On behalf of the talk ‘(In)Seguridad de las comunicaciones móviles’ ([In]Security of mobile communications) which will take place next Wednesday at the ETSE, we are about to reflect on the security of communications by describing some of the most common attacks to mobile phones.
9 february 2016
Nowadays, over 3000 millions of users in 200 countries make a daily use of more than 500 million iOS devices, which means a great quantity of data transferred among mobile devices. It is true that security systems are improved with each new version; however, many are the attacks recorded against GSM/GPRS/UMTS.
The evolution of LTE technology of telecommunications brings about a rise in the cases of telephone hacking, which is becoming the substitutes of common computers. Among the most common attacks against iPhone or iPad terminals we can highlight the following:
- MITIM Attacks (Man In The Middle): it’s based on the interception of communication between two people. The hacker has the ability of reading, inserting and modifying the messages sent between two parties without any of them knowing about it.
- Supplanted access points (AP Rogue): open public Wi-Fi connections or Fake AP through which to access our mobile devices.
- XSS (Cross Site Scripting): consists of inserting a malicious code in the browser with the form of a script.
- Client Side Attacks: it’s a hacking technique through which a malicious archive is infected aiming at accessing a computer both in a local or online network. A very common way of doing so is executing exploits through infected PDFs.
- Stealing data in iCloud: through spam phishing and spear phishing, an attacker who gets the account and password of an AppleID to access the main system used by Apple to storage security backups.
Image source: Microsiervos / flickr
For the purpose of bringing light to security or to its lack in current mobile communications, next 10 February from 15 to 17 at the AE-2.4 room of the ETSE there will be a talk on informatic security, (In)Seguridad de las comunicaciones móviles, whose participants will be David Pérez and José Picó, founders of Layakk (security company).
David Pérez has dedicated over 15 years of his professional career to the development of advanced security technical services. He is a telecommunications engineering of the Universitat Politècnica de València, author of books, articles, conferences and courses on security and one of the few professionals holding the GIAC Security Expert Certificate. In 2013, he co-funded Layakk and, from there, he develops security services with a high technical content, training and research.
José Picó holds a bachelor’s degree in Informatics and has over 18 years of experience in IT technologies. During the first years of his professional career, he worked for several multinationals and in all IT fields, specialising definitely in informatics security. In 2013, he co-founded Layakk along with David Pérez. He is author of several articles, books and tools as well as lecturer in several security conferences.
Layakk is a Valencian company dedicated to offering clients the most advances security services and products. The company centres its strategy on two main pillars: research and engineering. In the Lab section of its website, there are several links to publications and lectures taught by Layakk.
The subject Network Security within the Official Master’s Degree in Telecommunications Engineering, centres on the theoretical and practical study ofdifferent mechanisms and tools currently existing to grant security in a company’s intranet, not only for external and internal attacks but also in the wired and wireless networks. Some of the networks studied are RADIUS, IPSec, ASSERT MANAGERS, WEP, WPA, WP2; and tools such as SNORT, Dionaea and Nessus. This subject is 5ECTS credits and is taught by professor Salvador Moreno Picot in the Master’s Degree second year.
