Chapter 6 - Mobile and Embedded Device Security

Question 1

What is an RTOS?

Answer 1

Real-Time Operation System - A specifically designed OS tuned for a SoC in an embedded or specialized system, it is to accommodate very high volumes of data very quickly

Question 2

What is a SoC?

Answer 2

System on a Chip - an integrated circuit that combines all the essential components of a computer system, like the CPU, memory, input/output ports, and sometimes even a GPU, onto a single chip (Raspberry Pi)

Question 3

What is a SCADA?

Answer 3

Supervisory Control And Data Acquisition - Systems help maintain efficiency and provide information on issues to help reduce downtime - Controls multiple ICSs

Question 4

What is an ICS?

Answer 4

Industrial Control Systems - collect, monitor, and process real-time data so that machines can directly control devices such as valves, pumps, and motors without the need for human intervention

Question 5

How to harden a SCADA and ICSs?

Answer 5

-ID all connections to the SCADA network
-Disconnecting the connections that are unnecessary
-Test
-Define Roles
-Identify security requirement

Question 6

What is SecDevOps?

Answer 6

Process of integrating secure development best practices & methodologies into an application software development & deployment processes using the agile model
- Automation whenever possible
- Continuous modifications through the process with provision to roll back

Question 7

What is Dead Code?

Answer 7

Is a section of an application that executes but performs no meaningful function

Question 8

What is an Embedded System?

Answer 8

It is 1) computer hardware and software contained within a larger system 2) that is designed for a specific function.
-Fully functional computers integrated into a single chip
-Designed for a specific function

Question 9

What does COPE mean?

Answer 9

Corporate Owned, Personally Enabled

Question 10

What does CYOD mean?

Answer 10

Choose Your Own Device

Question 11

What is Process Spawning Control?

Answer 11

Uses a vulnerable application to spawn executable files on the system

Question 12

What is System Tampering?

Answer 12

Uses the vulnerability in an application to modify sensitive areas of the OS such as the Microsoft Windows registry keys

Question 13

What is the agile model in app development?

Answer 13

An Incremental approach, works in small modules, at the end of each cycle the project’s priorities are evaluated as tests are being run

Question 14

What is the waterfall model in app development?

Answer 14

A Sequential design process where quality assurance occurs after the application has been tested and before going to production

Question 15

What is static code analysis?

Answer 15

Review code line by line for errors

Question 16

What is dynamic code analysis?

Answer 16

Runtime Verification - Security testing preformed after the source code is compiled and when all components are integrated and running
-(code analysis tools use a process called fuzzing)

Question 17

What is the fuzzing process?

Answer 17

Provides random input to a program in an attempt to trigger exceptions, such as memory corruption, program crashes, or security breaches - an advantage of it, is that it produces a record of what input triggered the exception so it can be reproduced to track down the problem within the code.

Question 18

What is OTA?

Answer 18

Over-the-Air, usually security updates that go to mobile devices

Question 19

What is Celluar?

Answer 19

Coverage area for a cellular telephony network divided into cells MTSO (Mobile Telecommunication Switching Office) that controls the transmitters in a cellular network

Question 20

What is MTSO?

Answer 20

Mobile Telecommunication Switching Office - controls the transmitters in a cellular network

Question 21

What is VDI?

Answer 21

Virtual Desktop Infrastructure - Stores sensitive data and apps on a remote server

Question 22

What is are limited updates?

Answer 22

Patches & updates are distributed through firmware Over-the-Air (OTA) updates

Question 23

What is unauthorized recording?

Answer 23

Infecting a device with malware, a threat actor can spy on an unsuspecting victim & record conversations or video could pose as “legit” programs

Question 24

What is Geofencing?

Answer 24

Restricting an app’s use to a location

Question 25

What is Tethering?

Answer 25

Share internet connection

Question 26

What is Jailbreaking a device?

Answer 26

Apple

Question 27

What is Rooting a device?

Answer 27

Android

Question 28

What is containerization?

Answer 28

Separating storage into business& personal “containers”

Question 29

What is MCM?

Answer 29

Mobile Content Management - Creation, editing, and modification of digital content multiple employees

Question 30

What is an UEM?

Answer 30

Unified Endpoint Management - All MDM, MAM, and MCM together

Question 31

What is a Raspberry Pi?

Answer 31

Low cost, credit card size computer motherboard

Question 32

What is a FPGA?

Answer 32

Field-Programmable Gate Array - A hardware “chip” that can be programed by the user to carry out one or more logical operations

Question 33

What is an IoT?

Answer 33

Internet of Things - Is connecting any device to the Internet for the purpose of sending & receiving data to be acted upon (low resilience)

Question 34

What is an executable files attack?

Answer 34

Trick the vulnerable app to create or modify executable files