Unit-3

► Cybercrime : Mobile and Wireless Devices: Introduction, Proliferation of Mobile and

Wireless Devices, Trends in Mobility, Credit card Frauds in Mobile and Wireless

Computing Era, Security Challenges Posed by Mobile Devices, Registry Settings for

Mobile Devices, Authentication service Security, Attacks on Mobile/Cell Phones,

► Mobile Devices : Security Implications for Organizations, Organizational Measures

for Handling Mobile, Organizational Security Policies an Measures in Mobile

Computing Era, Laptops.

INTRODUCTION
► In the recent years, the use of laptops, personal digital assistants (PDAs), and

mobile phones has grown from limited user communities to widespread

desktop replacement and broad deployment.
► Smartphones combine the best aspects of mobile and wireless technologies

and blend them into a useful business tool

 3.2 Proliferation (Growth) of Mobile and Wireless Devices
🕐 Today, incredible advances are being made for mobile devices.
🕐 The trend is for smaller devices and more processing power.
🕐 A few years ago, the choice was between a wireless phone and a simple PDA
(Personal digital assistant)
🕐 Now the buyers have a choice between high-end PDAs and small phones
with wireless Web-browsing capabilities.
🕐 A simple hand-held mobile device provides enough computing power to run
small applications, play games and music, and make voice calls.
🕐 As the term “mobile device” includes many products. We rst provide a clear
distinction among the key terms: mobile computing, wireless computing and
hand-held devices.
►
Mobile computing
Mobile Computing refers a technology that allows transmission of data, voice
and video via a computer or any other wireless enabled device.
1. Portable computer: It is a general-purpose computer that can be easily
moved from one place to another, but cannot be used while in transit, usually
because it requires some “se ing-up” and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and
has features of a touch screen with a stylus and handwriting recognition
software. Tablets may not be best suited for applications requiring a physical
keyboard for typing, but are otherwise capable of carrying out most tasks
that an ordinary laptop would be able to perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC,
the Internet tablet does not have much computing power and its applications
suite is limited. Also it cannot replace a general-purpose computer. The
Internet tablets typically feature an MP3 and video player, a Web browser, a
chat application and a picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer
with limited functionality. It is intended to supplement and synchronize with a
desktop computer, giving access to contacts, address book, notes, E-Mail
5. Ultramobile PC: It is a full-featured, PDA-sized computer running a general-
purpose operating system (OS).
6. Smartphone: It is a PDA with integrated cell phone functionality. Current
Smartphones have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as a
wireless computer, sound system, global positioning system (GPS) and DVD
player. It also contains word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and shape
of a pen. It functions as a writing utensil, MP3 player, language translator,
digital storage device and calculator.
Wireless computing
► Wireless refers to the method of transferring information between a
computing device (such as a PDA) and a data source (such as an agency
database server) without a physical connection
► Smart hand-helds are de ned as hand-held or pocket-sized devices that
connect to a wireless or cellular network, and can have software installed on
them; this includes networked PDAs and Smartphones
3.3 Trends in Mobility
Popular types of a acks against 3G mobile networks are as follows:
1. Malwares, viruses and worms: Although many users are still in the transient process of switching from 2G,
to 3G, it is a growing need to educate the community people and provide awareness of such threats that
exist while using mobile devices. Here are few examples of malware(s) speci c to mobile devices:
• Skull Trojan: It targets Series 60 phones equipped with the Symbian mobile OS.
• Cabir Worm: It is the rst dedicated mobile-phone worm; infects phones running on Symbian OS
and scans other mobile devices to send a copy of itself to the rst vulnerable phone it nds through
Bluetooth Wireless technology. The worst thing about this worm is that the source code for the
Cabir-H and Cabir-I viruses is available online.
• Mosquito Trojan: It a ects the Series 60 Smart phones and is a cracked version of “Mosquitos”
mobile phone game.
• Brador Trojan: It a ects the Windows CE OS by creating a svchost.exe le in the Windows start-up
folder which allows full control of the device. This executable le is conductive to traditional worm
propagation vector such as E-Mail le a achments.
• Lasco Worm: It was released rst in 2005 to target PDAs and mobile phones running the Symbian
OS. Lasco is based on Cabir’s source code and replicates over Bluetooth connection.
Contin….
Denial-of-service (DoS): The main objective behind this a ack is to make the
system unavailable to the intended users. Virus a acks can be used to
2.

damage the system to make the system unavailable.

