Lesson 12 - Chapter 3: Mobile OS and Application Security Issues

Question 1

What are trusted sources?

Answer 1

legitimate app stores run by major vendors (Apple, Google, Microsoft, Amazon)

Question 2

Do modified versions of Android change which stores and sources a device will/won’t trust?

Answer 2

Yes

Question 3

Which OS allows installing apps from untrusted sources?

Answer 3

Android

Question 4

What restrictions does Apple place on developers for apps sold via the App store?

Answer 4

Apple has specific requirements for how developers create an app to be sold in the store

Question 5

What would be an example of modified versions of Android changing which stores a device will/won’t trust?

Answer 5

Amazon’s line of Fire devices can only get apps from the Amazon App store

Question 6

Which app store is more likely to have security issues?

Answer 6

Google Play

(aren’t subject to guidelines as strict as Apple Store)

Question 7

What are 3 examples of legitimate third-party app sources?

Answer 7

1. Device manufacturers
2. Communication carriers
3. In-house corporate dev sources

Question 8

What are 4 tools you can use to identify and mitigate network attack risks?

Answer 8

1. Device security settings (no auto-connect)
2. User training
3. Wi-Fi analyzers
4. Cell tower analyzers

Question 9

What can you use to configure mobile device security settings for more than one device?

Answer 9

MDM or similar software (like Apple Configurator)

Question 10

What is a Wi-Fi analyzer typically used for? (3)

Answer 10

figuring out what channel a network should use. optimizing WAP placement, finding dead spots

Question 11

What can you use to map out nearby networks to identify malicious WAPs?

Answer 11

Wi-Fi Analyzer

Question 12

What are cell tower analyzers used for? (4 out of more)

Answer 12

1. identify nearby cellular signals
2. estimate distance and direction
3. measure signal strength (in a building)
4. collect information on the technologies they’re using and network name

Question 13

How can cell tower analyzers help with network security?

Answer 13

spots an illegitimate tower operating nearby

Question 14

Does malware and security breaches manifest differently on mobile devices than on desktops and laptops?

Answer 14

Yes

Question 15

Which OS is more susceptible to malware infections?

Answer 15

Android lacks safeguards that iOS has (malware infections are almost impossible on iOS devices)

can supplement with 3rd party antivirus/anti-malware

Question 16

What’s the most important thing when it comes to anti-malware solutions?

Answer 16

keeping the device updated (whether by the user or implementing policies on an Enterprise level)

Question 17

Why are unintended cellular connections uncommon?

Answer 17

Because they’re preprogrammed into the phone by the carrier

Question 18

What is tower-spoofing?

Answer 18

equipment that imitates a carrier’s tower and tricks devices into using it

Question 19

How does tower-spoofing work?

Answer 19

it overpowers the nearest legitimate cell signal, causing the cellphone to lock onto the spoofed tower instead

Question 20

What can someone do once you’ve connected to a spoofed tower?

Answer 20

listen to your conversations even if it’s encrypted because some can fool the device to turning off encryption and even install malware

Question 21

Is it a good idea to configure your device to automatically connect to unknown Wi-Fi networks or auto pair with Bluetooth devices?

Answer 21

No, people can get access and steal or modify data

Question 22

What’s a sign you may be interacting with a spoofed cell tower?

Answer 22

signal drops or weak signals

Question 23

What are some signs there may be a rogue WAP? (2)

Answer 23

Wi-Fi quality is low where it used to be high, or your device sees a network with a strong signal and correct SSID in what used to be a dead spot

Question 24

Removable memory cards should be ___ if they contain sensitive data

Answer 24

encrypted (in case someone removes it from the device)

Question 25

To keep VPN and email connections secure, a device should not do what?

Answer 25

store user names and passwords to connect automatically

Question 26

To help secure the device, all mobile OS restrict what?

Answer 26

the actions a user can perform (installing apps, changing settings)

Question 27

What is jailbreaking?

Answer 27

the user installs a program on an iOS device to change settings the user isn’t intended to change

Question 28

What is rooting?

Answer 28

the user installs a program on an Android device to enable functions the user previously didn’t have access to

Question 29

Does jailbreaking/rooting void the warranty?

Answer 29

Yes

Question 30

What’s a positive and negative in terms of jailbreaking/rooting?

Answer 30

get more power but disable protections that limit the damage malware can do

Question 31

What might happen if you decide to jailbreak/root a phone? (3)

Answer 31

1. Brick the phone if it fails
2. Render it unusable until you restore it from backup after removing rooting software
3. Manufacturer/Service provider may prevent the device from connecting to their services if the rooting is detected

Question 32

What is geofencing?

Answer 32

A company keeping track of when an employee enters/exits the workplace by tracking their device

(employees don’t like this)

Question 33

What drains a cellphone battery the fastest?

Answer 33

leaving the screen on