17 - Hacking Mobile Platforms

Question 1

What are the top ten mobile risks considered by OWASP?

Answer 1

• Improper Platform Usage
• Insecure Data Storage: Jailbreaking or Rooting bypasses encryption
• Insecure Communication: Poor handshaking, incorrect SSL versions
• Insecure Authentication: Weak session management, failing to identify the user
• Insufficient Cryptography: weak algos or flaws in process
• Insecure Authorization
• Client Code Quality: Weaknesses in the code that is running on the device.
• Code Tampering: Where an attacker can modify code on the device
• Reverse Engineering: Analyze code of applications on device
• Extraneous Functionality: sometimes developers hide extra functionality into an app that could be discovered by an attacker

Question 2

What are the different points in a mobile attack that can be exploited?

Answer 2

• The Device: The browser, Phone/SMS, Apps, OS
• The Network: Wi-Fi, Rogue AP’s, Packet Sniffing, MitM, Session Hijacking, DNS Poisoning, SSLStrip
• Data Center/CLOUD: Web Server (misconfig, XSS, no input validation), Database (SQL Injection, Privilege escalation, data dumping, OS Command execution)

Question 3

Once a Mobile is compromised, what types of activities can an attacker do?

Answer 3

• Surveillance
• Financial
• Data Theft
• Botnet Activity
• Impersonation

Question 4

What are the mobile attack vectors and vulnerabilities?

Answer 4

• Vectors:
  
  • Malware
  • Data Exfiltration
  • Data Tampering
  • Data Loss
• Vulnerabilities:
  
  • Malicious Apps in Stores: Insufficient or no vetting of apps
  • Mobile Malware
  • App Sandboxing vulnerabilities
  • Weak device and app encryption
  • OS and App Update Issues
  • Jailbreaking and Rooting
  • Mobile App Vulnerabilities
  • Privacy Issues
  • Weak Data Security
  • Excessive Permissions
  • Weak Communication Security
  • Physical Attacks

Question 5

Why is SMiShing (SMS Phishing) effective?

Answer 5

• Mobile users are not conditioned to look out for malicious texts
• No mainstream mechanism for weeding out spam SMS
• Most mobile Anti-Virus does not check the SMS

Question 6

What is Android OS?

Answer 6

A soft environment developed by Google for mobile devices that includes an OS, middleware, and key applications.

Question 7

What makes up the Android OS architecture?

Answer 7

• Linux-based
• System Apps: Most Android apps are written in Java
• Java API Framework: Offers higher-level services to apps which developers incorporate in their development
  
  • Activity Manager, Location Manager, Package Manager, Notification Manager, Resource Manager, Telephony Manager
• Native C/C++ Libraries: Specific to particular hardware. Allows the device to control different types of data.
• Android Runtime: Includes Core Libraries and Android Runtime (ART)
• Hardware Abstraction Layer: Acts as an abstraction layer between the hardware and software stack.
• Linux Kernel: Comprises of low-level device drivers.

Question 8

What is Android Rooting?

Answer 8

Allows users to attain privileged control (root) within Androids subsystem. Enables all the user-installed apps to run privileged commands like removing bloatware, Bluetooth tethering, and install apps on SD. Comes with risks like voiding your warranty, poor performance, malicious performance, bricking the device.

Question 9

What are some steps to secure your Android Device?

Answer 9

Enable screen locks

Never root your device

Only download apps from official Android market

Keep device updated with Google Android AV software

Do not directly download Android package files.

Update OS regularly

Use Android protector that assigns passwords to text messages, mail accounts, etc

Lock apps

Question 10

What are the layers of the iOS?

Answer 10

• Cocoa Touch: Contains frameworks that help in building iOS apps
• Media: Contains graphics, audio, and video technologies
• Core Services: Contains system services such as Core Foundation and Foundation frameworks
• Core OS: Contains low-level features on which most other technologies are built

Question 11

What is “jailbreaking”?

Answer 11

The process of installing a modified set of kernel patches that allows users to run 3rd party apps not signed by the OS vendor. Provides root access to the OS and removes sandbox restrictions.

Question 12

What are the different types of jailbreaking?

Answer 12

• Userland Exploit: Allows user-level access
• iBoot Exploit: Allows user-level and iBoot-level access
• Bootrom Exploit: Allows user-level and iBoot-level access

Question 13

What are the different techniques for Jailbreaking?

Answer 13

• Untethered Jailbreaking: Device will be jailbroken after each reboot without the help of a computer
• Semi-Tethered Jailbreaking: To use jailbroken addons, user will need to the device with the help of the jailbreaking tool.
• Tethered Jailbreaking: Device needs assistance of computer in order for it to start up completely and with a patched kernel.