Overbilling a ack: Overbilling involves an a acker hijacking a subscriber’s IP
address and then using it (i.e., the connection) to initiate downloads that are
3.

not “Free downloads” or simply use it for his/her own purposes. In either case,
the legitimate user is charged for the activity which the user did not conduct.
Spoofed policy development process (PDP): These types of a acks exploit
the vulnerabilities in the GTP [General Packet Radio Service (GPRS)
4.

Tunneling Protocol].
Signalling-level a acks: The Session Initiation Protocol (SIP) is a signaling
protocol used in IP multimedia subsystem (IMS) networks to provide Voice
5.

Over Internet Protocol (VoIP) services. There are several vulnerabilities with
SIP-based VoIP systems.
 3.4 Credit Card Frauds in Mobile and Wireless Computing Era
► These are new trends in cybercrime that are coming up with mobile
computing – mobile commerce (M- Commerce) and mobile banking (M-
Banking).
🕐 Wireless credit card processing is a very desirable system, because it allows
businesses to process transactions from mobile locations quickly, e ciently
and professionally.
► Credit card companies, normally, do a good job of helping consumers resolve
identity (ID) theft problems once they occur. But they could reduce ID fraud
even more if they give consumers be er tools to monitor their accounts and
limit high-risk transactions
1. Merchant sends a transaction to bank;
2. The bank transmits the request to the authorized cardholder
3. The cardholder approves or rejects (password protected);
4. The bank/merchant is noti ed;
5. Credit card transaction is complete
(Box 3.2). Tips to Prevent Credit Card Frauds
∙ The current topic is about credit card frauds in mobile and wireless computing era,
however, we would like to include these tips to prevent credit card frauds caused due to
individual ignorance about a few known facts.
Do’s
1. Put your signature on the card immediately upon its receipt.
2.remember
Make the photocopy of both the sides of your card and preserve it at a safe place to
the card number, expiration date in case of loss of card.
3.doing
Change the default
any transaction. personal identi cation number (PIN) received from the bank before
4. Always carry the details about contact numbers of your bank in case of loss of your card.
5. Carry your cards in a separate pouch/card holder than your wallet.
6. Keep an eye on your card during the transaction, and ensure to get it back immediately.
7. Preserve all the receipts to compare with credit card invoice.
8. Reconcile your monthly invoice/statement with your receipts.
9. Report immediately any discrepancy observed in the monthly invoice/statement.
10. Destroy all the receipts after reconciling it with the monthly invoice/statement.
11. Inform your bank in advance, about any change in your contact details such as home address, cell phone number
and E-Mail address.
12. Ensure the legitimacy of the website before providing any of your card details.
13. Report the loss of the card immediately in your bank and at the police station, if necessary.
 Dont’s
► 1. Store your card number and PINs in your cell.
► 2. Lend your cards to anyone.
► 3. Leave cards or transaction receipts lying around.
► 4. Sign a blank receipt (if the transaction details are not legible, ask for another
receipt to ensure the amount instead of trusting the seller).
► 5. Write your card number/PIN on a postcard or the outside of an envelope.
► 6. Give out immediately your account number over the phone (unless you are
calling to a company/ to your bank).
► 7. Destroy credit card receipts by simply dropping into garbage box/dustbin.
 4.1 Types and Techniques of Credit Card Frauds
► Traditional Techniques
🕐 The traditional and the rst type of credit card fraud is paper-based fraud –
application fraud, wherein a criminal uses stolen or fake documents such as
utility bills and bank statements that can build up useful personally
Identi able Information (PII) to open an account in someone else’s name.
🕐 Application fraud can be divided into
1. ID theft: Where an individual pretends to be someone else
2. Financial fraud: Where an individual gives false information about his or her
nancial status to acquire credit.
3. Illegal use of lost and stolen cards is another form of traditional technique.
4. Stealing a credit card is either by pickpocket or from postal service before it
reaches its nal destination.
 Modern Techniques
🕐 Skimming is where the information held on either the magnetic strip on the
back of the credit card or the data stored on the smart chip are copied from
one card to another.
🕐 Site cloning and false merchant sites on the Internet are becoming a popular
method of fraud and to direct the users to such bogus/fake sites is called
Phishing.
🕐 Such sites are designed to get people to hand over their credit card details
without realizing that they have been directed to a fake weblink /website (i.e.,
they have been scammed).
1.Triangulation
• The criminal o ers the goods with heavy discounted rates through a website
designed and hosted by him, which appears to be legitimate merchandise
website.
• The customer registers on this website with his/her name, address, shipping
address and valid credit card details.
• The criminal orders the goods from a legitimate website with the help of
stolen credit card details and supply shipping address that have been
provided by the customer while registering on the criminal’s website.
• The goods are shipped to the customer and the transaction gets completed.
• The criminal keeps on purchasing other goods using fraudulent credit card
details of di erent customers till the criminal closes existing website and
2. Credit card generators: It is another modern technique – computer emulation
software – that creates valid credit card numbers and expiry dates. The criminals
highly rely on these generators to create valid credit cards. These are available
for free download on the Internet
3.5 Security Challenges Posed by Mobile Devices
► https://www.youtube.com/watch?v=OOQHxAs2tiE
❖ As the number of mobile device users increases, two challenges are
presented:

