Lesson 13

Question 1

Mobile Device Deployment Models

Answer 1

• Bring your own device (BYOD)
• Corporate owned, business only (COBO)
• Corporate owned, personally-enabled (COPE)
• Choose your own device (CYOD)
• Virtual desktop infrastructure (VDI)

Question 2

BYOD

Answer 2

•Bring your own device (BYOD)

Question 3

COBO

Answer 3

•Corporate owned, business only (COBO)

Question 4

CYOD

Answer 4

•Choose your own device (CYOD)

Question 5

VDI

Answer 5

•Virtual desktop infrastructure (VDI)

Question 6

EMM

Answer 6

Enterprise mobility management (EMM) is a class of management software designed
to apply security policies to the use of mobile devices and apps in the enterprise. The
challenge of identifying and managing attached devices is often referred to as visibility.
EMM software can be used to manage enterprise-owned devices as well as BYOD.
There are two main functions of an EMM product suite:

• Mobile device management (MDM)—sets device policies for authentication,
feature use (camera and microphone), and connectivity. MDM can also allow device
resets and remote wipes.

• Mobile application management (MAM)—sets policies for apps that can process
corporate data, and prevents data transfer to personal apps. This type of solution
configures an enterprise-managed container or workspace.

Question 7

Visibility

Answer 7

The
challenge of identifying and managing attached devices is often referred to as visibility.
EMM software can be used to manage enterprise-owned devices as well as BYOD.

Question 8

Mobile device management (MDM)

Answer 8

sets device policies for authentication,
feature use (camera and microphone), and connectivity. MDM can also allow device
resets and remote wipes.

Question 9

Mobile application management (MAM)

Answer 9

sets policies for apps that can process
corporate data, and prevents data transfer to personal apps. This type of solution
configures an enterprise-managed container or workspace.

Question 10

Unified endpoint management (UEM)

Answer 10

Additionally, distinguishing whether client endpoints are mobile or fixed is not really
a critical factor for many of these management tasks, with the consequence that
the latest suites aim for visibility across PC, laptop, smartphone, tablet, and even IoT
devices. These suites are called unified endpoint management (UEM) (redmondmag.
com/Articles/2017/10/01/Unified-Endpoint-Management.aspx).

The core functionality of endpoint management suites extends the concept of
network access control (NAC) solutions. The management software logs the use of a
device on the network and determines whether to allow it to connect or not, based
on administrator-set parameters. When the device is enrolled with the management
software, it can be configured with policies to allow or restrict use of apps, corporate
data, and built-in functions, such as a video camera or microphone.

Question 11

Device enrollment program, Volume Purchase Program and develper Enterprise program

Answer 11

Corporatecontrol over iOS devices and distribution of corporate and B2B (Business-to-Business)
apps is facilitated by participating in the Device Enrollment Program the Volume Purchase Program, and the Developer Enterprise Program

Question 12

ios risks

Answer 12

There remains the risk that a vulnerability in either iOS or an app
could be discovered and exploited. In this event, users would need to update iOS or the
app to a version that mitigates the exploit.

Question 13

SEAndroid

Answer 13

SEAndroid
(source.android.com/security/selinux) uses mandatory access control (MAC) policies to
run apps in sandboxes. When the app is installed, access is granted (or not) to specific
shared features, such as contact details, SMS texting, and email.

Question 14

Mobile Access Control Systems

Answer 14

Smartphone authentication
•Password
•PIN
•Swipe pattern
•Biometric

Screen lock

Context-aware authentication

Question 15

Context-Aware Authentication

Answer 15

It is also important to consider newer authentication models, such as context-aware
authentication. For example, smartphones now allow users to disable screen locks
when the device detects that it is in a trusted location, such as the home. Conversely,
an enterprise may seek more stringent access controls to prevent misuse of a device.
For example, even if the device has been unlocked, accessing a corporate workspace
might require the user to authenticate again. It might also check whether the network
connection can be trusted (that it is not an open Wi-FI hotspot, for instance).

