Mobile Phone Security Threats and Safetymeasures

Mobile Device and Data Security Threats:

• Threats related to unauthorised or intentional physical access to mobile phone and Lost or Stolen mobile phones.
• Threats related to mobile phone connectivity to unknown systems, phones and networks using technologies like Bluetooth, WiFi, USB etc.
• Threats arising from vulnerabilities in Mobile Applications and Operating Systems .

Mobile Connectivity Security Threats

• Mobile Application and Operating System Security Threats Typical impact of attacks against Mobile Phones
• Exposure or Loss of user's personal Information/Data, stored/transmitted through mobile phone.
• Monetary Loss due to malicious software unknowingly utilizing premium and highly priced SMS and Call Services.
• privacy attacks which includes the tracing of mobile phone location along with private SMSs and calls without user’s knowledge.
• Loosing control over mobile phone and unknowingly becoming zombie for targeted attacks.

Mitigation against Mobile Device and Data Security Attacks

• Record IMEI number:
• Record the unique 15 digit IMEI number. In case Mobile phone is stolen/lost, this IMEI number is required for registering complaint at Police station and may help in tracking your mobile phone through service provider.

Do’s and don’ts for Mobile Device Enable Device locking:

• Use autolock to automatically lock the phone or keypad lock protected by passcode/ security patterns to restrict acess to your mobile phone.
• Use a PIN to lock SIM card:
• Use a PIN (Personal Identification Number) for SIM (Subscriber Identity Module) card to prevent people from making use of it when stolen. After turning on SIM security, each time phone starts it will prompt to enter SIM PIN.
• Use password to protect information on the memory card.

Report lost or stolen devices

• Report lost or stolen devices immediately to the nearest Police Station and concerned service provider. Use mobile tracking feature.
• Use the feature of Mobile Tracking which could help if the mobile phone is lost/stolen. Every time a new SIM card is inserted in the mobile phone, it would automatically send messages to two preselected phone
• numbers of your choice, so you can track your mobile device.

Don’ts:

• Never leave your mobile device unattended.
• Turn off applications [camera, audio/video players] and connections [Bluetooth, infrared, Wi-Fi] when not in use. Keeping the connections on may pose security issues and also cause to drain out the battery.

Mobile Phone Data Security:
Do’s:

• Backup data regularly
• Backup data regularly and set up your phone such that it backs up your data when you sync it. You can also back up data on a separate memory card. This can be done by using the Vendor’s document backup procedure.
• Reset to factory settings:
• Make sure to reset to factory settings when a phone is permanently given to another user to on sure that personal data in the phone is wiped out.

Bluetooth:
Mitigation against Mobile Connectivity Security Attacks
Do’s:

• Use Bluetooth in hidden mode so that even if the device is using Bluetooth it is not visible to oth- ers.
• Change the name of the device to a different name to avoid recognition ofyour Mobile phone model.
• Note: The default name will be the mobile model number for Bluetooth devices.
• Put a password while pairing with other devices. The devices with the same password can connect to your computer
• Disable Bluetooth when it is not actively transmitting information.
• Use Bluetooth with temporary time limit after which it automatically disables so that the device is not available continuously for others.

Back up Don’ts:

• Never allow unknown devices to connect through Bluetooth.
• Never switch on Bluetooth continuously.
• Never put Bluetooth in always discoverable mode.

Note: Attackers can take advantage of its default always on, always discoverable settings to launch attacks.
Bluetooth is a wireless technology that allows different devices to connect to one another and share data, such as ringtones or photos. Wireless signals transmitted with Bluetooth cover short distances, typically 30 feet (10 meters).

Wi-Fi :

• Wi-Fi is short for “Wireless Fidelity.” Wi-Fi refers to wireless networking technology that allows computers and other devices to communicate over a wireless signal.
• Many mobile devices, video game systems, and other standalone devices also include Wi-Fi capability, enabling them to connect to wireless networks. These devices may be able to connect to the Internet using Wi-Fi.

Do's:
Connect only to the trusted networks.

• Use Wi-Fi only when required. It is advisable to switch off the service when not in use.
• Beware while connecting to public networks, as they may not be secure.

Don’ts:

• Never connect to unknown networks or untrusted networks.

Mobile as USB:
The mobile phones can be used as USB memory devices when connected to a computer. A USB cable is provided with the mobile phone to connect to computer. Your mobile’s phone memory and memory stick can be accessed as USB devices.

• Your mobile’s phone memory and memory stick can be accessed as USB devices.

Do’s:

• When a mobile phone is connected to a personal computer, scan the external phone memory and memory card using an updated anti virus.
• Take regular backup of your phone and external memory card because if an event like a system crash or malware penetration occurs, at least your data is safe.
• Before transferring the data to Mobile from computer, the data should be scanned with latest Antivirus with all updates.

Don’ts:

• Never keep sensitive information like user names/passwords on mobile phones.
• Never forward the virus affected data to other Mobiles.

Mitigation against Mobile Application and Operating System Attacks:

• Application and Mobile Operating System.
• Update the mobile operating system regularly.
• Upgrade the operating system to its latest version.
• Always install applications from trusted sources.
• Consider installing security software from a reputable provider and update them regularly.
• It’s always helpful to check the features before downloading an application. Some applications may use your personal data.
• If you’re downloading an app from a third party, do a little research to make sure the app is reputable.
• Location tracking services allow the whereabouts of registered cell phones to be known and monitored. While it can be done openly for legitimate purposes, it may also be used for malicious purposes.
• Check the source of all your files and apps to make sure they’re safe before you download.