1. at the device level called “microchallenges”

2. at the organizational level called “macrochallenges.”

 Some well-known technical challenges in mobile security are:
1. Managing The Registry Se ings And Con gurations
2. Authentication Service Security
3. Cryptography Security
4. Lightweight Directory Access Protocol (LDAP) Security
5. Remote Access Server (RAS ) Security
6. Media Player Control Security
7. Networking Application Program Interface (API ) Security,
Etc.
3.6 Registry Se ings for Mobile Devices
► Microsoft ActiveSync is meant for synchronization with Windows-powered
personal computers (PCs) and Microsoft Outlook.
► ActiveSync acts as the gateway between Windows-powered PC and
Windows mobile-powered device, enabling the transfer of applications
such as Outlook information, Microsoft O ce documents, pictures, music,
videos and applications from a user’s desktop to his/her device.
► In addition to synchronizing with a PC, ActiveSync can synchronize directly
with the Microsoft exchange server so that the users can keep their E-
Mails, calendar, notes and contacts updated wirelessly when they are away
from their PCs.
 ❑ In this context, registry se ing becomes an important issue given the
ease with which various applications allow a free ow of information.
🕐 Thus, establishing trusted groups through appropriate registry se ings
becomes crucial. One of the most prevalent areas where this a ention to
security is applicable is within “group policy.” Group policy is one of the core
operations that are performed by Windows Active Directory. (Run command
box, type GPEDIT.MSC command to initiate the Local Group Policy Editor)
3.7 Authentication Service Security
❖ There are two components of security in mobile computing: security
of devices and security in networks.
❖ A secure network access involves mutual authentication between the
device and the base stations or Web servers.
❖ This is to ensure that only authenticated devices can be connected to
the network for obtaining the requested services.
❖ Some eminent kinds of a acks to which mobile devices are subjected
to are: push a acks, pull a acks and crash a acks
 3.7.1 Cryptographic Security for Mobile Devices
🕐 Cryptographically Generated Addresses (CGA) is Internet Protocol version 6
(IPv6) that addresses up to 64 address bits that are generated by hashing
owner’s public-key address.
🕐 The address the owner uses is the corresponding private key to assert
address ownership and to sign messages sent from the address without a
public-key infrastructure (PKI) or other security infrastructure.
🕐 Deployment of PKI provides many bene ts for users to secure their nancial
transactions initiated from mobile devices.
🕐 CGA-based authentication can be used to protect IP-layer signaling
protocols including neighbor discovery (as in context-aware mobile
computing applications) and mobility protocols.
🕐 It can also be used for key exchange in opportunistic Internet Protocol
Security (IPSec). Palms (devices that can be held in one’s palm) are one of
the most common hand-held devices used in mobile computing.
🕐 Cryptographic security controls are deployed on these devices.
🕐 For example, the Cryptographic Provider Manager (CPM) in Palm OS5 is a
system- wide suite of cryptographic services for securing data and resources
on a palm-powered device.
🕐 The CPM extends encryption services to any application wri en to take
advantage of these capabilities, allowing the encryption of only selected
data or of all data and resources on the device.
3.7.4 LDAP (Lightweight Directory Access
Protocol) Security for Hand-Held Mobile
Computing
❖
Devices
LDAP is a software protocol for enabling anyone to locate individuals,
organizations and other resources such as les and devices on the
network
❖ In a network, a directory tells you where an entity is located in the
network.
❖ LDAP is a light code version of Directory Access Protocol (DAP)
because it does not include security features in its initial version.
 3.7.3 RAS (Remote Access Server) Security for Mobile Devices