Question 16

Remote wiop

Answer 16

• “Kill switch”
• Sets device to factory defaults or clears storage (or storage segment)
• Initiated from enterprise management software
• Thief might be able to keep device from receiving the wipe command

Question 17

MicroSD HSM

Answer 17

MicroSD HSM is a small form factor hardware security module designed to store
cryptographic keys securely. This allows the cryptographic material to be used with
different devices, such as a laptop and smartphone.

Question 18

Full Device Encryption and External Media

Answer 18

iOS device encryption
•Secure erase encryption
•Data protection

Android device encryption
•From version 10, only uses file-level encryption of user data

External media

MicroSD HSM

Question 19

Geolocation

Answer 19

Geolocation is the use of network attributes to identify (or estimate) the physical
position of a device. The device uses location services to determine its current position.
Location services can make use of two systems:
• Global Positioning System (GPS)—a means of determining the device’s latitude and
longitude based on information received from satellites via a GPS sensor.
• Indoor Positioning System (IPS)—works out a device’s location by triangulating
its proximity to other radio sources, such as cell towers, Wi-Fi access points, and
Bluetooth/RFID beacons.

Question 20

GPS vs IPS

Answer 20

• Global Positioning System (GPS)—a means of determining the device’s latitude and
longitude based on information received from satellites via a GPS sensor.

• Indoor Positioning System (IPS)—works out a device’s location by triangulating
its proximity to other radio sources, such as cell towers, Wi-Fi access points, and
Bluetooth/RFID beacons.

Question 21

Primary concern for geolocation

Answer 21

privacy

Question 22

Geofencing

Answer 22

Geofencing to apply location-based policies automatically
•Disable on-board camera/video through MDM/EMM controls

Geofencing is the practice of creating a virtual boundary based on real-world
geography. Geofencing can be a useful tool with respect to controlling the use of
camera or video functions or applying context-aware authentication. An organization
may use geofencing to create a perimeter around its office property, and subsequently,
limit the functionality of any devices that exceed this boundary. An unlocked
smartphone could be locked and forced to re-authenticate when entering the
premises, and the camera and microphone could be disabled. The device’s position is
obtained from location services.

Question 23

GPS tagging

Answer 23

GPS tagging is the process of adding geographical identification metadata, such

• Risksto personal information
• Track movements (assist social engineering)

Question 24

Mobile app management

Answer 24

• MDM/EMM application use policies
• Corporate workspaces
• Restricting third-party app stores
• Enterprise app development and fulfillment
  
  • Sideloading

Question 25

corporate workspaces

Answer 25

When a device is joined to the corporate network through enrollment with
management software, it can be configured into an enterprise workspace mode in
which only a certain number of authorized applications can run. (apple uses Apple Business Manager)

Question 26

sideloading

Answer 26

Unlike iOS, Android allows for selection of different stores and installation of untrusted
apps from any third party, if this option is enabled by the user. With unknown sources
enabled, untrusted apps can be downloaded from a website and installed using the
.apk file format. This is referred to as sideloading.

Conversely, a management suite might be used to prevent the use of third-party stores
or sideloading and block unapproved app sources.

Question 27

content managemnt

Answer 27

• Privately owned but corporate use issues
  
  • Data ownership
  • Privacy
• Containerization sets up a corporate workspace segmented from the employee’s private apps and data
• Storage segmentation ensures separation of data
• Enforcing content management/DLP policies

Question 28

containerization

Answer 28

•Containerization sets up a corporate workspace segmented from the employee’s private apps and data

Question 29

•Enforcing content management/DLP policies

Answer 29

Containerization also assists content management and data loss prevention (DLP)
systems. A content management system tags corporate or confidential data and
prevents it from being shared or copied to unauthorized external media or channels,
such as non-corporate email systems or cloud storage services.

Question 30

rooting and jailbreaking

Answer 30

Rooting
•Principally Android
•Custom firmware/ROM

Jailbreaking
•Principally iOS
•Patched kernel
•Tethered jailbreak

Carrier unlocking - unlocking the restr

Risks to enterprise management

Question 31

carrier unlocking

Answer 31

Carrier unlocking—for either iOS or Android, this means removing the restrictions
that lock a device to a single carrier.

