A Seminar on

The cyber crime threat on

mobile devices
Delivered by
Mr. Faisal A. Amdani
BNCOE, Pusad,
amdanifaisal@yahoo.com

Mr. Aditya C. Kokadwar

BNCOE, Pusad,
aditya.kokadwar@gmail.com

B.N.College of Engineering, Pusad (M.S.)

 CONTENTS
Sr.No. Topic
Abstract
1. Introduction – mobile devices
2 What is Cyber Crime
3 The Cyber Security Landscape
3.1 Threats
3.2 Network Security
3.3 System Security
4 Preventive Measures to Oppose Cyber Crime
5 Conclusion
References
 Introduction
A wide range of mobile devices are in use today, including (smart)
phones, media players, tablets, and notebook PCs.

Road vehicles of all kinds (cars, lorries, etc.), RFID tags embedded in all
sorts of devices, chip-based payment cards, and public transport vehicles. Of
course, these are just the mobile devices – many everyday fixed objects are
also rapidly becoming Internet connected, including ‘smart’ buildings, e.g.
shops, restaurants, homes, and workplaces, and installations within buildings,

The main cyber (and hence cyber crime) threats to mobile devices are
reviewed. We then look at how these threats apply to some of the less well-
studied classes of mobile device.

One reason for problems in all categories of mobile devices and systems is
that systems have evolved piecemeal, and there is no overall security
architecture.
 What is Cyber Crime

Cyber crime is regarded as computer-mediated activities

which are either illegal or considered illicit by certain parties
and which can be conducted through global electronic
networks. Cybercrimes describe criminal activity in which
the computer or network is a necessary part of the crime”

From the definition it is obvious that the computer and

mobile devices are the major source of cyber crime.

•Govel (2007) said it “has proven to be accurate, easy, and

reliable; detection has posed constraints in preventing cyber
crime.
 The cyber security landscape

• Following are the cyber security landscape

• Threats
• Network security
• System security
 Threats
• Cyber threats to mobile devices can be divided into two main
classes.
• Communications-based threats include access network
impersonation, mobile device impersonation, and man-in-the-
middle attacks (both active and passive).
 Threats
• System-based threats include software vulnerabilities, side
channel attacks, and social engineering attacks (including
malicious applications).

Figure social engineering attacks

 Threats
• Within a system we can employ a range of techniques,
including: secure software design (to reduce the need to
patch vulnerabilities), attack surface reduction (to reduce the
impact of vulnerabilities), secure hardware/firmware design
(to make finding side channel attacks difficult), careful user
interface design (to reduce the risk of user error), and user
education regarding threats.
 Network security
Some currently deployed network access protocols offer very limited
security. For example, authentication of the ‘access network’ to the device
is sometimes non-existent, e.g. as in GSM and IEEE 802.11 Wi-Fi.

This situation has given rise to a series of public domain

implementations of ‘fake network’ attacks on GSM and IEEE 802.11, as
well as attacks arising from compromised access points, where the
compromise might arise from software or hardware attack.

Pair-wise device authentication can also be vulnerable; for example

the original Bluetooth pairing scheme was rather weak. In general, as a
result of the lack of comprehensive and integrated security solutions for
mobile connected devices, there is an ever-growing risk of widespread
malware attacks, as devices become more ‘smart’ and flexible.
 System security
System security problems with mobile devices have been known for
some time.
For example, the Register reported back in February 2007 that,
according to McAfee, 3G malware attacks in mobile networks had
reached a new high.

Informa had reported that 83% of mobile operators were hit by mobile
device infections in 2006, and the number of reported security incidents in
2006 was more than five times as high as in 2005. Even five years ago,
200 strains of mobile malware had been discovered.

Since then the situation has got much worse, as more recent reports
show. For example:
 System security
Bloomberg reported8 in April 2011 that, according to Kaspersky, the
‘Android mobile-phone platform faces soaring software attacks and has
little control over ... applications. [Kaspersky] identified 70 different types
of malware in March, [an increase] from just two categories in September’.

Wyatt, in ‘The Lookout Blog’, reported in May 2011 that ‘multiple

applications available in the official Android Market were found to contain
malware that can compromise a significant amount of personal data.

Likely created by the same developers who brought DroidDream to

market back in March, 26 applications were found to be infected with a
stripped down version of DroidDream [called] ‘DroidDreamLight’. At this
point we believe between 30,000 and 120,000 users have been affected by
DroidDreamLight’. A Sophos report from November 2009-10 reports on a
range of iPhone malware.
 Preventive Measures to Oppose
Cyber Crime
•Reduce Opportunities Reduce Opportunities to the Criminals Develop
elaborate system design so that hacker does not hack the mobile.