► RAS (Remote Access Server) is an important consideration for protecting the

business- sensitive data that may reside on the employees’ mobile devices
► In terms of cybersecurity, mobile devices are sensitive. Figure 3.11 :
organization’s sensitive data can happen through mobile hand-held devices
carried by employees.
► A RAS is deployed within an organization and directly connected with the
organization's internal network and systems. Once connected with a RAS, a
user can access his or her data, desktop, application, print and/or other
supported services.
RAS is deployed within an organization and directly connected with the organization's
internal network and systems. Once connected with a RAS, a user can access his or her
.
data, desktop, application, print and/or other supported services

WAP enables the access of internet in the mobile devices.

3.7.4 Media Player Control Security
🕐 Various leading software development organizations have been warning the
users about the potential security a acks on their mobile devices through the
“music gateways.”
🕐 There are many examples to show how a media player can turn out to be a
source of threat to information held on mobile devices.
🕐 For example, in the year 2002, Microsoft Corporation warned about this.
🕐 According to this news item, Microsoft had warned people that a series of
aws in its Windows Media Player could allow a malicious hacker to hijack
people’s computer systems and perform a variety of actions.
🕐 According to this warning from Microsoft, in the most severe exploit of a aw,
a hacker could take over a computer system and perform any task the
computer’s owner is allowed to do, such as opening les or accessing certain
parts of a network.
3.7.5 Networking API Security for Mobile Computing Applications
🕐 With the advent of electronic commerce (E-Commerce) and its further o -shoot into M-
Commerce, online payments are becoming a common phenomenon with the payment
gateways accessed remotely and possibly wirelessly.
🕐 Furthermore, with the advent of Web services and their use in mobile computing
applications, the API becomes an important consideration.
🕐 Already, there are organizations announcing the development of various APIs to enable
software and hardware developers to write single applications
🕐 Most of these developments are targeted speci cally at securing a range of embedded and
consumer products, including those running OSs such as Linux, Symbian, Microsoft
Windows CE and Microsoft Windows Mobile (the last three are the most commonly used
OSs for mobile devices).
🕐 Technological developments such as these provide the ability to signi cantly improve
cybersecurity of a wide range of consumer as well as mobile devices. Providing a common
software framework, APIs will become an important enabler of new and higher value
services.
 3.8 A acks on Mobile/Cell Phones
🕐 Mobile phones have become an integral part of everbody’s life and the mobile
phone has transformed from being a luxury to a bare necessity.
🕐 Theft of mobile phones has risen dramatically over the past few years.
► Many Insurance Companies have stopped o ering Mobile Theft Insurance
due to a large number of false claim
🕐 After PC, the criminals’ (i.e., a ackers’) new playground has been cell phones,
reason being the increasing usage of cell phones and availability of Internet
using cell phones.
🕐 Another reason is increasing demand for Wi-Fi zones in the metropolitans
and extensive usage of cell phones in the youths with lack of awareness/
knowledge about the vulnerabilities of the technology.
The following factors contribute for outbreaks on mobile devices:
1. Enough target terminals: Enough terminals or more devices to a ack.
2. Enough functionality: The expanded functionality ie. o ce functionality and
applications also increases the probability of malware.
3. Enough connectivity: Smartphones o er multiple communication options,
such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN
connections.
Tips to Secure your Cell/Mobile Phone from being Stolen/Lost
Ensure to
safe place: note the following details about your cell phone and preserve it in a
1. Your phone number;
2. the make and model;
3. color and appearance details;
4. PIN and/or security lock code;
5. IMEI number.
The International Mobile Equipment Identity (IMEI)
∙ It is a number unique to every GSM, WCDMA and iDEN cell phone. It is a 15-digit
number and can be obtained by entering *#06# from the keypad.
∙ The IMEI number is used by the GSM network to identify valid devices and therefore
can be used to stop a stolen phone from accessing the network in that country.
∙ For example, if a mobile phone is stolen, the owner can call his or her service
provider and instruct them to “lock” the phone using its IMEI number.
