OCU C)OST C Discussion Lesson 10
- This topic has 14 replies, 8 voices, and was last updated 2 weeks, 6 days ago by
.
-
Posts
-
-
-
Welcome to your last week of this course. I hope you are learning a lot. I love these cybersecurity courses, and there is a big need for people in this profession.
This last week, you will complete chapters 10 and 11 discussions, quizzes, and most importantly a devotion!
Remember to pray before, during, and after doing your work! I’m praying for you, too!
Have a great week! Please email me with any questions. ~Dr. Anthony
-
Three emerging vulnerabilities on both mobile and physical devices and their countermeasures are:
Mobile device vulnerability: Zero clicks exploits- Issues are that attackers can exploit messaging apps or system processes without user interaction. To prevent this, you can keep the OS or apps updated, disable unnecessary messaging services or use privacy focuses alternatives, and use mobile device management tools to enterprise settings to limit app permission.
Another is Physical device vulnerability: hardware backdoors in devices- Some smart homes or offices IOT devices may have some undocumented features or malicious chips ore installed during manufacturing which is quite common. To countermeasure this, you can purchase hardware only from trusted vetted vendors, do regular audit network traffic for unexpected behavior from IOT devices and or isolate Iot networks from critical business or personal data networks.
Last is Mobile and or physical device shared vulnerability: USB based attacks. Some issues with this are malicious charging stations or cables that can install malware or steal data. Countermeasures are to use USB data blockers, avoid public charging stations and use personal power banks and disable data transfer by default on mobile devices when connecting to known sources.
-
Hello, Carlos! The mobile and physical vulnerabilities you mentioned are quite interesting. Your example with hardware backdoors in devices really shows the importance of buying from trusted vendors and viewing the behavior of devices. The USB attack you mentioned can be especially dangerous when the device automatically opens the USB that is plugged in. That is why sometimes this automation should be turned off, especially when many people will have access to the device. Great work this course.
-
-
Three emerging vulnerabilities on mobile & physical devices would be phishing attacks, rogue wifi hotspots, and social engineering.
Phishing attacks come in the form of fake websites, or links via email, from mobile or physical devices where attackers use targeted messages to try to trick people into revealing personal information or clinking a link with malware, usually resulting in some way to obtain their financial information.
Rogue Wifi is where attackers set up fake wifi hotspots in order to direct network traffic their and intercept and obtain sensitive data from users.
Social engineering in infosec, the best way i can explain it is catfishing. Manipulating people in attempt to gain information about them. Basically building up a case file on people, info gathering, gaining access to their systems, and sometimes fraud.
Countermeasures to reduce these vulnerabilities would be virtual private networks on any outside/ public network connections, data encryption, and enabling multiple firewalls as a deterrent, MFA, and constant user education as new threats and techniques to implement them continue to emerge.
-
Hi James,
You’re absolutely right. Phishing, rogue Wi-Fi hotspots, and social engineering are real and growing threats in today’s world. As attackers get more bold and sophisticated, it’s important to stay ahead with tools like VPNs, encryption, multi-factor authentication, and strong firewalls, along with continuous user education to help recognize and avoid these evolving threats.
-
Hi James,
Your analysis of new risks on mobile and physical devices is very insightful. Phishing attacks, fake Wi-Fi hotspots, and social engineering are serious threats today.
I agree that phishing attacks trick people and target your personal information. Then a fake Wi-Fi attacker is a concern in public areas. As many people are susceptible to these methods. I have heard of people being tricked by catfishing methods which can lead to fraud.
For people to reduce risks they could use a virtual private network (VPNs) for public network connections, encrypting data, setting up multiple firewalls, using multi-factor authentication (MFA), and continuously educating users are essential. As new threats and techniques emerge, we must stay informed and vigilant is crucial for security
-
-
Assessing the vulnerabilities of mobile and physical devices and can be helpful for coming up with ways to prevent attacks that exploit those vulnerabilities.
One vulnerability involves the type of network used on a mobile or physical device. If someone is connected to a public network or is simply sharing information insecurely, that leaves the device vulnerable to attacks. To prevent this, it can be helpful to use virtual private networks and encrypted messaging so that the messages cannot be intercepted (Cyserch, n.d.). Users, who may not know about these options or vulnerabilities, should be informed on how they can use their devices more securely.
A vulnerability that can easily come up on mobile devices involves configuring app permissions (Cyserch, n.d.). When someone downloads an app, the app typically sends some pop-ups asking for certain permissions. It can be easy to just say yes to all of them, but this is not safe. Some permissions must be enabled to use the app. For example, it makes sense that the camera app needs permission to take photos and videos and access photo and video files. However, if a new weather app or gaming app is asking for it, this should probably be denied. As a result, users should be informed that they should check their app permissions regularly to make sure they are only enabling the permissions that are absolutely necessary (Cyserch, n.d.).
Finally, the physical theft of someone’s device is a big device threat (Cyserch, n.d.). Naturally, physical measures should be in place so that devices are not stolen, but if those fail, there should be other measures in place. For example, encrypting the data on a device, placing strong authentication measures, and enabling remote wipes on a device can prevent someone from being able to steal the information even if they have the device with them (Cyserch, n.d.).
