unauthorized access and the entry of
corrupted data.
2. Investigate alternatives that allow a secure access to the company information
through a firewall, such as mobile VPNs.
3. Develop a system of more frequent and thorough security audits for mobile
devices.
4. Incorporate security awareness into your mobile training and support programs so
that everyone understands just how important an issue security is within a
company's overall IT strategy.
5. Notify the appropriate law-enforcement agency and change passwords. User
accounts are closely monitored for any unusual activity for a period of time.

Q7) what are the policies organizations use to maintain security on mobile devices called?
(For Q7 please Refer Q2 and Q8)

Q8) Explain the best practice in implementing security polices and also explain three types
of security policies?

What is a security policy?

A security policy (also called an information security policy or IT security policy) is a document
that spells out the rules, expectations, and overall approach that an organization uses to maintain
the confidentiality

1. Standardize the mobile computing devices and the associated security tools being used
with them. As a matter of fundamental principle, security deteriorates quickly as the tools
and devices used become increasingly disparate.
2. Develop a specific framework for using mobile computing devices, including guidelines for
data syncing, the use of firewalls and anti-malware software and the types of information
that can be stored on them.
3. Centralize management of your mobile computing devices. Maintain an inventory so that
you know who is using what kinds of devices.,
4. Label the devices and register them with a suitable service that helps recovered devices to
the owners.
 THAT IS CALLED CYBER SECURITY…..!
5. Establish procedures to disable remote access for any mobile devices reported as lost or
stolen. Many devices allow the users to store usernames and passwords for website
portals, which could allow a thief to access even more information than on the device itself.
6. Provide education and awareness training to personnel using mobile devices. People
cannot be expected to appropriately secure their information if they have not been told
how.

three types of security policies

1. Program policy
Program policies are strategic, high-level blueprints that guide an organization’s information
security program. They spell out the purpose and scope of the program, as well as define roles
and responsibilities and compliance mechanisms. Also known as master or organizational
policies, these documents are crafted with high levels of input from senior management and are
typically technology agnostic. They are the least frequently updated type of policy, as they should
be written at a high enough level to remain relevant even through technical and organizational
changes.
2. Issue-specific policy
Issue-specific policies build upon the generic security policy and provide more concrete
guidance on certain issues relevant to an organization’s workforce. Common examples could
include a network security policy, bring-your-own-device (BYOD) policy, social media policy, or
remote work policy. These may address specific technology areas but are usually more generic.
A remote access policy might state that offsite access is only possible through a company-
approved and supported VPN, but that policy probably won’t name a specific VPN client. This
way, the company can change vendors without major updates.

3. System-specific policy
A system-specific policy is the most granular type of IT security policy, focusing on a particular
type of system, such as a firewall or web server, or even an individual computer. In contrast to the
issue-specific policies, system-specific policies may be most relevant to the technical personnel
that maintains them. NIST states that system-specific policies should consist of both a security
objective and operational rules. IT and security teams are heavily involved in the creation,
implementation, and enforcement of system-specific policies but the key decisions and rules are
still made by senior management.

Q9) What kinds of attacks are possible on mobile/cell phones? Explain with example.

( Please Refer Q5 & 13)

Example of Vishing
1. Automated message: Thank you for calling (name of local bank). Your business is important to
us.To help you reach the correct representative and answer your query fully, please press the
appropriate number on your handset after listening to options.

Press 1 if you need to check your banking details and live balance. Press 2 if you wish to transfer
funds.

Press 3 to unlock your online profile. Press 0 for any other query.
2. Regardless of what the victim enters (Le.. presses the key), the automated system prompts him
 THAT IS CALLED CYBER SECURITY…..!
to authenticate himself: "The security of each customer is important to us. To proceed further. we
require that you authenticate your ID before proceeding. Please type your bank account number,
followed by the pound key." The victim enters his/her bank account number and hears the next
prompt: "Thank you. Now please type your date of birth, followed by the pound key.
For example 01 January 1950 press 01011950." 3. 4. The caller enters his/her date of birth and
again receives a prompt from the automated system:

Thank you. Now please type your PIN, followed by the pound key." 5. The caller enters his PIN
and hears one last prompt from the system: "Thank you. We will now Transfer you to the
appropriate representative.

At this stage, the phone call gets disconnected, and the victim thinks there was something wrong
with the telephone line; or visher may redirect the victim to the real customer service line, and the
victim will not be able to know at all that his authentication was appropriated by the visher.

10) Describe Credit card fraud in mobile and wireless Computing with example.
( Please Refer Q14)
 In this modern era, the rising importance of electronic gadgets – which became an integral
part of business, providing connectivity with the internet outside the office – brings many
challenges to secure these devices from being a victim of cyber crime. These Credit card
frauds and all are the new trends in cybercrime that are coming up with mobile computing.
 Credit card (or debit card) fraud is a form of identity theft that involves an unauthorized
taking of another’s credit card information for the purpose of charging purchases to the
account or removing funds from it.
Types of Credit Card Fraud:
 The first category, lost or stolen cards, is a relatively common one, and should be reported
immediately to minimize any damages.
 The second is called “account takeover” — when a cardholder unwittingly gives personal
information (such as home address, mother’s maiden name, etc.) to a fraudster, who then
contacts the cardholder’s bank, reports a lost card and change of address, and obtains a
new card in the soon-to-be victim’s name.
 The fourth is called “never received” — when a new or replacement card is stolen from
the mail, never reaching its rightful owner.
 The fifth is fraudulent application— when a fraudster uses another person’s name and
information to apply for and obtain a credit card.
 Fake shopping website.
 Attracting high profit generating investment scheme where attackers forced to make
payment from credit card.

