HANOI UNIVERSITY OF SCIENCE AND

TECHNOLOGY
School of Information And Communication Technology

PROJECT REPORT
SECURITY RISKS ON MOBILE DEVICES USED
FOR REMOTE WORK

Supervisor : Nguyen Duc Toan

Student : Đào Trung Dũng – 20194743

Hanoi, 1/2023
 TABLE OF CONTENT

PROJECT REPORT................................................................................1
A. INTRODUCTION.............................................................................2
B. Mobile devices in remote work..........................................................3
C. Vulnerability......................................................................................5
D. Type of attack mobile devices can face.............................................7
E. Some attack in practice......................................................................8
I. Phishing attack................................................................................8
i. An simple phishing attack:...........................................................9
ii. Some tips for protecting yourself from phishing attacks:...........10
iii. Anti-phishing solutions..............................................................11
II. Man-in-the-middle attack..............................................................13
i. Key Concepts of a Man-in-the-Middle Attack...........................14
ii. An example MitM attack:...........................................................14
iii. MitM Prevention........................................................................19

A. INTRODUCTION
In a world reshaped by technology, the office desk has shrunk to fit in our
pockets. Laptops have migrated to coffee shops, tablets nestle between bedtime
stories, and smartphones hum with the pulse of work emails and conference
calls. The mobility revolution has redefined productivity, granting us the
freedom to work anytime, anywhere. But with this untethered access comes a
chilling undercurrent of anxiety: the vulnerability of our digital lives on slender
screens held in our palms. The security risks lurking in the mobile workplace
threaten not just personal data, but the very fabric of corporate trust and
professional success.

This essay delves into the labyrinthine world of mobile device security in the
remote work era, exploring the treacherous pathways of malware infestations,
phishing scams, and unauthorized access, while illuminating the beacons of
defense through proactive policies, vigilant awareness, and robust technological
solutions. Prepare to navigate the intricate dance between convenience and
caution, where securing our mobile devices becomes the paramount skill in the
game of digital survival.

B. Mobile devices in remote work

1. Stay Connected and Communicate:
Video conferencing: Tools like Zoom, Google Meet, and Skype allow you to
have face-to-face meetings with colleagues and clients, regardless of location.
Instant messaging: Chat apps like Slack and Microsoft Teams keep you in
touch with your team in real-time, facilitating quick discussions and updates.
Email and document sharing: Access your email, manage documents, and
collaborate on projects with cloud-based platforms like Google Drive,
Dropbox, and Microsoft OneDrive.

2. Boost Productivity and Manage Tasks:

Project management apps: Tools like Asana, Trello, and Monday.com help
you organize your tasks, set deadlines, and track your progress, keeping you
on top of your workload.
Time management apps: Utilize apps like RescueTime and Toggl Track to
monitor your time spent on different tasks, identify areas for improvement,
and stay focused.
Note-taking apps: Evernote, OneNote, and Google Keep let you capture ideas,
jot down notes, and create to-do lists, keeping your thoughts organized and
readily accessible.

3. Access Information and Stay Informed:

News and media apps: Stay updated with industry news, market trends, and
relevant information through news apps and online publications.
Learning and development apps: Platforms like LinkedIn Learning, Coursera,
and Udemy offer online courses and training programs to help you expand
your skills and knowledge.
Company intranet and internal communication apps: Access company
documents, policies, and announcements, and stay connected with internal
updates and communications.

4. Enhance Creativity and Brainstorming:

Mind mapping apps: Tools like Mindly and XMind help you visually
organize your thoughts, ideas, and connections, fostering creative problem-
solving and brainstorming sessions.
Design and editing apps: Mobile apps like Canva and Adobe Spark allow you
to create presentations, graphics, and social media content on the go.
Music and audio creation apps: If your work involves audio editing or music
production, mobile apps like GarageBand and FL Studio offer powerful tools
for on-the-go creativity.

5. Facilitate Document Scanning and Signing:

Scanning apps: Scan documents, receipts, and contracts using your mobile
camera, convert them to PDFs, and store them digitally for easy access and
reference.
E-signature apps: Sign documents electronically with apps like DocuSign and
Adobe Sign, streamlining workflows and eliminating the need for printing and
physical signatures.

C. Vulnerability
The convenience of working from anywhere with your mobile device comes
with a hidden cost: increased vulnerability. Compared to traditional
desktops, these pocket-sized workhorses often have limitations that make
them more susceptible to security threats. Let's explore some key areas of
concern:

1. Hardware and Software Limitations:

Processing Power: Mobile devices have less processing power than

desktops, making them slower to handle complex tasks and potentially more
susceptible to brute-force attacks. Imagine a thief trying to pick a lock – a
flimsy doorknob would be much easier to break than a heavy-duty deadbolt.

Limited Storage: With less storage space, mobile devices are more likely to
run out of memory, which can lead to performance issues and
vulnerabilities. Think of it like a cluttered desk – the more stuff you have
piled up, the easier it is for something important to get lost or stolen.

Operating System Security: Mobile operating systems like iOS and

Android, while constantly evolving, may have inherent vulnerabilities
compared to established desktop systems like Windows or macOS. It's like
building a fort – newer materials and designs might be better overall, but
there's always a chance a new weakness gets discovered.