∙ This will help to stop the usage of phone in that country, even if a SIM is changed.
► Visit the weblink h p://www.numberingplans.com/?page=analysis&sub=imeinr to
check all information about your cell phone such as manufacturer, model type and
country of approval of a handset.
Following are few antitheft software(s) available in
the market:
1. GadgetTrak: h p://www.gadge rak.com/products/mobile/
2. Back2u: h p://www.bak2u.com/phonebakmobilephone.php
3. Wavesecure: https://www.wavesecure.com/
► F-Secure: h p://www.f-secure.com/
 3.8.2 Mobile Viruses
► A mobile virus is similar to a computer virus that targets mobile phone data or
applications/software installed in it.
🕐 In total, 40 mobile virus families and more than 300(+) mobile viruses have
been identi ed.
► First mobile virus was identi ed in 2004 and it was the beginning to
understand that mobile devices can act as vectors to enter the computer
network
🕐 Mobile viruses get spread through two dominant communication protocols –
Bluetooth and MMS.
🕐 Bluetooth virus can easily spread within a distance of 10–30 m, through
Bluetooth- activated phones
🕐 MMS virus can send a copy of itself to all mobile users whose numbers are
available in the infected mobile phone’s address book.
 How to Protect from Mobile Malwares
► AFollowing
1.
acks are some tips to protect mobile from mobile malware a acks:
Download or accept programs and content (including ring tones, games,
video clips and photos) only from a trusted source.
2. If a mobile is equipped with Bluetooth, turn it OFF or set it to non-
discoverable mode when it is not in use and/or not required to use.
3. If a mobile is equipped with beam (i.e., IR), allow it to receive incoming beams,
only from the trusted source.
4. Download and install antivirus software for mobile devices.
 3.8.3 Mishing
🕐 Mishing is a combination of mobile and Phishing.
🕐 Mishing a acks are a empted using mobile phone technology.
🕐 M-Commerce is fast becoming a part of everyday life. If you use your mobile
phone for purchasing goods/services and for banking, you could be more
vulnerable to a Mishing scam.
🕐 A typical Mishing a acker uses call termed as Vishing or message (SMS)
known as
► Smishing.

🕐 A acker will pretend to be an employee from your bank or another

organization and will claim a need for your personal details.
🕐 A ackers are very creative and they would try to convince you with diferent
reasons why they need this information from you.
3.8.4 Vishing
🕐 The term is a combination of V – voice and Phishing.
🕐 Vishing is usually used to steal credit card numbers or other related data
used in ID theft schemes from individuals.
🕐 The most
include: pro table uses of the information gained through a Vishing a ack
1. ID theft;
2. purchasing luxury goods and services;
3. transferring money/funds;
4. monitoring the victims’ bank accounts;
5. making applications for loans and credit cards.
The criminal can initiate a Vishing a ack using a variety of
methods, each of which depends upon information
gathered by a criminal and criminal’s will to reach a
particular audience.
1. Internet E-Mail:
2. Mobile text messaging:
3. Voicemail:
4. Direct phone call:
EXAMPLE CALL the customers and direct it to voice call.
 Smishing
🕐 The name is derived from “SMS PhISHING.”
► SMS can be abused by using di erent methods and techniques other than
information gathering under cybercrime
► The popular technique to “hook” (method used to actually “capture” your
information) the victim is either provide a phone number to force the victim to
call or provide a website URL to force the victim to access the URL, wherein,
the victim gets connected with bogus website (i.e., duplicate but fake site
created by the criminal) and submits his/her PI.
 Hacking Bluetooth
► Bluetooth is a short-range wireless communication service/technology that
uses the 2.4- GHz frequency range for its transmission/communication
🕐 This makes Bluetooth use simple and straightforward, and it also makes
easier to identify the target for a ackers.
🕐 The a acker installs special software [Bluetooth hacking tools] on a laptop
and then installs a Bluetooth antenna.
🕐 Whenever an a acker moves around public places, the software installed on
laptop constantly scans the nearby surroundings of the hacker for active
Bluetooth connections. Once the software tool used by the a acker nds and
connects to a vulnerable Bluetooth- enabled cell phone, it can do things like
download address book information, photos, calendars, SIM card details,
make long-distance phone calls using the hacked device, bug phone calls
and much more.
Table 3.1 | Bluetooth hacking tools
1. BlueScanner: This tool enables to search for Bluetooth enable device and will try to extract as much
information as possible for each newly discovered device after connecting it with the target.

