chapter 8 Flashcards
Mobile Infrastructure Risks
- Software
- Hardware
- Network
- Organization
- fake access point
- can obtain user credentials
- it uses weak authentication methods
- Open authentication
- shared authentication
- WEP
- This can be found in corporate environment, bookstore, basta sa public
Rogue Access point
- Send deauthentication traffic
- Get user to re-enter credentials, but attacker is sniffing
- preventing a client from communicating with wireless network
- use rogue points that overpower the legitimate one
Denial of service
- Drive around looking for unprotected wireless network
Wardriving
- marks and symbols on the sidewalk or wall identifying a vulnerable access point
warchalking
- intercept communication between the transmitter and receiver
- take advantage of weak encryption algorithm and weak keys
Man in the middle
how to avoid man in the middle
- use stronger keys
- strong encryption methods, implemented correctly
- spoof a carrier’s tower and infrastructure so that devices connect to it
- Tower spoofing
use of untrusted or compromised applications on mobile devices
Software risks
what app store that are safe
- apple and microsoft
what app store that is not safe
- android
malicious software
malware
transferred via files or executable software from device to device
virus
masquerades as a useful program
trojan
self replicate across a network
worm
steal data, password, credit card numbers
spyware
install a program that allows you to modify the device in a way that it is not approved by the manufacturer
jailbreak
user gains full administrative access
rooting
software used to capture and record keystrokes sent to a device
key logging
allows uncontrolled access to the hardware and root level permission of the device
unsupported OS
- Create a duplicate of a smartphone, including firmware configuration
- Impersonate the legitimate owner of the device
- making and receiving phone calls, text messages and accessing data
device cloning
the problem is that we store useful information in our phone
device theft
Policies in Organization should address issues:
- Device Security
- Antivirus
- Forensics
- Patching
- Upgrades
Detects malicious network traffic and unauthorized network access
Intrusion detection system
