2 cissp ® Official Study Guide Eighth Edition

368
Chapter 9 
■
Security Vulnerabilities, Threats, and Countermeasures
a pattern or typing a number on a keypad display. Neither of these is truly a secure opera-
tion. Screen locks may have workarounds, such as accessing the phone application through 
the emergency calling feature. And a screen lock doesn’t necessarily protect the device if a 
hacker connects to it over Bluetooth, wireless, or a USB cable. 
Screen locks are often triggered after a timeout period of nonuse. Most PCs autotrigger 
a password-protected screen saver if the system is left idle for a few minutes. Similarly, 
many tablets and mobile phones trigger a screen lock and dim or turn off the display after 
30–60 seconds. The lockout feature ensures that if you leave your device unattended or 
it’s lost or stolen, it will be diffi cult for anyone else to be able to access your data or appli-
cations. To unlock the device, you must enter a password, code, or PIN; draw a pattern; 
offer your eyeball or face for recognition; scan your fi ngerprint; or use a proximity device 
such as a near-fi eld communication (NFC) or radio-frequency identifi cation (RFID) ring 
or tile. 
Near field communication (NFC) is a standard to establish radio commu-
nications between devices in close proximity. It lets you perform a type 
of automatic synchronization and association between devices by touch-
ing them together or bringing them within inches of each other. NFC is 
commonly found on smartphones and many mobile device accessories. 
It’s often used to perform device-to-device data exchanges, set up direct 
communications, or access more complex services such as WiFi Protected 
Access 2 (WPA2) encrypted wireless networks by linking with the wireless 
access point via NFC. Because NFC is a radio-based technology, it isn’t 
without its vulnerabilities. NFC attacks can include man-in-the-middle, 
eavesdropping, data manipulation, and replay attacks.
 GPS 
Many mobile devices include a Global Positioning System (GPS) chip to support and benefi t 
from localized services, such as navigation, so it’s possible to track those devices. The GPS 
chip itself is usually just a receiver of signals from orbiting GPS satellites. However, applica-
tions on the mobile device can record the GPS location of the device and then report it to 
an online service. You can use GPS tracking to monitor your own movements, track the 
movements of others (such as minors or delivery personnel), or track down a stolen device. 
But for GPS tracking to work, the mobile device must have internet or wireless phone 
service over which to communicate its location information.

Download 19,3 Mb.

Do'stlaringiz bilan baham: