Lesson 13 Flashcards

Question

corporate workspaces

Answer 1

When a device is joined to the corporate network through enrollment with management software, it can be configured into an enterprise workspace mode in which only a certain number of authorized applications can run. (apple uses Apple Business Manager)

Answer 2

Unlike iOS, Android allows for selection of different stores and installation of untrusted apps from any third party, if this option is enabled by the user. With unknown sources enabled, untrusted apps can be downloaded from a website and installed using the .apk file format. This is referred to as sideloading. Conversely, a management suite might be used to prevent the use of third-party stores or sideloading and block unapproved app sources.

Answer 3

* Privately owned but corporate use issues * Data ownership * Privacy * Containerization sets up a corporate workspace segmented from the employee’s private apps and data * Storage segmentation ensures separation of data * Enforcing content management/DLP policies

Answer 4

•Containerization sets up a corporate workspace segmented from the employee’s private apps and data

Answer 5

Containerization also assists content management and data loss prevention (DLP) systems. A content management system tags corporate or confidential data and prevents it from being shared or copied to unauthorized external media or channels, such as non-corporate email systems or cloud storage services.

Answer 6

Rooting •Principally Android •Custom firmware/ROM Jailbreaking •Principally iOS •Patched kernel •Tethered jailbreak Carrier unlocking - unlocking the restr Risks to enterprise management

Answer 7

Carrier unlocking—for either iOS or Android, this means removing the restrictions that lock a device to a single carrier.

Answer 8

If the user has applied a custom firmware image, they could have removed the protections that enforce segmentation. The device can no longer be assumed to run a trusted OS. EMM/UEM has routines to detect a rooted or jailbroken device or custom firmware with no valid developer code signature and prevent access to an enterprise app, network, or workspace. Containerization and enterprise workspaces can use cryptography to protect the workspace in a way that is much harder to compromise than a local agent, even from a rooted/jailbroken device. LICENSED FOR

Answer 9

* Disable cellular data if unmonitored or unfiltered * Prevent use for data exfiltration * Attacks on cellular connections

Answer 10

There have been attacks and successful exploits against the major infrastructure and protocols underpinning the telecoms network, notably the SS7 hack . There is little that either companies or individuals can do about these weaknesses. The attacks require a high degree of sophistication and are relatively uncommon.

Answer 11

GPS signals can be jammed or even spoofed using specialist radio equipment. This might be used to defeat geofencing mechanisms, for instance

Answer 12

As this triangulation process can be slow, most smartphones use Assisted GPS (A-GPS) to obtain coordinates from the nearest cell tower and adjust for the device's position relative to the tower. A-GPS uses cellular data.

Answer 13

Risks from Wi-Fi •Legacy security methods •Open access points •Rogue access points Mobile devices usually default to using a Wi-Fi connection for data, if present. If the user establishes a connection to a corporate network using strong WPA3 security, there is a fairly low risk of eavesdropping or man-in-the-middle attacks. The risks from Wi-Fi come from users connecting to open access points or possibly a rogue access point imitating a corporate network. These allow the access point owner to launch any number of attacks, even potentially compromising sessions with secure servers (using a DNS spoofing attack, for instance).

Answer 14

(not hotspot)Personal area networks (PANs) enable connectivity between a mobile device and peripherals. Ad hoc (or peer-to-peer) networks between mobile devices or between mobile devices and other computing devices can also be established. In terms of corporate security, these peer-to-peer functions should generally be disabled. It might be possible for an attacker to exploit a misconfigured device and obtain a bridged connection to the corporate network.

Answer 15

Wi-Fi Direct •Ad hoc networks •Soft access point •Wireless mesh networking Wi-Fi Direct allows one-to-one connections between stations, though in this case one of the devices actually functions as a soft access point. Wi-Fi Direct depends on Wi-Fi Protected Setup (WPS), which has many vulnerabilities. Android supports operating as a Wi-Fi Direct AP, but iOS uses a proprietary multipeer connectivity framework. You can connect an iOS device to another device running a Wi-Fi direct soft AP, however.

Answer 16

Wireless stations can establish peer-to-peer connections with one another, rather than using an access point. This can also called be called an ad hoc network, meaning that the network is not made permanently available.

