Section 5: Mobile Device Security

Question 1

What is the highest level of wireless security?

Answer 1

WPA2 - Wireless Protected Access

Question 2

What Encryption does WPA2 rely on?

Answer 2

AES - Advanced Encryption Standard

Question 3

What does Bluetooth pairing create?

Answer 3

A shared link key for encrypting the connection

Question 4

Which connection is almost always more secure?

Wired or Wireless?

Answer 4

Wired

Question 5

How can you protect yourself from Mobile Malware?

Answer 5

1. Antivirus
2. Patched and Updated
3. Official Apps only

Question 6

What are some Unique Attacks to Mobile Devices?

Answer 6

1. Social Engineering
2. Pre-texting scams
3. Texts which include links

Question 7

Should you JailBreak/Root your mobile device?

Answer 7

No

Question 8

Should you use custom firmware or custom ROM on your mobile device?

Answer 8

No

Question 9

Where should you get your Apps for your mobile device?

Answer 9

Official App Store

Question 10

What should you do with your phone’s operating system?

Answer 10

Keep it up to date

Question 11

What is a SIM card?

Answer 11

Integrated circuit that securely stores the international mobile subscriber identity (IMSI) number and its related keys
- Subscriber Identity Module
- communicates with cell towers and tells them which device is which number

Question 12

What does SIM stand for?

Answer 12

Subscriber Identity Module

Question 13

What is SIM cloning?

Answer 13

When 2 phones are utilising the same card. This allow’s an attacker to gain access to the phone’s data.
- both phones get the same message/text

Question 14

Which version is harder to clone between SIM V1 and V2?

Answer 14

V2 are much harder

Question 15

What can attackers achieve with Social Engineering regarding phone attacks?

Answer 15

They can call your phone provider and give them information that is OSINT and found online on social media. Once they get access to your number they can:
- Bypass 2FA
- Get 2FA code in their phones and login to your email accounts

Question 16

If an attacker has your phone number, what can they do?

Answer 16

1. ID theft
2. Account takeover

Question 17

How can Theft ID & Account takeover be prevented?

Answer 17

Do not post your phone numbers online

Question 18

What is a Google Voice Number?

Answer 18

A number that sits on top of your real number. This hides your actual phone number which you can then use your real number to authenticated 2FA.

Question 19

What is BlueJacking?

Answer 19

When an attacker sends unsolicited messages to Bluetooth enabled devices

Question 20

What is BlueSnarfing?

Answer 20

Unauthorised access of information from a wireless device over a Bluetooth connection

Question 21

What is the difference between BlueJacking and BlueSnarfing?

Answer 21

BlueJacking - Sending information
BlueSnarfing - Taking information

Question 22

What should you ensure you always have with your device’s data?

Answer 22

Device Backup

Question 23

How can you secure your mobile device?

Answer 23

1. Encrypt your device
2. Full disk encryption
3. track your device

Question 24

How can you find where your phone is?

Answer 24

Apple - Find my iphone
Android - Find my phone

Question 25

What can you also do on the find my phone websites?

Answer 25

- Remote Lock - Remote Wipe

Question 26

When browsing, what should you make sure websites have?

Answer 26

HTTPS - TLS (Secure tunnel)

Question 27

What is TLS?

Answer 27

Transport Layer Security - encrypts data in transit

Question 28

What is a Mobile Device Management (MDM) solution?

Answer 28

Centralised software that allows system admins to create and enforce policies across mobile devices

Question 29

What can MDM do?

Answer 29

1. Block Websites 2. Block Apps 3. Enforce policies

Question 30

What does Allow Location Access for apps is a concern of?

Answer 30

Privacy concern - Apps always know your location

Question 31

What is Geotagging?

Answer 31

Embedded geolocation (GPS) coordinates into a piece of data (i.e. photos)

Question 32

What is BYOD?

Answer 32

Bring Your Own Device

Question 33

Why could BYOD be a security issue?

Answer 33

When the device is connected to your work network, every vulnerability the device has, is introduced to the network - malware at home, is then brought to the work network

Question 34

What is Storage Segmentation?

Answer 34

Creating a clear separation between personal and company data on a single device

Question 35

What are some ways to enforce Storage Segmentation?

Answer 35

- Virtual environment app on your mobile device - 2 different email apps for work / personal

Question 36

Is it possible to have MDM on your BYOD?

Answer 36

Yes, but who would want that on their personal device?

Question 37

What is CYOD?

Answer 37

Alternative to BYOD. Choose Your Own Device - employees get a choice of phone - can install MDM - technical policies etc

Question 38

What can MDM provide?

Answer 38

- block app installation - DLP - turn features on/off such as WiFi connectivity so you are forced to only use cellular data (policy)

Question 39

What are 10 ways of hardening your mobile device?

Answer 39

1. Update 2. Antivirus 3. User training 4. Only use official app store 5. no root/jailbreak 6.only use V2 SIM 7. turn off unnecessary features 8. encryption for voice & data 9. strong password or biometrics 10. no BYOD