3.7 Attacks & exploits: Attacks on Mobile Devices

Question 1

Enterprise Mobility Management: what is Enterprise Mobility Management (EMM)?

Answer 1

Enables centralized management and control of corporate mobile devices
● Tracking
● Controlling
● Securing

Question 2

Enterprise Mobility Management: what is Mobile Device Management (MDM)? What technical control features a MDM has?

Answer 2

Tool for securing, managing, and monitoring mobile devices within an organization:
- Application control
- Password and Passcode functionality
- MFA requirement
- Token-based access
- Patch management
- Remote wipe

Question 3

Enterprise Mobility Management: what is Remote Wipe?

Answer 3

Reverts a device back to its factory default settings and sanitizes the sensitive data from the device’s onboard storage

Question 4

Enterprise Mobility Management: what is Trust Certificates used for device? Is it a secure way to certify a device?

Answer 4

Globally identifies a trusted device within an organization. A trust certificate can be copied by an attacker

Question 5

Enterprise Mobility Management: what is User-Specific Certificates used for device?

Answer 5

Assigned to a device to uniquely identify it on the network

Question 6

Enterprise Mobility Management: what is Firmware Update?

Answer 6

Updates the baseband of the radio modem used for cellular, Wi-Fi, Bluetooth, NFC, and GPS connectivity

Question 7

Deployment Options: what are the different deployment options for MDM (5)? Explain each of them

Answer 7

o Corporate-Owned, Business Only (COBO): Purchased by the company for use by the employees only for work-related purposes (Most secure, Most restrictive, Most expensive)
o Corporate-Owned, Personally-Enabled (COPE): Provides employees with a company procured device for work-related and/or personal use
o Choose Your Own Device (CYOD): Allows employees to select a device from an approved list of vendors or devices
o Bring Your Own Device (BYOD): Allows employees to bring their own devices into work and connect them to the corporate network. BYOD brings up privacy concerns and is the most difficult to secure
o Virtual Mobile Infrastructure (VMI): Like VDI, but utilizes a virtualized mobile operating system

Question 8

Mobile Reconnaissance Concerns:

Question 9

Mobile Device Insecurity: list the potentials insecurity related to mobile devices (4)

Answer 9

o Jailbreaking
o Rooting
o Sideloading
o Unauthorized app stores

Question 10

Mobile Device Insecurity: what is Jailbreaking?

Answer 10

Enables a user to obtain root privileges, sideload apps, change or add carriers, and customize the interface of an iOS device

Question 11

Mobile Device Insecurity: what is Rooting and how can you do it (2)?

Answer 11

▪ Custom Firmware/Custom ROM: A new Android OS image that can be applied to a device
▪ Systemless Root: Does not modify system partitions or files and is less likely to be detected than a custom ROM

Question 12

Mobile Device Insecurity: what is Sideloading?

Answer 12

Installs an app on a mobile device directly from an installation package instead of an official store

Question 13

Mobile Device Insecurity: what is Unauthorized app stores?

Answer 13

Android and iOS devices block the installation of third-party applications by default

Question 14

Mobile Device Insecurity: list the security configuration to secure your mobile device (7)

Answer 14

o Device Configuration Profiles/Protocols
o Full Device Encryption
o VPN
o Location Services
o Geolocation
o Geofencing
o Geotagging

Question 15

Mobile Device Insecurity: explain Device Configuration Profiles/Protocols

Answer 15

▪ Implement settings and restrictions for mobile devices from centralized mobile device management systems
▪ Profiles are mainly used for security, but can also provide a vulnerability

Question 16

Mobile Device Insecurity: explain Full Device Encryption and their options on iOS, Android v6/v7/v9 and HSM

Answer 16

▪ iOS: 256-bit unique ID
▪ Android v6: 128-bit AES keys
▪ Android v7: File-based encryption
▪ Android v9: Metadata encryption
▪ MicroSD Hardware Security Module (HSM): Stores the different cryptographic keys securely inside the mobile device, like a TPM module in a desktop or laptop

Question 17

Mobile Device Insecurity: explain VPN

Answer 17

Some MDM solutions provide a third-party VPN client

Question 18

Mobile Device Insecurity: explain Location Services

Answer 18

Refers to how a mobile device is allowed to use cellular data, Wi-Fi, GPS, and Bluetooth to determine its physical location

Question 19

Mobile Device Insecurity: explain Geolocation, Geofencing and Geotagging

Answer 19

o Geolocation: Uses a device’s ability to detect its location to determine if access to a particular resource should be granted
o Geofencing: Creates virtual boundaries based on geographical locations and coordinates
o Geotagging: Adds location metadata to files or devices

Question 20

Multifactor Authentication: what is the difference between Identification and Authentication?

Answer 20

o Identification: Provides identity
o Authentication: Validates identity

Question 21

Multifactor Authentication: explain MFA and authentication attributes

Answer 21

Uses two or more means (or factors) to prove a user’s identity:
● Knowledge (Something you know)
● Ownership (Something you have)
● Characteristic (Something you are)
● Location (Somewhere you are)
● Action (Something you do)

Question 22

Multifactor Authentication: explain FAR, FRR and CER

Answer 22

o False Acceptance Rate (FAR): Rate that a system authenticates a user as authorized or valid when they should not have been granted access to the system
o False Rejection Rate (FRR): Rate that a system denies a user as authorized or valid when they should have been granted access to the system
o Crossover Error Rate (CER): An equal error rate (ERR) where the false acceptance rate and false rejection rate are equal

Question 23

Multifactor Authentication: explain the OTP algorithms (2)

Answer 23

▪ Time-Based One-Time Password (TOTP): Computes password from a shared secret and the current time
▪ HMAC-Based One-Time Password (HOTP): Computes password from a shared secret and is synchronized across the client and the server

Question 24

Multifactor Authentication: explain In-Band Authentication and Out-of-Band Authentication. Which one is the most secure?

Answer 24

▪ In-Band Authentication: Relies on an identity signal from the same system requesting the user authentication
▪ Out-of-Band Authentication: Uses a separate communication channel to send the OTP or PIN
o Implement 2FA or MFA that relies on out-of-band authentication system for high-security networks

Question 25

Mobile Device Attacks: which OS is the most secure and why ?

Answer 25

o iOS is considered a “walled garden” as it is more restrictive
o Android was developed to be an open operating system

Question 26

Mobile Device Attacks: explain Overreach of Permissions type of mobile attack

Answer 26

▪ Occurs when third-party apps request more permissions than they actually need
▪ Overreach of permissions can be used by penetration testers to their advantage

Question 27

Mobile Device Attacks: what Social Engineering attacks mobile device are exposed to?

Answer 27

Social Engineering
▪ Vishing
▪ Smishing
▪ Spamming

Question 28

Mobile Device Attacks: what Bluetooth attacks mobile device are exposed to? Explain them (2)

Answer 28

▪ Bluejacking: Sending unsolicited messages to a Bluetooth device. Sending information
▪ Bluesnarfing: Making unauthorized access to a device via Bluetooth connection. Taking information

Question 29

Malware Analysis: explain Sandboxing. What does it do?

Answer 29

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled and secure fashion.
● Determine if the file is malicious
● Effects of the file on a system
● Dependencies with files and hosts