2.7 Mobile Device Security Flashcards
Explain common methods for securing mobile and embedded devices
What is the highest level of encryption available for mobile Wi-Fi at this time?
WPA3
What settings must a firewall have to successfully protect a mobile device?
Root or administrative privileges on the device
Give a better option for connecting to the internet securely than a firewall
VPN connection between the mobile device and a centralised server
Should the mobile firewall be implemented before or after securing wireless connectivity?
After
List 5 options for unlocking a mobile device
- PIN
- Password
- Pattern
- Fingerprint
- ID
How many possible codes are there for a 4-digit PIN?
10,000
What attacks are PINs susceptible to?
Shoulder surfing attacks
Contrast PINs and passwords
PINs only have numbers whereas passwords can have letters and symbols also
Describe how a remote wipe could work
Deletes all data after 10 failed login attempts
Give the fail rate of touch ID
1 in every 50,000 attempts
Give the fail rate of face ID
1 in every million attempts
List 4 best practices for protecting against mobile malware
- Don’t jailbreak/root device
- Don’t use custom firmware/ROM
- Only load official store apps
- Always update software
How does TLS for mobiles work?
By utilising an encryption layer and a tunnel between the device and the server
Why would you use TLS for mobile?
To ensure confidentiality of data
Name one category of apps that relies on TLS
Social networking apps
Geotagging
Embedding of the geolocation coordinates into a piece of data e.g. a photo
What is the most secure, restrictive and expensive mobile deployment option?
COBO
Describe COBO
Purchased by the company and only used by the employee for work-related purposes
COPE
Company provides a device used for work and/or personal use by employees
CYOD
Allows employees to choose device from an approved list of vendors or devices
BYOD
Employees bring their own devices and connect to the corporate network
Which mobile device deployment option is the most difficult to secure?
BYOD
Storage segmentation
Isolation of company apps and data from user apps and data
List ten steps to make mobile devices more secure
- Update your device to the latest software
- Install Antivirus
- Train users on proper security and use of their device
- Only install apps from the official app stores
- Do not jailbreak or root your devices
- Only use Version 2 SIM cards for your devices
- Turn off all unnecessary features on your device
- Turn on encryption for voice and data
- Use strong passwords or biometrics
- Don’t allow BYOD
What OS do most IoT devices use?
An embedded version of Linux or Android
Give 3 IoT vulnerabilities
- Insecure defaults
- Hard-coded configurations
- Cleartext communication
What is a risk in using IoT devices?
Manufacturers often use outdated or insecure hardware components
Why is Bluetooth communication between IoT devices risky?
Because attackers can monitor frequencies and may be able to eavesdrop
What can exploits cause IoT devices to do?
Go offline, crash, or malfunction