Q11) What are the trends in mobility?

Mobile computing is moving into a new era, third generation ( 3G), which promises greater variety
in applications and have highly improved usability as well as speedier networking. "iPhone" from
Apple and Google-led "Android" phones are the best examples of this trend and there are plenty
of other developments that point in this direction. This smart mobile technology is rapidly gaining
popularity and the attackers (hackers and crackers) are among its biggest fans.
 THAT IS CALLED CYBER SECURITY…..!
It is worth noting the trends in mobile computing; this will help readers to readers to realize the
seriousness of cybersecurity issues in the mobile computing domain. Figure below shows the
different types of mobility and their implications. The new technology 3G networks are not entirely
built with IP data security. Moreover, IP data world when compared to voice-centric security threats
is new to mobile operators. There are numerous attacks that can be committed against mobile
networks, and they can originate from two primary vectors. One is from outside the mobile network
- that is, public Internet, private networks and other operator's networks - and the other is within
the mobile networks- that is, devices such as data-capable handsets and Smartphones, notebook
computers or even desktop computers connected to the 3G network.

Popular types of attacks against 3G mobile

networks are as follows:1. Malwares, viruses
and worms: Although many users are still in
the transient process of switching from
2G,2.5G to 3G, it is a growing need to educate
the community people and provide
awareness of such threats that exist while
using mobile devices. Here are few examples
of malware(s) specific to mobile devices:

Skull Trojan: I targets Series 60 phones

equipped with the Symbian mobile OS.
Cabir Worm: It is the first dedicated mobile-
phone worm infects phones running on
Symbian OS and scans other mobile devices
to send a copy of itself to the first vulnerable
phone it finds through Bluetooth Wireless technology. The worst thing about this worm is that the
source code for the Cabir-H and Cabir-I viruses is available online.
Mosquito Trojan: It affects the Series 60 Smartphones and is a cracked version of "Mosquitos" mobile
phone game.
Brador Trojan: It affects the Windows CE OS by creating a svchost. exe file in the Windows start-up
folder which allows full control of the device. This executable file is conductive to traditional worm
propagation vector such as E-Mail file attachments.
Lasco Worm: It was released first in 2005 to target PDAs and mobile phones running the Symbian
OS. Lasco is based on Cabir's source code and replicates over Bluetooth connection.
2. Denial-of-service (DoS): The main objective behind this attack is to make the system unavailable
to the intended users. Virus attacks can be used to damage the system to make the system
unavailable. Presently, one of the most common cyber security threats to wired Internet service
providers (iSPs) is a distributed denial-of-service (DDos) attack .DDoS attacks are used to flood the
target system with the data so that the response from the target system is either slowed or stopped.

3. Overbilling attack: Overbilling involves an attacker hijacking a subscriber's IP address and then
using it (i.e., the connection) to initiate downloads that are not "Free downloads" or simply use it for
his/her own purposes. In either case, the legitimate user is charged for the activity which the user
did not conduct or authorize to conduct.5. Signaling-level attacks: The Session Initiation Protocol
(SIP) is a signaling protocol used in IP multimedia subsystem (IMS) networks to provide Voice Over
Internet Protocol (VoIP) services. There are several vulnerabilities with SIP-based VolP systems.
 THAT IS CALLED CYBER SECURITY…..!