2. BlueSniff: This is a GUI-based utility for fi nding discoverable and hidden Bluetooth enabled devices.

3. BlueBugger: The buggers exploit the vulnerability of the device and access the images, phonebook,
messages and other personal information.

4.Bluesnarfer: If a Bluetooth of a device is switched ON, then Bluesnarfing makes it possible to connect to the
phone without alerting the owner and to gain access to restricted portions of the stored data.

5. BlueDiving: Bluediving is testing Bluetooth penetration. It implements attacks like Bluebug and BlueSnarf.
 3.9 Mobile Devices: Security Implications for Organizations
3.9.1 Managing Diversity and Proliferation of Hand-Held Devices
🕐 Most organizations fail to see the long-term signi cance of keeping track of
who owns what kind of mobile devices.
🕐 Mobile devices of employees should be registered to the organization.
🕐 When an employee leaves, it is important to remove logical and physical
access to organization networks.
🕐 Thus, mobile devices that belong to the company should be returned to the
IT department and, at the very least, should be deactivated and cleansed.
 3.9.2 Unconventional/Stealth Storage Devices
► Compact disks (CDs) and Universal Serial Bus (USB) drives (also called zip
drive, memory sticks) used by employees are the key factors for cyber
a acks.
🕐 It is advisable to prohibit the employees in using these devices.
► Not only can viruses, worms and Trojans get into the organization network,
but can also destroy valuable data in the organization network
► Using “DeviceLock” software solution, one can have control over
unauthorized access to plug and play devices
 3.9.3Threats through Lost and Stolen Devices
🕐 Often mobile hand-held devices are lost while people are on the move.
► Lost mobile devices are becoming even a larger security risk to corporations
🕐 The cybersecurity threat under this scenario is scary; owing to a general lack
of security
► in mobile devices, it is often not the value of the hand-held device that is
important but rather the content that, if lost or stolen, can put a company at
a serious risk of sabotage, exploitation or damage to its professional
integrity, as most of the times the mobile hand-held devices are provided by
the organization.
3.9.4 Organizational Measures for Handling Mobile
1. Encrypting Organizational Databases
❑ Critical and sensitive data reside on databases and with the advances in
technology, access to these data is possible through mobiles.
❑ Through encryption we can protect organization data.
❑ Two algorithms that are typically used to implement strong encryption of
database les: Rijndael (pronounced rain-dahl or Rhine-doll), a block
encryption algorithm, chosen as the new Advanced Encryption Standard
(AES) for block ciphers by the National Institute of Standards and Technology
(NIST).
❑ The other algorithm used to implement strong encryption of database les is
the Multi- Dimensional Space Rotation (MDSR) algorithm developed by Casio
2. Including Mobile Devices in Security Strategy
🕐 Encryption of corporate databases is not the end of everything.
🕐 For example, there are ways to make devices lock or destroy the lost data by
sending the machine a special message.
🕐 few things that organization can use are:
1. Implement strong asset management, virus checking, loss prevention and
other controls for mobile systems that will prohibit unauthorized access .
2. Investigate alternatives that allow a secure access to the company
information through a rewall, such as mobile VPNs.
3. Develop a system of more frequent and thorough security audits for mobile
devices.
4. Incorporate security awareness into your mobile training and support
programs so that everyone understands just how important an issue security
is within a company’s overall IT strategy.
5. Notify the appropriate law-enforcement agency and change passwords. User
accounts are closely monitored for any unusual activity for a period of time.
3.11 Organizational Security Policies and Measures in Mobile Computing
Era
🕐 people are storing more types of con dential information on mobile
computing devices than their employers or they themselves know; they listen
to music using their hand-held devices