Answer 17

you know this

Answer 18

Bluetooth is one of the most popular technologies for implementing PANs. While native Bluetooth has fairly low data rates, it can be used to pair with another device and then use a Wi-Fi link for data transfer. This sort of connectivity is implemented by iOS's AirDrop feature.

Answer 19

Device discovery—a device can be put into discoverable mode meaning that it will connect to any other Bluetooth devices nearby. Unfortunately, even a device in nondiscoverable mode is quite easy to detect.

Answer 20

``` devices authenticate ("pair") using a simple passkey configured on both devices. This should always be changed to some secure phrase and never left as the default. Also, check the device's pairing list regularly to confirm that the devices listed are valid. ```

Answer 21

there are proof-of-concept Bluetooth worms and application exploits, most notably the BlueBorne exploit (armis.com/blueborne), which can compromise any active and unpatched system regardless of whether discovery is enabled and without requiring any user intervention. There are also vulnerabilities in the authentication schemes of many devices. Keep devices updated with the latest firmware.

Answer 22

- Device discovery - Authentication and authorization - Malware and exploits

Answer 23

Unless some sort of authentication is configured, a discoverable device is vulnerable to bluejacking, a sort of spam where someone sends you an unsolicited text (or picture/ video) message or vCard (contact details). This can also be a vector for malware, as demonstrated by the Obad Android Trojan malware

Answer 24

refers to using an exploit in Bluetooth to steal information from someone else's phone

Answer 25

Other significant risks come from the device being connected to. A peripheral device with malicious firmware can be used to launch highly effective attacks. This type of risk has a low likelihood, as the resources required to craft such malicious peripherals are demanding.

Answer 26

Infrared signaling has been used for PAN in the past (IrDA), but the use of infrared in modern smartphones and wearable technology focuses on two other uses: • IR blaster—this allows the device to interact with an IR receiver and operate a device such as a TV or HVAC monitor as though it were the remote control handset. • IR sensor—these are used as proximity sensors (to detect when a smartphone is being held to the ear, for instance) and to measure health information (such as heart rate and blood oxygen levels).

Answer 27

• IR blaster—this allows the device to interact with an IR receiver and operate a device such as a TV or HVAC monitor as though it were the remote control handset. • IR sensor—these are used as proximity sensors (to detect when a smartphone is being held to the ear, for instance) and to measure health information (such as heart rate and blood oxygen levels).

Answer 28

``` Radio Frequency ID (RFID) •(Usually) unpowered tags •Transmit when in range of reader •Skimming attack •Encrypt sensitive information ``` means of encoding information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else. A passive tag can have a range from a few centimeters to a few meters. When a reader is within range of the tag, it produces an electromagnetic wave that powers up the tag and allows the reader to collect information from it or to change the values encoded in the tag. There are also battery-powered active tags that can be read at much greater distances (hundreds of meters).

Answer 29

One type of RFID attack is skimming, which is where an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card. Any reader can access any data stored on any RFID tag, so sensitive information must be protected using cryptography.

Answer 30

NFC is based on a particular type of radio frequency ID (RFID). NFC sensors and functionality are now commonly incorporated into smartphones. An NFC chip can also be used to read passive RFID tags at close range. It can also be used to configure other types of connections (pairing Bluetooth devices for instance) and for exchanging information, such as contact cards.

Answer 31

An NFC chip can also be used to read passive RFID tags at close range. It can also be used to configure other types of connections (pairing Bluetooth devices for instance) and for exchanging information, such as contact cards. An NFC transaction is sometimes known as a bump,

Answer 32

An NFC transaction is sometimes known as a bump,

Answer 33

machines. To configure a payment service, the user enters their credit card information into a mobile wallet app on the device. The wallet app does not transmit the original credit card information, but a one-time token that is interpreted by the card merchant and linked backed to the relevant customer account. There are three major mobile wallet apps: Apple Pay, Google Pay (formerly Android Pay), and Samsung Pay.

Answer 34

* Eavesdropping/skimming * Denial of service Despite having a close physical proximity requirement, NFC is vulnerable to several types of attacks. Certain antenna configurations may be able to pick up the RF signals emitted by NFC from several feet away, giving an attacker the ability to eavesdrop from a more comfortable distance. An attacker with a reader may also be able to skim information from an NFC device in a crowded area, such as a busy train. An attacker may also be able to corrupt data as it is being transferred through a method similar to a DoS attack—by flooding the area with an excess of RF signals to interrupt the transfer.