2. Unsecured Public Wi-Fi:

Remote workers often rely on public Wi-Fi networks in cafes, airports, or

libraries. These networks, however, are notorious for being insecure. Think
of it like an open house – anyone can walk in and see what's happening.
This exposes sensitive data to eavesdropping, where attackers can intercept
your communications and steal information like passwords or financial data.
Even worse are man-in-the-middle attacks, where hackers create a fake Wi-
Fi network that looks legitimate. When you connect, your data is routed
through the hacker's device, giving them access to everything you send and
receive. It's like a hidden tunnel under a bridge – you think you're taking the
normal route, but you're actually being diverted to a dangerous location.

3. Uncontrolled App Ecosystems:

Both official and third-party app stores may contain malicious apps. These
apps can steal data, track your activities, or even compromise your device
security. Imagine a supermarket where some products are intentionally
poisoned – you wouldn't know which ones to avoid unless you're very
careful. Malicious apps often disguise themselves as legitimate productivity
tools or games, making it even harder to spot them.

D. Type of attack mobile devices can face

1. Malware:
This malicious software can sneak onto your device through various means,
like infected apps, phishing links, or even unsecured Wi-Fi. Once installed,
malware can steal your data, hijack your device, send spam, or even harm
your device's functionality.

2. Phishing:
These deceptive attempts lure you into revealing personal information or
clicking malicious links, often disguised as legitimate sources like banks or
social media platforms. Be wary of suspicious messages, typos, and urgent
requests for information.

3. Social engineering:
Attackers exploit human psychology to trick you into compromising your
security. This could involve convincing you to download malware, share
sensitive information, or disable security features. Stay vigilant and never
share personal details with unverified sources.

4. Man-in-the-middle (MitM) attacks:

These occur when a hacker intercepts communication between your device
and another source, like a website or app. They can eavesdrop on your
conversations, steal data, or even inject malware into your device. Use secure
connections (HTTPS) and avoid public Wi-Fi for sensitive activities.

5. Zero-day attacks:
These exploit previously unknown vulnerabilities in software or operating
systems, making them particularly dangerous as no security patches exist yet.
Keep your software and apps updated to minimize this risk.

E. Some attack in practice

I. Phishing attack
“Phishing” refers to an attempt to steal sensitive information, typically in the
form of usernames, passwords, credit card numbers, bank account
information or other important data in order to utilize or sell the stolen
information. By masquerading as a reputable source with an enticing request,
an attacker lures in the victim in order to trick them, similarly to how a
fisherman uses bait to catch a fish.
Here are some common types of phishing attacks:

 Email phishing: This is the most common type of phishing attack.

Phishers will send you an email that looks like it's from a legitimate
source, such as your bank or a credit card company. The email will
often warn you of a problem with your account and urge you to click
on a link to fix it. The link will take you to a fake website that looks
like the real website, but it's actually controlled by the phisher. Once
you enter your personal information on the fake website, the phisher
can steal it.
 Smishing: This is phishing done via text message. The text message
will often look like it's from a legitimate source, such as your bank or
a delivery company. The text message will often warn you of a
problem with your account or package and urge you to click on a link
to fix it. The link will take you to a fake website that looks like the real
website, but it's actually controlled by the phisher. Once you enter
your personal information on the fake website, the phisher can steal it.
 Vishing: This is phishing done over the phone. The phisher will call
you and pretend to be from a legitimate source, such as your bank or a
tech support company. The caller will often tell you that there's a
problem with your account or computer and ask you for your personal
information. Once they have your information, they can use it to steal
your money or identity.

i. An simple phishing attack:

Step 1: Send an message to the target that contain the link to a website that is
similar to an Google sign in form.
Step 2: The victim go to the website through the link.

Step 3: The victim fill the information to sign-in.

Step 4: The attacker will collect victim’s credential.

The victim is send to the real Google website and will not notice that they
just send their information to attacker.
 Step5: The attacker use victim’s credential to perform illegal actions.

ii. Some tips for protecting yourself from phishing attacks:

 Be careful about the emails, text messages, and phone calls you
receive. Don't click on any links or open any attachments unless you're
sure they're from a legitimate source.
 If you're unsure whether an email, text message, or phone call is
legitimate, contact the sender directly to verify.
 Never give out your personal information, such as your passwords or
credit card numbers, in response to an email, text message, or phone
call.
 If you think you've been the victim of a phishing attack, report it to the
sender and change your passwords immediately.

Even though the user has being careful, there is a chance that the
user can be deceived by the phisher to visit the phishing web page.

iii. Anti-phishing solutions

1. IP packet analysis: inspecting IP packets in which HTTP Get requests are
intercepted after the packets are filtered

2. User authentication.
 Password management
 Interface verification
 QR code-based authentication

3. SMS interception: The goal is creating a native SMS application that has
two receivers that are static in which third-party applications cannot
haveaccess to particular secure SMS.

