OCU C)OST C Discussion Lesson 10
- This topic has 7 replies, 7 voices, and was last updated 5 hours, 20 minutes ago by
.
-
Posts
-
-
-
Welcome to your last week of this course. I hope you are learning a lot. I love these cybersecurity courses, and there is a big need for people in this profession.
This last week, you will complete chapters 10 and 11 discussions, quizzes, and most importantly a devotion!
Remember to pray before, during, and after doing your work! I’m praying for you, too!
Have a great week! Please email me with any questions. ~Dr. Anthony
-
Three emerging vulnerabilities on both mobile and physical devices and their countermeasures are:
Mobile device vulnerability: Zero clicks exploits- Issues are that attackers can exploit messaging apps or system processes without user interaction. To prevent this, you can keep the OS or apps updated, disable unnecessary messaging services or use privacy focuses alternatives, and use mobile device management tools to enterprise settings to limit app permission.
Another is Physical device vulnerability: hardware backdoors in devices- Some smart homes or offices IOT devices may have some undocumented features or malicious chips ore installed during manufacturing which is quite common. To countermeasure this, you can purchase hardware only from trusted vetted vendors, do regular audit network traffic for unexpected behavior from IOT devices and or isolate Iot networks from critical business or personal data networks.
Last is Mobile and or physical device shared vulnerability: USB based attacks. Some issues with this are malicious charging stations or cables that can install malware or steal data. Countermeasures are to use USB data blockers, avoid public charging stations and use personal power banks and disable data transfer by default on mobile devices when connecting to known sources.
-
Three emerging vulnerabilities on mobile & physical devices would be phishing attacks, rogue wifi hotspots, and social engineering.
Phishing attacks come in the form of fake websites, or links via email, from mobile or physical devices where attackers use targeted messages to try to trick people into revealing personal information or clinking a link with malware, usually resulting in some way to obtain their financial information.
Rogue Wifi is where attackers set up fake wifi hotspots in order to direct network traffic their and intercept and obtain sensitive data from users.
Social engineering in infosec, the best way i can explain it is catfishing. Manipulating people in attempt to gain information about them. Basically building up a case file on people, info gathering, gaining access to their systems, and sometimes fraud.
Countermeasures to reduce these vulnerabilities would be virtual private networks on any outside/ public network connections, data encryption, and enabling multiple firewalls as a deterrent, MFA, and constant user education as new threats and techniques to implement them continue to emerge.
-
Assessing the vulnerabilities of mobile and physical devices and can be helpful for coming up with ways to prevent attacks that exploit those vulnerabilities.
One vulnerability involves the type of network used on a mobile or physical device. If someone is connected to a public network or is simply sharing information insecurely, that leaves the device vulnerable to attacks. To prevent this, it can be helpful to use virtual private networks and encrypted messaging so that the messages cannot be intercepted (Cyserch, n.d.). Users, who may not know about these options or vulnerabilities, should be informed on how they can use their devices more securely.
A vulnerability that can easily come up on mobile devices involves configuring app permissions (Cyserch, n.d.). When someone downloads an app, the app typically sends some pop-ups asking for certain permissions. It can be easy to just say yes to all of them, but this is not safe. Some permissions must be enabled to use the app. For example, it makes sense that the camera app needs permission to take photos and videos and access photo and video files. However, if a new weather app or gaming app is asking for it, this should probably be denied. As a result, users should be informed that they should check their app permissions regularly to make sure they are only enabling the permissions that are absolutely necessary (Cyserch, n.d.).
Finally, the physical theft of someone’s device is a big device threat (Cyserch, n.d.). Naturally, physical measures should be in place so that devices are not stolen, but if those fail, there should be other measures in place. For example, encrypting the data on a device, placing strong authentication measures, and enabling remote wipes on a device can prevent someone from being able to steal the information even if they have the device with them (Cyserch, n.d.).
There are many potential vulnerabilities to devices that should be acknowledged, but there are also many ways to protect information. There is not one method that can make everything secure, but using a combination of security measures can prevent a lot of attacks.
References
Cyserch. (n.d.). Common Vulnerabilities in Mobile: An In-Depth Guide. Retrieved May 9, 2025 from https://www.cyserch.com/blog/Common-Vulnerabilities-in-Mobile-:-An-In-Depth-Guide-
Excellent post Isabella,
Unsecured public networks as well as rouge wifi are both ways users open themselves up to making their devices vulnerable to attack and potentially permit data to be stolen.
I completely agree there may not be a way to ever be invulnerable to attacks, but with proper education you can prevent many attacks. With viruses and malware attacks everchanging it is crucial to stay ahead of the game and on the cutting edge when it comes to new protection measures as well.
-
-
Just as I mentioned in last weeks discussion. One of the largest issues with anyone who is using a device on public Wi-Fi. It can lead to so many different attacks on your devices. I would strongly advise anyone to NEVER use public Wi-Fi or any sort of open connection.
The second problem I can see is back-door vulnerabilities in the device itself. These could be prevented by ensuring your device is up to date, and regular security updates are being applied to your device. I would say checking once a week, is a good place to start. Depending on what kind of device and how popular or large the brand is the regularity in updates can vary.
The third largest issue I see is, theft. Leaving a Mobile device out and about with no password protection or some sort of log in function is very dangerous. Imagine how much personal data/apps could be accessed. Such as, banking apps, email, etc. The easiest and simplest way I can see to prevent this would be to apply at the very least a 4 digit pin to your device to even be accessed. While biometrics are great. I have seen a fair share of articles recently with apple products being specifically targeted because they suffer from vulnerabilities in the biometric readers.
-
Emerging vulnerabilities are on the rise, especially as mobile and physical devices become more connected. Here are three key threats and how to guard against them:
1. Malicious mobile apps:
Some apps on official stores are designed to steal data or spy on users.
Countermeasure: Only download trusted apps, check reviews, limit permissions, and keep your phone updated.2. USB skimming (juice jacking):
Public charging stations can be used to steal your data through USB connections.
Countermeasure: Use a USB data blocker or carry your own charger and power bank.3. Smart device exploits:
Smart home devices like cameras or locks can be hacked if left unsecured.
Countermeasure: Change default passwords, enable two-factor authentication, and update firmware regularly.Staying alert and intentional can make all the difference. These practical steps help protect what matters—both physically and digitally.
-
- You must be logged in to reply to this topic.
