17 - Hacking Mobile Platforms Flashcards
What are the top ten mobile risks considered by OWASP?
- Improper Platform Usage
- Insecure Data Storage: Jailbreaking or Rooting bypasses encryption
- Insecure Communication: Poor handshaking, incorrect SSL versions
- Insecure Authentication: Weak session management, failing to identify the user
- Insufficient Cryptography: weak algos or flaws in process
- Insecure Authorization
- Client Code Quality: Weaknesses in the code that is running on the device.
- Code Tampering: Where an attacker can modify code on the device
- Reverse Engineering: Analyze code of applications on device
- Extraneous Functionality: sometimes developers hide extra functionality into an app that could be discovered by an attacker
What are the different points in a mobile attack that can be exploited?
- The Device: The browser, Phone/SMS, Apps, OS
- The Network: Wi-Fi, Rogue AP’s, Packet Sniffing, MitM, Session Hijacking, DNS Poisoning, SSLStrip
- Data Center/CLOUD: Web Server (misconfig, XSS, no input validation), Database (SQL Injection, Privilege escalation, data dumping, OS Command execution)
Once a Mobile is compromised, what types of activities can an attacker do?
- Surveillance
- Financial
- Data Theft
- Botnet Activity
- Impersonation
What are the mobile attack vectors and vulnerabilities?
-
Vectors:
- Malware
- Data Exfiltration
- Data Tampering
- Data Loss
-
Vulnerabilities:
- Malicious Apps in Stores: Insufficient or no vetting of apps
- Mobile Malware
- App Sandboxing vulnerabilities
- Weak device and app encryption
- OS and App Update Issues
- Jailbreaking and Rooting
- Mobile App Vulnerabilities
- Privacy Issues
- Weak Data Security
- Excessive Permissions
- Weak Communication Security
- Physical Attacks
Why is SMiShing (SMS Phishing) effective?
- Mobile users are not conditioned to look out for malicious texts
- No mainstream mechanism for weeding out spam SMS
- Most mobile Anti-Virus does not check the SMS
What is Android OS?
A soft environment developed by Google for mobile devices that includes an OS, middleware, and key applications.
What makes up the Android OS architecture?
- Linux-based
- System Apps: Most Android apps are written in Java
-
Java API Framework: Offers higher-level services to apps which developers incorporate in their development
- Activity Manager, Location Manager, Package Manager, Notification Manager, Resource Manager, Telephony Manager
- Native C/C++ Libraries: Specific to particular hardware. Allows the device to control different types of data.
- Android Runtime: Includes Core Libraries and Android Runtime (ART)
- Hardware Abstraction Layer: Acts as an abstraction layer between the hardware and software stack.
- Linux Kernel: Comprises of low-level device drivers.
What is Android Rooting?
Allows users to attain privileged control (root) within Androids subsystem. Enables all the user-installed apps to run privileged commands like removing bloatware, Bluetooth tethering, and install apps on SD. Comes with risks like voiding your warranty, poor performance, malicious performance, bricking the device.
What are some steps to secure your Android Device?
Enable screen locks
Never root your device
Only download apps from official Android market
Keep device updated with Google Android AV software
Do not directly download Android package files.
Update OS regularly
Use Android protector that assigns passwords to text messages, mail accounts, etc
Lock apps
What are the layers of the iOS?
- Cocoa Touch: Contains frameworks that help in building iOS apps
- Media: Contains graphics, audio, and video technologies
- Core Services: Contains system services such as Core Foundation and Foundation frameworks
- Core OS: Contains low-level features on which most other technologies are built
What is “jailbreaking”?
The process of installing a modified set of kernel patches that allows users to run 3rd party apps not signed by the OS vendor. Provides root access to the OS and removes sandbox restrictions.
What are the different types of jailbreaking?
- Userland Exploit: Allows user-level access
- iBoot Exploit: Allows user-level and iBoot-level access
- Bootrom Exploit: Allows user-level and iBoot-level access
What are the different techniques for Jailbreaking?
- Untethered Jailbreaking: Device will be jailbroken after each reboot without the help of a computer
- Semi-Tethered Jailbreaking: To use jailbroken addons, user will need to the device with the help of the jailbreaking tool.
- Tethered Jailbreaking: Device needs assistance of computer in order for it to start up completely and with a patched kernel.
What are the guidelines for securing iOS devices?
- Use passcode lock
- Use only secured and protected wifi
- Do not access web services on compromised network
- Disable JS and add-ons from web browser
- Do not store sensitive data on client-side DB
- Do not open links or attachments from untrusted sources
- Change default password of iPhones root password
- Do not jailbreak or root your device if used within enterprise environment
- Enable jailbreak detection
- Stay up to date on patches and updates
What is Mobile Spyware?
A software tool that gives you full access to monitor a victim’s phone. Secretly records all activity.