•Use Authentication Technology Use password bio-metric devices, finger

print or voice recognition technology and retinal imaging, greatly immense the
difficulty of obtaining unauthorized access to information systems. Attention to
be paid to bio-metric technology as this recognizes the particular user’s
authentication for using the particular devices.

•Develop New Technology Develop Technology of encryption and anonymity

and also for protecting infrastructure as hackers or cyber terrorists can attack
over any nation’s infrastructure resulting in massive losses.
.
 Preventive Measures to Oppose
Cyber Crime
•Understand Cyber Crime For volume, impact and legal challenges.
Understand the benefit of proper equipment training and tools to control
cyber crime.

•Think about Nature of Crime Computer crime is diverse, a deep

thought to be given, what cyber crime can take place in one’s particular
organization, so that different types of monitoring/security system can be
designed and proper documentation can be written for security system.

•Adopt Computer Security Avail new sophisticated products and

advice for computer crime prevention which is available free or paid in
the market
 Preventive Measures to Oppose
Cyber Crime
•Use Blocking and Filtering Programs For detecting virus, since virus
can identify and block malicious computer code. Anti Spyware software
helps stopping the criminals from taking hold of one’s PC and helps to
cleanup the PC if the same has been hit.

•Monitoring Controls Separate monitoring to be done for (a) Monetary

files (b) Business information.

•Design Different Tools For different needs rather than using one
particular tool.

•Data Recovery Develop tools for data recovery and analysis

•Reporting Always report the crime to cyber fraud complaint center in

one’s country as they maintain huge data and have better tools for
controlling cyber crime.
 Preventive Measures to Oppose
Cyber Crime
•Design Alert Systems Design the alert system when there is actual
intrusion.

•Install Firewalls (a) As they block particular network traffic according to

security policy. (b) Patches are generally installed automatically and
automatically fixes the software security flaws.

•Install Original Software As they contain many security measures. Pirated

software’s do not contain many security abilities which exist in the original
software.

•Online Assistance Develop regular online assistance to employees. Learn

Internet to one’s advantage only and understand all tips to stay online safe.
 Preventive Measures to Oppose
Cyber Crime
•Avoid Infection Avoid infection rather than cleaning it afterwards keep
browser up to date for security measures.

•Avoid bogus Security Products As many anti-spyware activists’ runs a

website that list bogus security products. Read the license agreement
before installing any program.

•Attachments Avoid opening attachments or e-mails which were not

expecting and have come from unknown source or person.

•Cross Check Cross check regularly the statements of financial accounts

and internet banking.
 Conclusion
The problems with cyber crime; how to improve efforts of prevention;
and the response to cybercrime are what help us to look at the dangers of
cyber space. The Internet is a very powerful tool and effective means of
communication but it is vulnerable just like anything else. The way to
protect it for now is for everyone to be smart and follow preventive
measures; individuals, institutions, and government alike should all follow
these measures. We have seen the actions of the government and what
bots and viruses are capable of and it is important that security measures
be implemented. In response to these issues there have been requests from
the WGIG as well as congress to implement more standards and laws to
help minimize cyber crime. In response to some problems there have been
efforts by some nations by arresting individuals and The Lack of
Attention in the Prevention of Cyber crime and How to Improve it 27
groups that commit cyber crimes like the ones discussed earlier. If
everyone does their part, not only will they be safer but it will be setting
an example for others as well as making it more difficult for hackers to
cause damage.
 References
[1] E. Barkan, E. Biham, and N. Keller, ‘Instant Ciphertext-Only Cryptanalysis
of GSM Encrypted Communication’. Journal of Cryptology 21(3) (2008) 392-
429.
[2] S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage,
K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, ‘Comprehensive
Experimental Analyses of Automotive Attack Surfaces’. In: D. Wagner (ed.),
Proceedings of USENIX Security 2011, USENIX (2011).
[3] B. Driessen, ‘Eavesdropping on satellite telecommunication systems’. Draft
of February 8th 2012.
[4] S. R. Fluhrer, I. Mantin, and A. Shamir, ‘Weaknesses in the Key Scheduling
Algorithm of RC4’. In: Proc. Selected Areas in Cryptography 2001, Springer
(2001) pp.1-24.
[5] Acohido, B. (2007, June 14). Cyber crime arrests by FBI 'A tiny drop in the
bucket'. (Final
Edition).
 References
[6] Cyber Security Industry Alliance. (2005). National Agenda for
Information Security 2006.
Virginia: Cyber Security Alliance.
[7] Emke, J. (2008). Trends and Shocks, and the Impact of the
Acquisition Community. Defense
AT&L , 37 (1), 3.
[8] Furnell, S. (2002). Cyber crime: Vandalizing the Information
Society. Boston, MA, USA:
Addison Wesley.
Gibson, S. (2006). Stepping up the Effort to Beat Cyber-Crime.
Eweek.com.
Thanking You !