Question 14

What are the guidelines for securing iOS devices?

Answer 14

• Use passcode lock
• Use only secured and protected wifi
• Do not access web services on compromised network
• Disable JS and add-ons from web browser
• Do not store sensitive data on client-side DB
• Do not open links or attachments from untrusted sources
• Change default password of iPhones root password
• Do not jailbreak or root your device if used within enterprise environment
• Enable jailbreak detection
• Stay up to date on patches and updates

Question 15

What is Mobile Spyware?

Answer 15

A software tool that gives you full access to monitor a victim’s phone. Secretly records all activity.

Question 16

What are the most common features of mobile spyware?

Answer 16

• See call history
• View Text Messages
• Web Site History
• GPS Tracking

Question 17

What is Mobile Device Management (MDM)?

Answer 17

Provides platforms for over-the-air or wored distribution of applications, data and config settings for all types of mobile devices. Helps sys admins to deploy and manage software apps across all enterprise devices. Can enforce passcodes, remotely lock device, wipe data, detects jailbreaks, enforce policies, and perform real time monitoring.

Question 18

What is BYOD and what are the benefits?

Answer 18

Refers to a policy where an employee uses their own personal device to for workplace activities such as accessing company resources. It can increase productivity, employee satisfaction, work flexibility, and lower costs.

Question 19

What are the risks of BYOD?

Answer 19

Sharing confidential data over unsecured network, endpoint security issues, improperly disposing device, support of many different devices, mixing personal and private data, lost or stolen devices, lack or awareness, ability to bypass company policies, infrastructure issues, disgruntled employees.

Question 20

What are the different steps for implementing BYOD Policy?

Answer 20

• Define Requirements: Define the needs of different user segments
• Select devices of your choice and technology portfolio: Types of devices and tech allowed
• Develop Policies surrounding usage.
• Security: Info Security, Operations Security, Transmission Security
• Support: Support users and issues

Question 21

What are the security guidelines of BYOD?

Answer 21

• Administrator:
  
  • Secure org’s data centers, educate your employees, make it clear who owns apps and data, use encrypted channel for data transfer, do not allow jailbroken devices, apply session authentication and timeout policy on access gateways.
• Employee:
  
  • Use encryption mechanism to store data, maintain clear separation between business and personal data, register devices with a remote locate, update device with latest OS and patches, use AV and DLP solutions, set a strong passcode and change it often, set passwords for apps.

Question 22

What are the general guidelines for Mobile Platform Security?

Answer 22

• Do not load too many apps
• Perform assessment of app architecture
• Maintain config control and management
• Install apps from trusted app stores
• Securely wipe or delete data disposing of the device
• Do not share info within GPS-enabled apps unless they are necessary
• Disable wireless access if not in use
• Never connect 2 separate networks such as wifi and Bluetooth simultaneously
• Use passcode
• Update OS and Apps
• Enable remote management and remote wipe services
• Do not allow Rooting or Jailbreaking
• Encrypt storage
• Perform periodic backup and synchronization
• Filter email forwarding barriers
• Configure app certification rules
• Harden browser permission rules
• Design and implement mobile device policies.

Question 23

What are the Mobile Device Security Guidelines for Admins?

Answer 23

• Publish an enterprise policy that specifies acceptable usage
• Publish an enterprise policy for cloud
• Enable security measures
• Specify what levels of app and data access are allowable
• Specify a session timeout through Access Gateway
• Specify whether domain password can be cached on device

Question 24

What are SMS Phishing Guidelines?

Answer 24

• Never reply to suspicious SMS
• Do not click on any links included in SMS
• Never reply to SMS that requires personal and financial info from you
• Enable block texts from the internet feature from your provider
• Never call a number left in a SMS

Question 25

What is Agent Smith Attack?

Answer 25

Persuading the victim to install a malicious app designed and published by an attacker. Malicious app replaces legitimate apps.

Question 26

What is Exploiting SS7 vulnerability?

Answer 26

Signaling System 7 (SS7) is a communication protocol that allows users to exchange communication through another cellular network. Attackers can exploit and perform MitM.

Question 27

What is the Simjacker attack?

Answer 27

takes advnantage of SIM cards S@T browser that is designed to provide a set of instructions.

Question 28

What is Man-in-the-Disk attack?

Answer 28

When apps do not incorporate proper security measures against usage of the devices external storage.

Question 29

What is the Spearphone attack?

Answer 29

Allows Android apps to record loudspeaker data without any privileges.

Question 30

what is iOS Trustjacking?

Answer 30

A vulnerability that can be exploited by an attacker to read messages and emails, ect. Exploiting the iTunes Wi-Fi Sync feature where victim connects to any trusted pc that is already infected by an attacker.