mobile sec 2b Flashcards Preview

comp sec > mobile sec 2b > Flashcards

Flashcards in mobile sec 2b Deck (20)
Loading flashcards...
1
Q

STAGEFRIGHT

A

major vulnerability in

Android

2
Q

STAGEFRIGHT What ability or privileges does this

vulnerability provide the attacker?

A

•It is estimated that 50% of the affected devices
would be able to trigger the vulnerability
without any user interaction!
•For other cases, simply opening the MMS will
compromise the device!

3
Q

STAGEFRIGHT What ability or privileges does this

vulnerability provide the attacker 2?

A

•During successful attacks, the attacker is able to run
arbitrary code on the target device with media or
system privileges the audio and camera of the device.
•Using these privileges, an attacker can perform
reconnaissance on their victim by listening in on
conversations, and enabling video recording!

4
Q

STAGEFRIGHT What ability or privileges does this

vulnerability provide the attacker 3?

A

• On some devices, the affected software runs with “system” privileges.
• the attacker has almost full control of the device already.
• Remote code execution allows sophisticated attackers to execute
“privilege escalation” attacks, which allow the attacker to
• change “roles” on the device – providing unfettered control:
• access to read the victim’s emails,
• facebook/ whatsapp messages and
• contacts,
• access data from other applications or
• use the device as a pivot into the customers network and cloud applications

5
Q

STAGEFRIGHT What ability or privileges does this

vulnerability provide the attacker 4?

A

The attacker can hide traces of the attack by simply deleting the
infected message after a successful attack.
• If an attacker spends additional time refining the attack, it can be
made silent.

6
Q

How to protect from Stagefright

A

•Update your device:
•Keep your device updated to the latest version
at all times.
•Disable Auto-fetching of MMS:
•You will need to disable this for both Hangout
and regular messaging apps. Here’s how:
How to protect from Stagefright
• HANGOUT: DISABLE AUTO FETCHING MMS
• Open Hangout
• Tap Options on the top left corner
• Tap Settings -> SMS
• In General, If you have Hangout SMS Enabled then in
the Advanced uncheck Auto Retrieve MMS
• MESSAGES: DISABLE AUTO FETCHING MMS Open Messages
• Tap More -> Settings -> More Settings
• Tap Multimedia Messages -> Turn OFF Auto Retrieve.

7
Q

How to protect from Stagefright

•Advanced Protection

A

• Zimperium’s advanced mobile threat protection solution – zIPS, is
already trained by their core engine z9, to detect and protect from
Stagefright.
• Devices with zIPS activated are fully protected without the need for
device update or disabling the MMS.

8
Q

Quadrooter (7 AUG 2016)

A

• Check Point today disclosed 4 vulnerabilities affecting
900 million Android smartphones and tablets that use
Qualcomm® chipsets.
• The Check Point mobile threat research team, which
calls the set of vulnerabilities QuadRooter, presented
its findings in a session at DEF CON 24 in Las Vegas

9
Q

Qualcomm is the world’s leading

A

g designer of LTE
chipsets with a 65% share of the LTE modem
baseband market.
•If any one of the 4 vulnerabilities is exploited, an
attacker can trigger privilege escalations for the
purpose of gaining root access to a device

10
Q

Quadrooter – Which Device affected

A

•QuadRooter vulnerabilities are found in software
drivers that ship with Qualcomm chipsets.
• Any Android device built using these chipsets is at risk.
• These software drivers, which control communication
between chipset components, become incorporated
into Android builds manufacturers develop for their
devices.

11
Q

Quadrooter – Which Device affected 2

A

• Since the vulnerable drivers are pre-installed on
devices at the point of manufacture, they can only be
fixed by installing a patch from the distributor or
carrier.
•Distributors and carriers issuing patches can only do
so after receiving fixed driver packs from Qualcomm.

12
Q

Quadrooter – Which Device affected 3

A

• This situation highlights the inherent risks in the
Android security model.
• Critical security updates must pass through the entire
supply chain before they can be made available to end
users.
•Once available, the end users must then be sure to
install these updates to protect their devices and data.

13
Q

Quadrooter - How are hp exposed to it?

A

An attacker can exploit these vulnerabilities using a
malicious app.
• Such an app would require no special permissions to
take advantage of these vulnerabilities, alleviating any
suspicion users may have when installing.

14
Q

How can I protect employee’s devices from attacks using these Quadrooter
vulnerabilities?

A

Without an advanced mobile threat detection and mitigation solution
on the Android device, there is little chance a user would suspect any
malicious behavior has taken place.

15
Q

• What are the risks if an attacker exploits the quadrooter vulnerability on a
device?

A

If exploited, QuadRooter vulnerabilities can give
• attackers complete control of devices and
• unrestricted access to sensitive personal and enterprise data on them.
• Attacker with capabilities such as keylogging, GPS tracking, and recording
video and audio.

16
Q

Download and install the latest Android updates asap why sia

A

• Understand the risks of rooting your device – either intentionally or
as a result of an attack.
• Examine carefully any app installation request before accepting it to
make sure it’s legitimate.
• Avoid side-loading Android apps (.APK files) or downloading apps
from third-party sources. Instead, practice better app hygiene by
downloading apps only from Google Play

17
Q

Avoid side-loading Android apps (.APK files) or downloading apps
from third-party sources.

A

Instead, practice better app hygiene by

downloading apps only from Google Play

18
Q

When referring to Android apps, “sideloading” typically

means

A

s installing an application package in APK format onto
an Android device.

Such packages are usually downloaded from websites other
than Google play, usually through a computer.
• For Android users sideloading of apps is only possible if the
user has allowed “Unknown Sources” in their Security
Settings.

19
Q

Read permission requests carefully when installing any apps.

• Be wary of apps that ask for

A

r permissions that seem unusual or
unnecessary or that use large amounts of data or battery life.
• Use known, trusted Wi-Fi networks or while traveling use only those
that you can verify are provided by a trustworthy source.
• End users and enterprises should consider using mobile security
solutions designed to detect suspicious behavior on a device,
including malware that could be obfuscated within installed apps.

20
Q

Bring Your Own Cloud (BYOC)

A

Build Your Own Cloud, provides
employees with the flexibility to store and access data such as
documents, images, videos and other files via a wide variety of cloud
options, but it can do so at the expense of corporate control, and it
can present potential security risks to the enterprise when security
policies and best practices aren’t implemented or followed.