Mobile Communications and IoT

Question 1

What are the 3 main attack types for Mobile devices?

Answer 1

1. Device attacks (Browser, SMS, App, Rooted/Jailbroken devices)
2. Network attacks (DNS cache poisoning, rogue/evil twin APs, packet sniffing)
3. Cloud attacks (Databases, photos, cloud data e.g. Apple iCloud)

Question 2

OWASP Top 10 Mobile Risks

M1 - Improper Platform Usage

Answer 2

Misuse of features or security controls (Android intents, TouchID, Keychain)

Question 3

OWASP Top 10 Mobile Risks

M2 - Insecure Data Storage

Answer 3

Improperly stored data and data leakage

Question 4

OWASP Top 10 Mobile Risks

M3 - Insecure Communications

Answer 4

Insecure handshaking, incorrect SSL, clear-text communication

Question 5

OWASP Top 10 Mobile Risks

M4 - Insecure Authentication

Answer 5

Authenticating end user or bad session management

Question 6

OWASP Top 10 Mobile Risks

M5 - Insufficient Cryptography

Answer 6

Code that applies cryptography to an asset, but is insufficient

Question 7

OWASP Top 10 Mobile Risks

M6 - Insecure Authorization

Answer 7

Failures in authorization such as access rights

Question 8

OWASP Top 10 Mobile Risks

M7 - Client Code Quality

Answer 8

Code level implementation problems

Question 9

OWASP Top 10 Mobile Risks

M8 - Code Tampering

Answer 9

Binary patching, resource modification, dynamic memory modification

Question 10

OWASP Top 10 Mobile Risks

M9 - Reverse Engineering

Answer 10

Reverse core binaries to find vulnerabilities and exploits

Question 11

OWASP Top 10 Mobile Risks

M10 - Extraneous Functionality

Answer 11

Use of hidden or unknown functionality which could introduce series of vulnerabilities and exploits, such as backdoors that were inadvertently placed by coders

Question 12

What is mean by untethered jailbroken device?

Answer 12

iOS device remains jailbroken after a reboot.

Question 13

What is mean by tethered jailbroken device?

Answer 13

Device only usable in a single boot when jailbroken this way, and patch is removed upon reboot. Device may get stuck in a boot loop if not repaired via computer based tools.

Question 14

What is meant by Semi-Tethered jailbreak?

Answer 14

iOS device remains jailbroken for a single session and removes the patch upon reboot, but is able to boot back up as normal without any issues such as boot loop.

Question 15

List 3 different Bluetooth discovery modes

Answer 15

1. Discoverable - Answers all inquiries
2. Limited Discoverable - Restricts some actions
3. Non-Discoverable - Ignores all inquiries

Question 16

Why type of Mobile tools are:
1. KingoRoot
2. TunesGo
3. OneClickRoot
4. MTK Droid

Answer 16

Used for Android Rooting

Question 17

What type of mobile tools are:
1. evasi0n7
2. GeekSn0w
3. Pangu
4. Redsn0w
5. Absinthe
6. Cydia

Answer 17

Used for iOS jailbreaking

Question 18

What type of mobile exploits are these:
1. Userland Exploit
2. iBoot exploit
3. BootROM exploit

Answer 18

iOS jailbreaking exploits

Question 19

Which mobile attack method uses the following tools:
1. Obad
2. Fakedefender
3. TRAMPS
4. ZitMo

Answer 19

Trojans, can be used in phishing

Question 20

Which mobile attack method uses the following tools:
1. Mobile Spy
2. Spyera

Answer 20

Spyware

Question 21

What type of mobile tools are:
1. BlueScanner
2. BT Browser
3. BlueSniff
4. btCrawler
5. Bloover
6. PhoneSnoop
7. Super Bluetooth Hack

Answer 21

Used for bluetooth hacking

Question 22

What are the 3 basic components of IoT architecture?

Answer 22

1. Sensing Technology
2. IoT gateways
3. Cloud

Question 23

What are the 3 main characteristics of RIOT OS?

Answer 23

1. Embedded System
2. Actuator (moving) Boards
3. Sensors

Question 24

Which 2 terms best describes ARM mbed OS?

Answer 24

1. Used on wearables
2. Low-powered

Question 25

What is RealSense OS X mainly used in?

Answer 25

Sensors and cameras

Question 26

Which 3 type of applications would you find Nucleus RTOS used in?

Answer 26

1. Aerospace
2. Medical
3. Industrial

Question 27

What are the 4 method of communication in IoT?

