2.3 Flashcards
What are components of supply chain risks?
Hardware Manufacturers, Secondary Aftermarket Sourses, Software Developers and providers, manage service providers
What is a secondary/aftermarket source?
If your primary supplier fails you can use a secondary one. Budget friendly but high risk
What risk can software developers/providers pose in the supply chain?
check for licensing, vulnerabilities and malware
Manage Service Provider SaaS
orgs that provide a range of technology services and support to other orgs
Firmware Vulnerabilities
specialized software on hardware devices, and can grant attackers full control leading to takeover
End of life systems
no updates or support from manufacturer
Legacy System
outdated and superseded by newer alternatives
Unsupported
no official support
Bluetooth
wireless technology for short distance data exchange
Insecure pairing
occurs when bluetooth devices establish a connection without proper authentication
device spoofing
occurs when an attacker impersonates a device to trick a user into connecting
on path attacks
exploits bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware
Types of Mobile Vulerabilities?
Sideloading
Jailbreaking/Rooting
Insecure Connection Methods
Sideloading
installing apps from unofficial sources by bypassing the device’s default app store
Jailbreaking/rooting
Gives users escalated privileges but exposes devices to potential security breaches
Insecure connection methods
using open wifi networks or pairing with unknown devices over bluetooth exposes devices to attacks
Zero Day Vulnerabilities
discovered and exploited before vendors issue patches
no patches
Zero Day exploit
attack that targets previously unknown vulnerabilities
Zero Day
Can refer to the vulnerability, the exploit or malware that exploits the vulnerability. the day the exploit happens and the vendor starts working toward a solution
they can be sold to criminals or government agencies
threat actors often save zero days for high value targets