How to keep your Credit/Debit Card Safe

Whenever you receive the card from the bank make sure the mail is completely sealed and there is no damage.
• Whenever you receive the card from the bank immediately sign on the card.
• Try to cover the last three digit number on the card.
• Register your phone number to check the account transactions.
• Change the pin number immediately.

Secure usage of credit/Debit cards at Shopping malls and Restaurants
• Always keep an eye how the vendor swipe your card.
• Always make sure that the transactions happen at your presence.
• Never sign a blank credit card receipt. Carefully draw a line through blank portions of the receipt where additional charges could be fraudulently added.
• Don’t give away your personal information in the survey forms given in restaurants/shopping malls

Secure usage of credit / Debit card over internet
• Always use secure websites for transaction and shopping.
• Please look for signs of security.
Identify security clues such as a lock image at the bottom of your browser, a URL that begins with https:
( These signs indicates that your purchases are secured with encryption to protect your account information)
• Always shop with merchants you know and trusts.
• Always log off from any website after completing online transaction with your credit / debit card and delete the browser cookies.
• Treat all e-mail messages with suspicion to avoid phishing scams. Do not respond to e-mail messages asking for personal information including financial information, as banks do not ask
for such information.
• Never send payment information via e-mail. Information that travels over the Internet (such as e-mail) may not fully protected from being read by outside parties.
• Please be careful when providing personal information online.
• Please beware of promotional scams. Identity thieves may use phony offers asking for your personal information.
• Please keep your passwords secret. Some online stores may require you to register with them via a username and password before buying. Online passwords should be kept secret from out
side parties the same way you protect your ATM PIN.
• Always make sure to use the virtual keyboard for netbanking.

DO’s
• Before you use an ATM, please ensure that there are no strange objects in the insertion panel of the ATM.( to avoid skimming)
• Shield the ATM pin number during transaction. Don’t carry the transaction receipts along.
• Please change your ATM PIN once in every 3 months. As advised by banks.
• Keep your credit card receipts to guard against transaction frauds, check your receipts against your monthly statement.
• Only carry around credit cards that you absolutely need.
• Shred anything that contain your credit card number written on it, specially bills.
• Inform  to your credit card issuers well in advance of your change of address, then you change home address.
• If you lose your credit card, please report the loss immediately.
• When you dispose a card at the time of renewal/upgradation, please make sure to cut it diagonally before disposal.

Don’ts
• Don’t accept the card received directly from bank in case if it is damaged or packet seal is open.
• Don't write your PIN number on your credit card.
• Don't carry around extra credit cards that you rarely use.
• Don’t disclose your Credit Card Number/ATM PIN to anyone.
• Don’t hand over the card to anyone, even if he/she claims to represent the Bank.
• Don’t get carried away by strangers who try to help you use the ATM machine.
• Don’t use the ATM machines if the device is not in good conditions.
• Don’t transfer or share your account details with unknown/non validated source.
• Don’t access Netbanking or make payment using your Credit/Debit card from shared or unprotected computers in public places.
• Don’t open unexpected e-mail attachments from unexpected sources or instant message down load links. Delete suspicious e-mail immediately.
• Don't give out your account number over the phone unless you initiate the call and you know the company is reputable. Never give your credit card info out when you receive a phone call. ( This is
called Vishing )
• Don’t provide your credit card information on a website that is not a secure site.
• Don’t share any confidential information such as password, customer id, Debit card number, Pin CVV2, DOB to any email requests, even if the request is from government authorities like Income
Tax department, RBI or any card association company like VISA or Master card.
• Don’t address or refer to your bank account problems or your account details and password on social networking site or blogs.
• Don’t store critical information like your ATM PIN number on your mobile phone.

Tabnabbing A New Security Threat

Tabnabbing A New Type of Phishing Attack
A new phishing technique called as "Tabnabbing" Which is getting very popular now a days.

What is Tabnabbing? 
Tabnabbing is a new type of phishing attack. It is basically refers to a website that is changing its look and feels to a fake website after some time of inactivity. It is about a page we have been looking at, but will change behind our backs.

How The Attack Works?
A user navigates to a normal looking website. A custom code detects when the page has lost its focus and has not been interacted with for a while. The favicon gets replaced with that of Gmail (or any other website), while the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.

As the user scans their many open tabs, the favicon and title can easily fool the user to simply think he left a Gmail tab open. And when he clicks back to the fake Gmail tab, he will see the standard Gmail login page, assume he has been logged out, and provide his credentials to log in. The attack preys on the perceived immutability of tabs.

After the user has entered their login information in this fake page, his username and password will be sent to remote user and he will be redirected to Gmail as in normal Phishing attack.


Commonly Targeted Web sties 
These attacks are commonly target towards online Banking websites. All most all banking websites have a security feature in which "If you have logged into your online Banking account and left it idle for a few minutes, it automatically logs you out as a security precaution". So here at this point hackers are attacking the users using this feature Tabnabbing. It is very handy in attacking users of online banking because the users feel that he/she would have logged in to the bank account and the session has expired.


How Can You Protect Yourself From This Attack ?
You can protect yourselves from this attack by using Firefox Browser. Firefox has lots of addons (plugins) which can protect you from this attack or any other phishing attack , if you are thinking of your safety on internet stop using those browsers, switch to Firefox immediately.

Some of the Best Anti-phishing Fire Fox addons are listed below you can use them for your safety

1. Wot 
2. Don't Phish me 
3. Netcraft 
4. FirePhish