4. Cloud security service: The host application will gather files from the
mobile device and will deliverthem to the network service so it can
determine whether they contain malicious code or objects.
5. Visual similarity: detecting repackaged applications that appear similar
using an application database for applications that are stored in a
depository.

6. Static analysis: statically checking of web pages and URLs is performed

to classify benign or malicious mobile webpages.

7. Machine learning approach:

 URL classification: Each URL iscategorized as phishing (positive)
or benign (nega-tive) after being collected from a batch
scriptexecution.
 API log data mining: Programs are identified as malicious or
benignbased on API call behavior analysis.
 SMS mining

8. Risk analysis approach: Each application is analyzed with a set of

modules created to detect high-risk or medium-risk behaviors.

9. Hardening setup: focuses on protecting user input confidentiality ona

mobile banking application and phishing protec-tion by hardening the
setup.

II. Man-in-the-middle attack

A man-in-the-middle attack is a type of eavesdropping attack, where
attackers interrupt an existing conversation or data transfer. After inserting
themselves in the "middle" of the transfer, the attackers pretend to be both
legitimate participants. This enables an attacker to intercept information and
data from either party while also sending malicious links or other
information to both legitimate participants in a way that might not be
detected until it is too late.

You can think of this type of attack as similar to the game of telephone
where one person's words are carried along from participant to participant
until it has changed by the time it reaches the final person. In a man-in-the-
middle attack, the middle participant manipulates the conversation unknown
to either of the two legitimate participants, acting to retrieve confidential
information and otherwise cause damage.

i. Key Concepts of a Man-in-the-Middle Attack

 Are a type of session hijacking

 Involve attackers inserting themselves as relays or proxies in an ongoing,
legitimate conversation or data transfer
 Exploit the real-time nature of conversations and data transfers to go
undetected
 Allow attackers to intercept confidential data
 Allow attackers to insert malicious data and links in a way
indistinguishable from legitimate data
ii. An example MitM attack:
a) ARP Poisoning
The Address Resolution Protocol (ARP) exists to support the layered
approach used since the earliest days of computer networking. The
purpose of ARP is to translate between addresses at the data link layer –
known as MAC Addresses – and addresses at the network layer, which are
typically IP addresses. It allows networked devices to “ask” what device is
currently assigned a given IP address. Devices can also announce this
mapping to the rest of the network without being prompted. For
efficiency’s sake, devices will typically cache these responses and build a
list of current MAC-to-IP mappings.

ARP Poisoning consists of abusing the weaknesses in ARP to corrupt the

MAC-to-IP mappings of other devices on the network. Security was not a
paramount concern when ARP was introduced in 1982, so the designers of
the protocol never included authentication mechanisms to validate ARP
messages. Any device on the network can answer an ARP request,
whether the original message was intended for it or not. For example, if
Computer A “asks” for the MAC address of Computer B, an attacker at
Computer C can respond and Computer A would accept this response as
authentic. This oversight has made a variety of attacks possible. By
leveraging easily available tools, a threat actor can “poison” the ARP
cache of other hosts on a local network, filling the ARP cache with
inaccurate entries.

b) Ettergrap and Wireshark

This example will use a GUI MitM tool known as Ettercap. Ettercap
enables us to place ourselves in the middle between two machines and
then: delete traffic, sniff passwords, infect the traffic with malware, …

Wireshark is a network packet analyzer. A network packet analyzer

presents captured packet data in as much detail as possible.

c) Perform the attack

Step 1: Get in the same wifi connection with the target device. Get the IP
address of the target device.
 Here the IP address of the wifi router is: 192.168.100.1, address of the
mobile device is: 192.168.100.4.

Step 2: Using Ettercap to place ourselves between the two targets systems

Now all their traffic must flow through us. we can now delete, manipulate,
impersonate and view all their traffic.

Step 3: Using wireshark to capture packets send through two targets.

Step 4: The mobile device will access to an website that require an
authentication process.
Step 5: Use the wireshark to capture and analyze the packet:
Here the packet that contain the credential of the victim.

Analyze the packet to get the information abbout the web page that mobile
device just connect.

And also the information that victim just use to sign-in:

iii. MitM Prevention

 Use HTTPS and SSL: HTTPS encrypts the data and ensures its
integrity and authenticity, while SSL verifies the identity of the server
and the client.

 Pin the certificate: Certificate pinning is a technique that enhances the

security of HTTPS and SSL by hardcoding the expected certificate or
its public key in the app. This way, the app can compare the certificate
received from the server with the one embedded in the app and reject
any connection that does not match.

 Validate the hostname: To validate the hostname, you need to

implement a custom hostname verifier in your app that checks if the
hostname matches the one in the certificate's subject alternative name
(SAN) field.

 Use strong encryption and hashing: Encryption and hashing can

prevent MITM attackers from accessing, modifying, or tampering with
the data

 Use VPN: This encryption stops the MITM attack from infiltrating
your network traffic. Even if a criminal manages to access your
network, the encrypted data blocks them from reading your messages
or knowing which websites you’re going to.

 Education: Educate staff members, particularly remote workers, about

the dangers of a MITM attack. Let them know best practices, such as
implementing a VPN, before going online and advise them to avoid
public Wi-Fi networks.