There are many potential vulnerabilities to devices that should be acknowledged, but there are also many ways to protect information. There is not one method that can make everything secure, but using a combination of security measures can prevent a lot of attacks.
References
Cyserch. (n.d.). Common Vulnerabilities in Mobile: An In-Depth Guide. Retrieved May 9, 2025 from https://www.cyserch.com/blog/Common-Vulnerabilities-in-Mobile-:-An-In-Depth-Guide-
Excellent post Isabella,
Unsecured public networks as well as rouge wifi are both ways users open themselves up to making their devices vulnerable to attack and potentially permit data to be stolen.
I completely agree there may not be a way to ever be invulnerable to attacks, but with proper education you can prevent many attacks. With viruses and malware attacks everchanging it is crucial to stay ahead of the game and on the cutting edge when it comes to new protection measures as well.
-
-
Just as I mentioned in last weeks discussion. One of the largest issues with anyone who is using a device on public Wi-Fi. It can lead to so many different attacks on your devices. I would strongly advise anyone to NEVER use public Wi-Fi or any sort of open connection.
The second problem I can see is back-door vulnerabilities in the device itself. These could be prevented by ensuring your device is up to date, and regular security updates are being applied to your device. I would say checking once a week, is a good place to start. Depending on what kind of device and how popular or large the brand is the regularity in updates can vary.
The third largest issue I see is, theft. Leaving a Mobile device out and about with no password protection or some sort of log in function is very dangerous. Imagine how much personal data/apps could be accessed. Such as, banking apps, email, etc. The easiest and simplest way I can see to prevent this would be to apply at the very least a 4 digit pin to your device to even be accessed. While biometrics are great. I have seen a fair share of articles recently with apple products being specifically targeted because they suffer from vulnerabilities in the biometric readers.
-
Hello Cameron! Great post in regards to attacks on utilizing WIFI in public areas and devices unattended. I am very cautious using WIFI when i am in public as it is very easy for folks to gain access to your device just by simply accessing hotspots. In regards to leaving mobile devices unattended, it is indeed very dangerous yet is very common to see, especially to those who are not necessarily tech savvy in todays world. Good post overall!
-
-
Emerging vulnerabilities are on the rise, especially as mobile and physical devices become more connected. Here are three key threats and how to guard against them:
1. Malicious mobile apps:
Some apps on official stores are designed to steal data or spy on users.
Countermeasure: Only download trusted apps, check reviews, limit permissions, and keep your phone updated.2. USB skimming (juice jacking):
Public charging stations can be used to steal your data through USB connections.
Countermeasure: Use a USB data blocker or carry your own charger and power bank.3. Smart device exploits:
Smart home devices like cameras or locks can be hacked if left unsecured.
Countermeasure: Change default passwords, enable two-factor authentication, and update firmware regularly.Staying alert and intentional can make all the difference. These practical steps help protect what matters—both physically and digitally.
-
Caleb,
I definitely didn’t even think of USB skimming, That made me think of things like ATM or Gas pump skimmers, which actually happened in our home gas station. Estimated the stole roughly 275 thousand dollars. A bit off topic, but I think its a fair comparison and similar situations.
The Malicious mobile apps, is something I have to do very often with my son. While I have parental controls and other things to minimize what he can do. I can still see a lot of ways it could still be infected. For example, my wife not realizing as much as I do about the tech world, and allowing a download of something that shouldn’t have been.
Overall I really like the way you summarized everything into main points. I think you made a great post.
-
-
Mobile devices can face several risks, such as malware and viruses, phishing attacks, and unsecured Wi-Fi networks. Malware and viruses can infect your device through bad apps, links, or attachments. To prevent this, you should use good antivirus software, avoid downloading apps from unknown sources, and keep your device’s system and apps updated. Phishing attacks happen when you get emails or messages that trick you into giving away personal information. To avoid this, be careful with unexpected messages, check who sent them, and don’t click on suspicious links. Using email filters and security features can also help. Connecting to unsecured Wi-Fi networks can let hackers steal your data. Using a VPN when on public Wi-Fi and not accessing sensitive information on unsecured networks can protect you.
Physical devices like laptops and smartphones can be stolen or lost, leading to data breaches. To protect your devices, use strong passwords, enable encryption, and activate remote wipe features to erase data if your device is lost or stolen. Unauthorized access happens when someone without permission uses your device. To prevent this, use locks, secure storage, access controls, and biometric authentication like fingerprint or facial recognition. Hardware tampering involves someone messing with your device or adding bad components. Regularly check your devices for tampering, use tamper-evident seals, and make sure only authorized people have access to sensitive hardware.
-
Misty,
Great post. I enjoyed reading both of your examples of both digital and physical possible vulnerabilities. In particular I liked your Example of using strong passwords. I think many times, myself included. We all use the same password, and rarely ever stray from patterns. Which makes it significantly easier to take ahold of multiple devices. Let alone the one they want. I have personally had this happen when I was younger, and eventually had my personal banking app get locked due to an unnoticed access from turkey. Just a small example, and it is interesting I have not found one password locker application that I can actually say I trust.
Is there any suggestions you could give on ways to keep your passwords together?
-
-
- You must be logged in to reply to this topic.