Question 32

rooting and jailbraking risks to enterprise management

Answer 32

If the user has applied a custom firmware image, they could have removed the
protections that enforce segmentation. The device can no longer be assumed to run a
trusted OS.
EMM/UEM has routines to detect a rooted or jailbroken device or custom firmware with
no valid developer code signature and prevent access to an enterprise app, network,
or workspace. Containerization and enterprise workspaces can use cryptography to
protect the workspace in a way that is much harder to compromise than a local agent,
even from a rooted/jailbroken device.
LICENSED FOR

Question 33

Cellular

Answer 33

• Disable cellular data if unmonitored or unfiltered
• Prevent use for data exfiltration
• Attacks on cellular connections

Question 34

Attacks on cellular connections

Answer 34

There have been attacks and successful exploits against the major infrastructure
and protocols underpinning the telecoms network, notably the SS7 hack . There is little that either companies or

individuals can do about these weaknesses. The attacks require a high degree of
sophistication and are relatively uncommon.

Question 35

GPS

Answer 35

GPS signals can be jammed or even spoofed using specialist radio equipment. This
might be used to defeat geofencing mechanisms, for instance

Question 36

A-GPS

Answer 36

As this triangulation process can be slow, most
smartphones use Assisted GPS (A-GPS) to obtain coordinates from the nearest cell
tower and adjust for the device’s position relative to the tower. A-GPS uses cellular
data.

Question 37

Risks from Wifi

Answer 37

Risks from Wi-Fi
•Legacy security methods
•Open access points
•Rogue access points

Mobile devices usually default to using a Wi-Fi connection for data, if present. If the
user establishes a connection to a corporate network using strong WPA3 security,
there is a fairly low risk of eavesdropping or man-in-the-middle attacks. The risks from
Wi-Fi come from users connecting to open access points or possibly a rogue access
point imitating a corporate network. These allow the access point owner to launch any
number of attacks, even potentially compromising sessions with secure servers (using
a DNS spoofing attack, for instance).

Question 38

Personal Area Network (PAN) technologies

Answer 38

(not hotspot)Personal area networks (PANs) enable connectivity between a mobile device and
peripherals.

Ad hoc (or peer-to-peer) networks between mobile devices or between
mobile devices and other computing devices can also be established. In terms of
corporate security, these peer-to-peer functions should generally be disabled. It might
be possible for an attacker to exploit a misconfigured device and obtain a bridged
connection to the corporate network.

Question 39

Wi-Fi Direct

Answer 39

Wi-Fi Direct
•Ad hoc networks
•Soft access point
•Wireless mesh networking

Wi-Fi Direct allows one-to-one connections between stations, though in this case one
of the devices actually functions as a soft access point. Wi-Fi Direct depends on Wi-Fi
Protected Setup (WPS), which has many vulnerabilities. Android supports operating as
a Wi-Fi Direct AP, but iOS uses a proprietary multipeer connectivity framework. You can
connect an iOS device to another device running a Wi-Fi direct soft AP, however.

Question 40

ad hoc network,

Answer 40

Wireless stations can establish peer-to-peer connections with one another, rather than
using an access point. This can also called be called an ad hoc network, meaning that
the network is not made permanently available.

Question 41

Tethering and hotspots

Answer 41

you know this

Question 42

Bluetooth

Answer 42

Bluetooth is one of the most popular technologies for implementing PANs. While native
Bluetooth has fairly low data rates, it can be used to pair with another device and then
use a Wi-Fi link for data transfer. This sort of connectivity is implemented by iOS’s
AirDrop feature.

Question 43

bluetooth device discovery

Answer 43

Device discovery—a device can be put into discoverable mode meaning that it will
connect to any other Bluetooth devices nearby. Unfortunately, even a device in nondiscoverable
mode is quite easy to detect.

Question 44

Authentication and authorization—bluetooth

Answer 44

devices authenticate ("pair") using a simple
passkey configured on both devices. This should always be changed to some secure
phrase and never left as the default. Also, check the device's pairing list regularly to
confirm that the devices listed are valid.

