Lesson 13 Secure Mobile Devices

Question 1

MDM

Answer 1

Mobile Device Manager

SW used to configure, protect and remote wipe phones that are enrolled

sets device policies for Authentication, feature use, and connectivity

Allows for device resets and remote wipes

Question 2

EMM

Answer 2

Enterprise Mobility Management

Method to manage mobile devices

Question 3

VDI

Answer 3

Virtual Desktop Infrastructure

Used for thin clients who connect to a VM host

Centralizes managements

promotes security

Question 4

MAM

Answer 4

Mobile Application Management

function of the MDM

Allows a Admins to whitelist or blacklist which apps can be installed

configures an enterprise-managed container or workspace

Question 5

MEM

Answer 5

Mobile Email Management

part of ERP

Question 6

Geofencing

Answer 6

ability to accept or reject access to a network based on location of the device

also used to send alerts to a device when the device enters specific area

utilizes geolocation

Question 7

Geotagging

Answer 7

the recording of the GPS location in the meta data of a file when it is created on a mobile device

Question 8

Containerization

Answer 8

Used on mobile devices by an employer to mange and maintain the portion of the device that can interface with the corporate network

isolates corporate apps from the rest of the device

enforces storage segmentation of the device

assists in content management and data loss prevention (DLP)

Allows for personal use on the device with out worry of breaching security policies

Question 9

COPE

Answer 9

Corporate Owned, Personally Enabled

allows personal use on a corporate owned phone

Question 10

BYOD

Answer 10

Bring Your Own Device

Device is owned by employee

employee must agree to the terms of use

difficult from a security standpoint

Question 11

COBO

Answer 11

Corporate Owned Business Only

Question 12

CYOD

Answer 12

Choose Your Own Device

employee is given a choice of device from a list

but still owned by the company

otherwise same as COPE

Question 13

EMM

Answer 13

Enterprise Mobility Management

SW which applies security policies for mobile devices and apps in the enterprise

2 main functions

Mobile device management (MDM)

Mobile application management (MAM)

Question 14

UEM

Answer 14

Unified Endpoint Management

visibility across many devices, PC, laptop, smartphone, tablet, IoT devices

extends the concept of network access control (NAC) solutions

logs the use on network
determines access to network
determines ability of device to use of apps, corporate data, and device built-in functions

Question 15

Rooting

Answer 15

A privilege escalation allowing Android users to gain access to the root account on their device

Question 16

Jailbreaking

Answer 16

A privilege escalation allowing iOS users to obtain root privileges to side load apps, change or add carriers, or customize the interface.

Question 17

Carrier Unlocking

Answer 17

Removing the restrictions of locking a device to a single carrier.

Question 18

Rooting and jailbreaking security concerns and remediations

Answer 18

Rooting and Jailbreaking leave many security measures permanently disabled

• root user can compromise management agent software
• possibly the new firmware could have removed the protections that enforce segmentations
• the OS can no longer be trusted

EMM/UEM can detect rooted or jailbroken devices
- containerization and enterprise workspaces can use cryptography to protect against this

Question 19

Security and Cellular Data Connections

Answer 19

• To prevent data exfiltration disable while on Enterprise network
• attacks are rare and requires a high degree of sophistication

Question 20

Security and GPS

Answer 20

Global Positioning System (GPS) use signals from GPS satellites which can be slow. Smartphones employee A-GPS, assisted GPS by using cell towers to triangulate.
- attacks can spoof or jam the GPS signals and cell tower signals, which can lead to defeating geofencing mechanisms

Question 21

Wi-Fi connection risks

Answer 21

use of open access points
rogue access points imitating a corporate network
allowing for compromised sessions with secure servers using DNS spoofing attac

Question 22

PANs

Answer 22

Personal Area Network (PAN) allow for hotspots of mobile devices to allow users to share a devices connectivity
- Should be disabled for enterprise use as it can lead to an attack using a bridged connection to the corporate network

Question 23

Security and Tethering and Hotspots

Answer 23

typically would be disabled when connected t the enterprise network

can circumvent security mechanisms, such as data loss prevention or web content filtering policies

Question 24

Security and bluetooth

Answer 24

device discovery
- should turn off, but in non-discovery mode attackers can still detect quite easily

authentication and authorization

• change the default passphrase, and regularly
• check the devices paring list

malware

• keep device updated with latest firmware
• several exploits - worms, BlueBorne,
• vulnerabilities in authentication schemes

Question 25

Security and Infrared/RFID

Answer 25

Radio Frequency ID (RFID) is a method of encoding info into passive tags

• skimming attacks use a fraudulent RFID reader to obtain the information, say from a contactless bank card
• need to protect the information using cryptography

Question 26

NFC Vulnerabilities

Answer 26

Near Field Communications (NFC)
- Close range reading of RFID information
Vulnerabilities:
- tag handling
- tag could lead to malicious sites
- no encryption so man in the middle exploits
- skimming with a more sensitive antenna to read from further away (several feet)

Question 27

USB OTG Vulnerabilities

Answer 27

USB On the Go (OTG)

• malware from the host
• malware from the device being connected to the host to infect the host
• charging plug could be a trojan to install apps, called juice-jacking

Question 28

SMS/MMS/RCS vulnerabilities

Answer 28

Short Message Service (SMS)
Multimedia Message Service (MMS)
Rich Communication Services (RCS)
- vulnerability is DoS in processing the attachments and rich formatting
- keep devices patched to the latest firmware

Question 29

Push Notification Vulnerabilities

Answer 29

Store services an app or website can use to display an alert on a mobile device

Vulnerability is attackers send fake communications to users from hacked accounts

Developers need to ensure proper security is applied to the accounts to prevent this

Also users could disable the feature of push notifications

Question 30

Firmware Over-the-Air Updates Vulnerabilities

Answer 30

Potential for attackers create and evil base station using a Stingray/International Mobile Subscriber Identity (IMSI) catcher allowing for identification of cell devices in an operating area.

Allows for a launch of a man in the middle to abuse the firmware update process