Answer 27

1. Device to Device
2. Device to Cloud
3. Device to Gateway
4. Back-End Data Sharing

Question 28

What are the 5 Architecture Levels in IoT?

Answer 28

1. Edge Technology (Sensors, RFIDs, Readers, Devices)
2. Access Gateway (First data handling, messages, routing)
3. Internet (Main component that provide communication via internet )
4. Middleware (Data and device management)
5. Application (Front end delivery of service and data to users)

Question 29

IoT Vulnerabilities and Attacks:

I1 - Insecure Web Interface

Answer 29

Problems such as account enumeration, weak credentials, and no account lockout

Question 30

IoT Vulnerabilities and Attacks

I2 - Insufficient Authentication/Authorization

Answer 30

Assumes interfaces will only be exposed on internal networks and thus is a flaw

Question 31

IoT Vulnerabilities and Attacks

I3 - Insecure Network Services

Answer 31

May be succeptible to buffer overflow or DoS attacks

Question 32

IoT Vulnerabilities and Attacks

I4 - Lack of Transport Encryption/Integrity Verification

Answer 32

Data transported without encryption

Question 33

IoT Vulnerabilities and Attacks

I5 - Privacy Concerns

Answer 33

Due to collection of personal data

Question 34

IoT Vulnerabilities and Attacks

I6 - Insecure Cloud Interface

Answer 34

Easy-to-guess credentials make enumeration easy

Question 35

IoT Vulnerabilities and Attacks

I7 - Insecure Mobile Interface

Answer 35

Easy-to-guess credentials on mobile interface

Question 36

IoT Vulnerabilities and Attacks

I8 - Insufficient Security Configurability

Answer 36

Cannot change security which causes default passwords and configuration

Question 37

IoT Vulnerabilities and Attacks

I9 - Insecure Software/Firmware

Answer 37

Lack of a device to be updated or devices that do not check for updates

Question 38

IoT Vulnerabilities and Attacks

I10 - Poor Physical Security

Answer 38

Because of the nature of devices, these can easily be stolen

Question 39

What does HVAC and what type of system is it?

Answer 39

Heating, Ventilation and Air Conditioning - Indoor climate control system

Question 40

What is a Rolling Code attack?

Answer 40

Jam a key fob’s communications, steal the code, and then create a duplicate code

Question 41

What is a BlueBorne attack?

Answer 41

Attack against Bluetooth devices

Question 42

IoT Hacking Methodology

Answer 42

1. Information Gathering
2. Vulnerability Scanning
3. Launching Attacks
4. Gaining Access
5. Maintaining Access

Question 43

What type of device would you use the following tools against?
1. Foren6
2. Nmap
3. RIoT Vulnerability Scanner
4. beSTORM
5. IoTSploit
6. IoT Inspector
7. Firmalyzer
8. KillerBee
9. JTAGulator
10. Attify

Answer 43

IoT device hacking

Question 44

What is a Blackjacking attack?

Answer 44

Act of hijacking a BlackBerry Connection. Using BlackBerry to bypass security.

Question 45

What is BBProxy used for?

Answer 45

Allowing the attacker to use a BlackBerry device as a proxy between the internet and internal networks via covert channels.

(Used part of Blackjacking attack)

Question 46

What type of tools is BBScan?

Answer 46

Port scanning tool used against BlackBerry devices.

Question 47

What type of tool is Blooover?

Answer 47

Bluetooth Hoover - Serves as an audit tool to check phones for vulnerable to Bluetooth vulnerabilities such as BlueSnarf.

Question 48

What kind of Bluetooth attack is Bluesmacking?

Answer 48

DoS - Overflows bluetooth enabled devices with random packets

Question 49

What kind of Bluetooth attack is bluejacking?

Answer 49

Sending messages over bluetooth enabled devices

Question 50

What kind of Bluetooth attack is Bluesnarfing

Answer 50

Theft of information through via bluetooh on enabled devices

Question 51

What kind of Bluetooth Utility is BlueSniff used for?

Answer 51

Bluetooth tool used for warwalking/wardriving discovery of Bluetooth devices.

Question 52

What kind of Bluetooth attack is Bluebugging?

Answer 52

Remote access to a remote device via discoverable Bluetooth connection

Question 53

What kind of Bluetooth attack is BluePrinting?

Answer 53

Collection of information about Bluetooth enable devices, includes manufacturer, device model, and firmware versions.

Question 54

What is a piconet?

Answer 54

A network made of Bluetooth connected devices

Question 55

What type of malware is ZitMo?

Answer 55

Banking malware, Zeus ported to Android