Lesson 12 - Chapter 3: Mobile OS and Application Security Issues Flashcards
What are trusted sources?
legitimate app stores run by major vendors (Apple, Google, Microsoft, Amazon)
Do modified versions of Android change which stores and sources a device will/won’t trust?
Yes
Which OS allows installing apps from untrusted sources?
Android
What restrictions does Apple place on developers for apps sold via the App store?
Apple has specific requirements for how developers create an app to be sold in the store
What would be an example of modified versions of Android changing which stores a device will/won’t trust?
Amazon’s line of Fire devices can only get apps from the Amazon App store
Which app store is more likely to have security issues?
Google Play
(aren’t subject to guidelines as strict as Apple Store)
What are 3 examples of legitimate third-party app sources?
- Device manufacturers
- Communication carriers
- In-house corporate dev sources
What are 4 tools you can use to identify and mitigate network attack risks?
- Device security settings (no auto-connect)
- User training
- Wi-Fi analyzers
- Cell tower analyzers
What can you use to configure mobile device security settings for more than one device?
MDM or similar software (like Apple Configurator)
What is a Wi-Fi analyzer typically used for? (3)
figuring out what channel a network should use. optimizing WAP placement, finding dead spots
What can you use to map out nearby networks to identify malicious WAPs?
Wi-Fi Analyzer
What are cell tower analyzers used for? (4 out of more)
- identify nearby cellular signals
- estimate distance and direction
- measure signal strength (in a building)
- collect information on the technologies they’re using and network name
How can cell tower analyzers help with network security?
spots an illegitimate tower operating nearby
Does malware and security breaches manifest differently on mobile devices than on desktops and laptops?
Yes
Which OS is more susceptible to malware infections?
Android lacks safeguards that iOS has (malware infections are almost impossible on iOS devices)
can supplement with 3rd party antivirus/anti-malware
What’s the most important thing when it comes to anti-malware solutions?
keeping the device updated (whether by the user or implementing policies on an Enterprise level)
Why are unintended cellular connections uncommon?
Because they’re preprogrammed into the phone by the carrier
What is tower-spoofing?
equipment that imitates a carrier’s tower and tricks devices into using it
How does tower-spoofing work?
it overpowers the nearest legitimate cell signal, causing the cellphone to lock onto the spoofed tower instead
What can someone do once you’ve connected to a spoofed tower?
listen to your conversations even if it’s encrypted because some can fool the device to turning off encryption and even install malware
Is it a good idea to configure your device to automatically connect to unknown Wi-Fi networks or auto pair with Bluetooth devices?
No, people can get access and steal or modify data
What’s a sign you may be interacting with a spoofed cell tower?
signal drops or weak signals
What are some signs there may be a rogue WAP? (2)
Wi-Fi quality is low where it used to be high, or your device sees a network with a strong signal and correct SSID in what used to be a dead spot
Removable memory cards should be ___ if they contain sensitive data
encrypted (in case someone removes it from the device)
To keep VPN and email connections secure, a device should not do what?
store user names and passwords to connect automatically
To help secure the device, all mobile OS restrict what?
the actions a user can perform (installing apps, changing settings)
What is jailbreaking?
the user installs a program on an iOS device to change settings the user isn’t intended to change
What is rooting?
the user installs a program on an Android device to enable functions the user previously didn’t have access to
Does jailbreaking/rooting void the warranty?
Yes
What’s a positive and negative in terms of jailbreaking/rooting?
get more power but disable protections that limit the damage malware can do
What might happen if you decide to jailbreak/root a phone? (3)
- Brick the phone if it fails
- Render it unusable until you restore it from backup after removing rooting software
- Manufacturer/Service provider may prevent the device from connecting to their services if the rooting is detected
What is geofencing?
A company keeping track of when an employee enters/exits the workplace by tracking their device
(employees don’t like this)
What drains a cellphone battery the fastest?
leaving the screen on