Answer 35

- USB OTG allows a port to function as a device or hub Some Android USB ports support USB On The Go (OTG) and there are adapters for iOS devices. USB OTG allows a port to function either as a host or as a device. For example, a port on a smartphone might operate as a device when connected to a PC, but as a host when connected to a keyboard or external hard drive. The extra pin communicates which mode the port is in.

Answer 36

* USB with malicious firmware might be able to perform an exploit * Spread malware between computers using the device as a vector * Install or run malware to try to compromise the smartphone itself •Juice jacking

Answer 37

It is also possible that a charging plug could act as a Trojan and try to install apps (referred to as juice-jacking), though modern versions of both iOS and Android now require authorization before the device will accept the connection.

Answer 38

The Short Message Service (SMS) and Multimedia Message Service (MMS) are operated by the cellular network providers. They allow transmission of text messages and binary files. Vulnerabilities in SMS and the SS7 signaling protocol that underpins it have cast doubt on the security of 2-step verification mechanisms (kaspersky.com/ blog/ss7-hacked/25529).

Answer 39

Rich communication services (RCS) •Exploits against handling of attachments or rich formatting Rich Communication Services (RCS) is designed as a platform-independent advanced messaging app, with a similar feature set to proprietary apps like WhatsApp and iMesssage. These features include support for video calling, larger binary attachments, LICENSED FOR USE ONLY BY: TYLER LUKE · 16249171 · MAY 26 2021 Lesson 13: Implementing Secure Mobile Solutions | Topic 13B The Official CompTIA Security+ Student Guide (Exam SY0-601) | 361 group messaging/calling, and read receipts. RCS is supported by carriers via Universal Profile for Advanced Messaging (gsma.com/futurenetworks/digest/universal-profileversion- 2-0-advanced-rcs-messaging). The main drawbacks of RCS are that carrier support is patchy (messages fallback to SMS if RCS is not supported) and there is no end-to-end encryption, at the time of writing (theverge.com/2020/5/27/21271186/ google-rcs-t-mobile-encryption-ccmi-universal-profile). Vulnerabilities in processing attachments and rich formatting have resulted in DoS attacks against certain handsets in the past, so it is important to keep devices patched against known threats.

Answer 40

* Potential vector for spam, phishing, or hoaxing * Make sure developer account credentials are kept secure Push notifications are store services (such as Apple Push Notification Service and Google Cloud to Device Messaging) that an app or website can use to display an alert on a mobile device. Users can choose to disable notifications for an app, but otherwise the app developer can target notifications to some or all users with that app installed. Developers need to take care to properly secure the account and services used to send push notifications. There have been examples in the past of these accounts being hacked and used to send fake communications.

Answer 41

This is updates to the device's modem's operating systems...not the devices operating system (ios, android)...might need to read this section again. * Baseband updates and radio firmware * Over the Air (OTA) update delivery * Risks from rooted/jailbroken devices * Risks from highly targeted attacks

Answer 42

Cellular networks are microwave radio networks provisioned for multiple subscribers. Microwave radio is also used as a backhaul link from a cell tower to the service provider's network. These links are important to 5G, where many relays are required and provisioning fiber optic cabled backhaul can be difficult. Private microwave links are also used between sites.

Answer 43

Point-to-point (P2P) microwave Point-to-multipoint (P2M)

Answer 44

Point-to-point (P2P) microwave uses high gain antennas to link two sites. High gain means that the antenna is highly directional. Each antenna is pointed directly at the other. In terms of security, this makes it difficult to eavesdrop on the signal,as an intercepting antenna would have to be positioned within the direct path. The satellite modems or routers are also normally paired to one another and can use over-the-air encryption to further mitigate against snooping attacks.

Answer 45

Point-to-multipoint (P2M) microwave uses smaller sectoral antennas, each covering a separate quadrant. Where P2P is between two sites, P2M links multiple sites or subscriber nodes to a single hub. This can be more cost-efficient in high density urban areas and requires less radio spectrum. Each subscriber node is distinguished by multiplexing. Because of the higher risk of signal interception compared to P2P, it is crucial that links be protected by over-the-air encryption.

Answer 46

Multipoint can be used in other contexts. For example, Bluetooth supports a multipoint mode. This can be used to connect a headset to multiple sources (a PC and a smartphone, for instance) simultaneously.