🕐 One should think about not to keep credit card and bank account numbers,
passwords, con dential E-Mails and strategic information about organization.
 Operating Guidelines for Implementing Mobile Device
Security Policies
1. Determine whether the employees
mobile computing devices or not. in the organization need to use
2. Implement additional security technologies
device passwords and physical locks. like strong encryption,
3.
Standardize the mobile computing
tools being used with them. devices and the associated security
4. Develop a speci c framework for using mobile computing devices.
5. Maintain
devices. an inventory so that you know who is using what kinds of
6. Establish patching procedures for software on mobile devices.
7. Label the devices and register them with a suitable service.
8. Establish procedures to disable remote access for any mobile.
9. Remove data from computing devices that are not in use
10. Provide
devices.education and awareness training to personnel using mobile
3.12 Laptops
🕐 The thefts of laptops have always been a major issue,
cybersecurity industry and insurance company statistics. according to the
🕐 Cybercriminals are targeting
quick pro t in the black market. laptops that are expensive, to enable them to fetch a
🕐 Most laptops contain personal and corporate information that could be sensitive.
🕐 Such information can be misused if found by a malicious user.
Physical Security Countermeasures
1. Cables
safeguard andany hardwired
mobile locks:
device is The
securingmost
withcost-e
cables cient
and and
locks, ideal
speciallysolution
designedto
for laptops.
2. Laptop safes:
bulletproof Safes
windows, made
police of
riot polycarbonate
shields and –
bank the same
security material
screens – that
can is
be used
used in
to
carry and safeguard the laptops
3. Motion sensors
securing laptops. and alarms: A larms and motion sensors are very e cient in
4. Warning
identi labels
cation and
details stamps:
can be Warning
xed onto labels
the containing
laptop to tracking
deter information
aspiring thieves. and
These
labels cannot be removed easily and are a low-cost solution to a laptop theft.
Other measures for Protecting laptops are as follows:
• keeping the laptop close to oneself wherever possible;
• carrying the laptop in a di erent and unobvious bag
• creating the awareness among the employees about the sensitive information contained in
the laptop;
• making a copy of the purchase receipt of laptop
• installing encryption software to protect information stored on the laptop;
• using personal rewall software to block unwanted access and intrusion;
• updating the antivirus software regularly;
• tight o ce security using security guards and securing the laptop by locking it down in
lockers when not in use;
• never leaving the laptop una ended in public places
• disabling IR ports and wireless cards when not in use.
• Choosing a secure OS
• Registering the laptop with the laptop manufacturer to track down the laptop in case of
theft.
• Disabling unnecessary user accounts and renaming the administrator account.
• Backing up data on a regular basis.
Box 3.13 | Spy Phone Software!!!
Spy Phone software is installed on the mobile/cell phone of employees, if the employers wants to monitor phone usage.
The Spy Phone software is completely hidden from the user, once it is installed and collects all the available data such as
SMS messages, ingoing/outgoing call history, location tracking, GPRS usage and uploads the collected data to a remote
server.

The employer can simply access the designated website hosted by Spy Phone vendor, and after entering his/her account
details, he/she can have full access to all the data collected 24 hours a day, 7 days a week. The employer can access this
website through the Internet; hence, he/she can keep an eye on their employees, regardless where he/she is in the
world. The employer can read all SMS messages (both incoming and outgoing), know who they (employees) are calling or
who is calling them and where they were when the call was received.

Following are few Spy Phone Software(s) available in the market:

1. SpyPhonePlus: http://www.spyphoneplus.com/
2. FlexiSpy: http://www.flexispy.com/
3. TheSpyPhone: http://www.thespyphone.com/spyphone.html
4. Mobile Spy: http://www.mobile-spy.com/