Monitoring mobile communication network, how does it work? How to prevent such thing about that?

Similar documents
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic)

BE SAFE ONLINE: Lesson Plan

Multi-Factor Authentication FAQs

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Network Attacks. Common Network Attacks and Exploits

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

How To Protect Your Online Banking From Fraud

Detailed Description about course module wise:

The Hidden Dangers of Public WiFi

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

WEB ATTACKS AND COUNTERMEASURES

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices

A Security Survey of Strong Authentication Technologies

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

The Key to Secure Online Financial Transactions

Tips for Banking Online Safely

Basic Security Considerations for and Web Browsing

Cyber Security Awareness. Internet Safety Intro.

WHITE PAPER Usher Mobile Identity Platform

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Threat Events: Software Attacks (cont.)

National Cyber Security Month 2015: Daily Security Awareness Tips

Enterprise Mobile Threat Report

Course Content: Session 1. Ethics & Hacking

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Topics in Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

KASPERSKY FRAUD PREVENTION PLATFORM COVERING ONLINE AND MOBILE BANKING RISKS

GSM Risks and Countermeasures


Defending Against. Phishing Attacks

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

Best Practices Guide to Electronic Banking

E-Business, E-Commerce

The Benefits of SSL Content Inspection ABSTRACT

How to Identify Phishing s

A Practical Analysis of Smartphone Security*

Mobile phone security. Prof. Do van Thanh

SHORT MESSAGE SERVICE SECURITY

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Information Security. Be Aware, Secure, and Vigilant. Be vigilant about information security and enjoy using the internet

The anatomy of an online banking fraud

Marble & MobileIron Mobile App Risk Mitigation

Computer Security Maintenance Information and Self-Check Activities

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

High Speed Internet - User Guide. Welcome to. your world.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Wireless Network Security

10 Quick Tips to Mobile Security

A Characterization of Malicious Android Applications

Security Threats on National Defense ICT based on IoT

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

Security of mobile TAN on smartphones

Remote Access Securing Your Employees Out of the Office

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

WHITE PAPER. Understanding How File Size Affects Malware Detection

Introduction to Cyber Security

Phishing The latest tactics and potential business impacts

Social Media and Cyber Safety

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Countermeasures against Bots

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Trust Digital Best Practices

SecurityMetrics Vision whitepaper

Don t Fall Victim to Cybercrime:

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Payment Fraud and Risk Management

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

Cybersecurity Best Practices

Section 12 MUST BE COMPLETED BY: 4/22

Transcription:

Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘 維 亞 周 明 哲 劉 子 揚 (P78017058) (P48027049) (N96011156) 1

Contents How mobile communications work Why monitoring? Monitoring in the mobile communication network o Mobile Spy o Mobile Security Attacks based on communication network Case study : Online i-banking hacks o How does it work? o How to prevent it? 2

How mobile communications work Every day, we make calls, send messages or connect to the Internet using mobile devices but rarely stop to wonder how it all works. So what is actually going on behind the scenes to enable your mobile to do what it does? 3

How mobile communications work Mobile communications work by using low power radio waves necessary to carry speech and data. When a call is made, the signal is handed across a network of linked geographic areas called cells - hence the term cellphone - until it reaches its destination. A piece of equipment called a base station transmits signals from one cell to the next, or to land-line networks. Each cell is the area that each base station covers. Base stations are often called masts, towers or cell-sites. Mobile communication is a communication network that does not involve cable or wire connection between two entities. The current mobile communications technologies are GSM (Global System for Mobile Communications) CDMA (Code Division Multiple Access). 4

5

Why monitoring? 6

Mobile Communication Network Monitoring Application We monitor someone or system Remote Monitoring Using Wireless Cellular Networks Mobile Monitoring System for Smart Home Mobile Spy Cell Phone Monitoring Software Parental Monitoring Control We are monitored from someone Mobile Security Monitoring Smartphones for Anomaly Detection Attacks based on communication network 7

Mobile Spy Monitor Your Child or Employee Silently monitor phone surroundings, text messages, GPS locations, call details, photos, social media activity and more. Using the Internet capabilities of the phone, recorded activities, logs and GPS locations are quickly uploaded to your Mobile Spy account. To view the results, simply login to your secure account using any computer or mobile web browser. Logs are displayed by categories and sorted for easy browsing. 8

Mobile Security Mobile security or mobile phone security has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal information now stored on smartphones. All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication like SMS, MMS, Wi-Fi networks, and GSM. There are also attacks that exploit software vulnerabilities from both the web browser and operating system. Finally, there are forms of malicious software that rely on the weak knowledge of average users. Different security counter-measures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps. 9

Attacks based on communication 1 Attack based on SMS & MMS 1.1 Attack on phone system (cause malfunction) 1.2 Intercept and relay message to third party 2 Attacks based on communication networks 2.1 Attacks based on the GSM networks (IMSI-catcher) 2.2 Attacks based on Wi-Fi (Packet sniffing) 3 Attacks based on vulnerabilities in software applications 3.1 Web Browser (Phishing) 3.2 Operating System 4 Physical attacks 5 Malicious Software (Malware) 10

Attack based on SMS & MMS The attack isn t new and SMS-stealing malware is embedded in many fake mobile applications and abuses the brands of multiple banks. 11

Attacks based on the GSM networks IMSI-catcher An IMSI catcher is essentially a false mobile tower acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man In the Middle (MITM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones. A Man-in-the-Middle attack is a type of cyber attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A Man-in-the-Middle Attack allows a malicious actor to intercept, send, and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. 12

Attacks based on Wi-Fi Packet sniffing Packet sniffing is used to monitor packets traveling across a network. Packet sniffing software -- often called network monitoring software -- allows a user to see each byte of information that passes from a computer or server across the network. It can be used to detect network problems or intrusions and can also be used maliciously to try to get access to user names and passwords. 13

Attacks based on vulnerabilities in software applications Web Browser (Phishing) Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one 14

Case study : Online i-banking hacks A real case happened with several banks in Thailand Criminals usually got several hundreds thousand from each victim There are several methods of attack than have been used Man-in-middle Packet sniffing Phishing Identity stealing

Thai internet banking process Web login Transaction Request Web OTP confirm Username/Password One-Time-Password 16

Criminal s method : Trojan on mobile phone Criminal send a fake SMS to victim by using application that change phone number of sender to bank s phone number For ensure your safety, we introduce you our new i-banking app. This can help you keep your information safe while using i-banking from your mobile devices. URL:. Message contain a URL which is linked to an application installation 17

Criminal s method : Trojan on mobile phone Comparison between true and fake webpage 18

Criminal s method : Trojan on mobile phone Example of fake website 19

Criminal s method : Trojan on mobile phone Once installed, it acts as an i-banking application 20

Information stealing method Web login Transaction Request Web OTP confirm Username/Password One-Time-Password 21

Criminal has control of victim s account Web login Transaction Request Web OTP confirm Username/Password One-Time-Password 22

How to prevent it? : Client view Never download untrusted app (not certified in App store or Play store) Never input username/password into non-official application Check the site security sign information before enter any personal Don t use i-banking on the main saving account Active real-time monitor such as SMS or e-mail report 23

How to prevent it? : Company view Always inform client about untrusted app or website Release only matured version of application to prevent confusion of users Use better type of secondary identification system. (i.e. hard token) Passwords are generated offline. No communication between device and bank. Bank system calculates passcode to confirm the identity. Much safer that SMS system (soft token). 24

Thank you 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information