Q12) What kinds of cybersecurity measures an organization should have to take in case of
portable storage devices?
Use passwords correctly - In the process of getting to the information on your portable device, you
probably encounter multiple prompts for passwords. Take advantage of this security. Don't choose
options that allow your computer to remember passwords, don't choose passwords that thieves
could easily guess, use different passwords for different programs, and take advantage of
additional authentication methods (see Choosing and Protecting Passwords and Supplementing
Passwords for more information).
Consider storing important data separately - There are many forms of storage media, including
CDs, DVDs, and removable flash drives (also known as USB drives or thumb drives). By saving your
data on removable media and keeping it in a different location (e.g., in your suitcase instead of your
laptop bag), you can protect your data even if your laptop is stolen. You should make sure to secure
the location where you keep your data to prevent easy access. It may be helpful to carry storage
media with other valuables that you keep with you at all times and that you naturally protect, such
as a wallet or keys.Encrypt files - By encrypting files, you ensure that unauthorized people can't
view data even if they can physically access it. You may also want to consider options for full disk
encryption, which prevents a thief from even starting your laptop without a passphrase. When you
use encryption, it is important to remember your passwords and passphrases; if you forget or lose
them, you may lose your data.
Install and maintain anti-virus software - Protect laptops and PDAs from viruses the same way you
protect your desktop computer. Make sure to keep your virus definitions up to date (see
Understanding Anti-Virus Software for more information). If your anti-virus software doesn't include
anti-spyware software, consider installing separate software to protect against that threat (see
Recognizing and Avoiding Spyware and Coordinating Virus and Spyware Defense for more
information).
Install and maintain a firewall - While always important for restricting traffic coming into and leaving
your computer, firewalls are especially important if you are traveling and using different networks.
Firewalls can help prevent outsiders from gaining unwanted access (see Understanding Firewalls
for more information).Back up your data - Make sure to back up any data you have on your computer
onto a CD-ROM, DVD-ROM, or network (see Good Security Habits and Real-World Warnings Keep
You Safe Online for more information). Not only will this ensure that you will still have access to the
information if your device is stolen, but it could help you identify exactly which information a thief
may be able to access. You may be able to take measures to reduce the amount of damage that
exposure could cause.
 THAT IS CALLED CYBER SECURITY…..!
Q13) What kinds of attacks are possible on mobile/cell phones? Explain with example.

Types of Wireless and Mobile Device Attacks

Below are some of the most common types of Wireless and Mobile Device Attacks:

SMiShing :
Smishing become common now as smartphones are widely used. SMiShing uses Short Message
Service (SMS) to send fraud text messages or links. The criminals cheat the user by calling. Victims
may provide sensitive information such as credit card information, account information, etc.
Accessing a website might result in the user unknowingly downloading malware that infects the
device.

War driving :
War driving is a way used by attackers to find access points wherever they can be. With the
availability of free Wi-Fi connection, they can drive around and obtain a very huge amount of
information over a very short period of time.WEP attack :
Wired Equivalent Privacy (WEP) is a security protocol that attempted to provide a wireless local
area network with the same level of security as a wired LAN. Since physical security steps help to
protect a wired LAN, WEP attempts to provide similar protection for data transmitted over WLAN
with encryption.WEP uses a key for encryption. There is no provision for key management with
Wired Equivalent Privacy, so the number of people sharing the key will continually grow. Since
everyone is using the same key, the criminal has access to a large amount of traffic for analytic
attacks.

WPA attack :
Wi-Fi Protected Access (WPA) and then WPA2 came out as improved protocols to replace WEP.
WPA2 does not have the same encryption problems because an attacker cannot recover the key by
noticing traffic. WPA2 is susceptible to attack because cyber criminals can analyze the packets
going between the access point and an authorized user.

Bluejacking :
Bluejacking is used for sending unauthorized messages to another Bluetooth device. Bluetooth is a
high-speed but very short-range wireless technology for exchanging data between desktop and
mobile computers and other devices.Replay attacks :
In Replay attack an attacker spies on information being sent between a sender and a receiver. Once
the attacker has spied on the information, he or she can intercept it and retransmit it again thus
leading to some delay in data transmission. It is also known as playback attack.

Bluesnarfing :
It occurs when the attacker copies the victim’s information from his device. An attacker can access
information such as the user’s calendar, contact list, e-mail and text messages without leaving any
evidence of the attack.

RF Jamming :
Wireless signals are susceptible to electromagnetic interference and radio-frequency interference.
Radio frequency (RF) jamming distorts the transmission of a satellite station so that the signal does
not reach the receiving station.
 THAT IS CALLED CYBER SECURITY…..!
Q14) Describe Credit card fraud in mobile and wireless Computing with example.

Credit Card Frauds

This era belongs to technology where technology becomes a basic part of our lives whether in
business or home which requires connectivity with the internet and it is a big challenge to secure
these units from being a sufferer of cyber-crime. Wireless credit card processing is a
tremendously new service that will enable an individual to process credit cards electronically,
virtually anywhere. It permits corporations to process transactions from mobile locations quickly,
efficiently, and professionally and it is most regularly used via organizations that function in
general in a cellular environment.
Nowadays there are some restaurants that are using wifi processing tools for the safety of their
credit card paying customers. Credit card fraud can take place when cards are misplaced or
stolen, mails are diverted by means of criminals, employees of a commercial enterprise steal
some consumer information.
Techniques of Credit Card Frauds :

1. Traditional Techniques :
Paper-based Fraud –
Paper-based fraud is whereby a criminal makes use of stolen or faux files such as utility payments
and financial institution statements that can construct up beneficial Personally Identifiable
Information (PII) to open an account in anybody else’s name.Application Fraud –

ID Theft :
Where a person pretends to be anybody else.

Financial Fraud :
1. Where a person offers false data about his or her monetary reputation to gather credit.
2. Modern Techniques :
Skimming to Commit Fraud is a kind of crime in which dishonest employees make unlawful copies
of credit or debit cards with the help of a ‘skimmer’. A skimmer is a gadget that captures credit
card numbers and other account information which should be personal. The data and records
held on either the magnetic stripe on the lower back of the deposit card or the records saved on
the smart chip are copied from one card to another