Question 45

Malware (bluetooth)

Answer 45

there are proof-of-concept Bluetooth worms and application exploits,
most notably the BlueBorne exploit (armis.com/blueborne), which can compromise
any active and unpatched system regardless of whether discovery is enabled
and without requiring any user intervention. There are also vulnerabilities in
the authentication schemes of many devices. Keep devices updated with the
latest firmware.

Question 46

bluetooth security issues

Answer 46

• Device discovery
• Authentication and authorization
• Malware and exploits

Question 47

bluejacking,

Answer 47

Unless some sort of authentication is configured, a discoverable device is vulnerable to
bluejacking, a sort of spam where someone sends you an unsolicited text (or picture/
video) message or vCard (contact details). This can also be a vector for malware,
as demonstrated by the Obad Android Trojan malware

Question 48

Bluesnarfing

Answer 48

refers to using an exploit in Bluetooth to steal information from someone else’s phone

Question 49

bluetooth (peripheral devices)

Answer 49

Other significant risks come from the device being connected to. A peripheral device
with malicious firmware can be used to launch highly effective attacks. This type of
risk has a low likelihood, as the resources required to craft such malicious peripherals
are demanding.

Question 50

Infrared

Answer 50

Infrared signaling has been used for PAN in the past (IrDA), but the use of infrared in
modern smartphones and wearable technology focuses on two other uses:
• IR blaster—this allows the device to interact with an IR receiver and operate a device
such as a TV or HVAC monitor as though it were the remote control handset.
• IR sensor—these are used as proximity sensors (to detect when a smartphone is
being held to the ear, for instance) and to measure health information (such as
heart rate and blood oxygen levels).

Question 51

IR blaster vs IR sensor

Answer 51

• IR blaster—this allows the device to interact with an IR receiver and operate a device
such as a TV or HVAC monitor as though it were the remote control handset.
• IR sensor—these are used as proximity sensors (to detect when a smartphone is
being held to the ear, for instance) and to measure health information (such as
heart rate and blood oxygen levels).

Question 52

Radio Frequency ID (RFID)

Answer 52

Radio Frequency ID (RFID)
•(Usually) unpowered tags
•Transmit when in range of reader
•Skimming attack
•Encrypt sensitive information

means of encoding information into passive tags,
which can be easily attached to devices, structures, clothing, or almost anything else. A
passive tag can have a range from a few centimeters to a few meters. When a reader
is within range of the tag, it produces an electromagnetic wave that powers up the tag
and allows the reader to collect information from it or to change the values encoded in
the tag. There are also battery-powered active tags that can be read at much greater
distances (hundreds of meters).

Question 53

RFID Skimming

Answer 53

One type of RFID attack is skimming, which is where an attacker uses a fraudulent
RFID reader to read the signals from a contactless bank card. Any reader can access
any data stored on any RFID tag, so sensitive information must be protected using
cryptography.

Question 54

Near Field Communications (NFC)

Answer 54

NFC is based on a particular type of radio frequency ID (RFID). NFC sensors and
functionality are now commonly incorporated into smartphones. An NFC chip can
also be used to read passive RFID tags at close range. It can also be used to configure
other types of connections (pairing Bluetooth devices for instance) and for exchanging
information, such as contact cards.

Question 55

nfc Connection configuration/bump

Answer 55

An NFC chip can
also be used to read passive RFID tags at close range. It can also be used to configure
other types of connections (pairing Bluetooth devices for instance) and for exchanging
information, such as contact cards.

An NFC transaction is sometimes known as a bump,

Question 56

bump

Answer 56

An NFC transaction is sometimes known as a bump,

Question 57

Mobile wallet apps

Answer 57

machines. To configure a payment service, the user enters their credit card information
into a mobile wallet app on the device. The wallet app does not transmit the original
credit card information, but a one-time token that is interpreted by the card merchant
and linked backed to the relevant customer account. There are three major mobile
wallet apps: Apple Pay, Google Pay (formerly Android Pay), and Samsung Pay.

Question 58

NFC vulnerabilties

Answer 58

• Eavesdropping/skimming
• Denial of service

Despite having a close physical proximity requirement, NFC is vulnerable to several
types of attacks. Certain antenna configurations may be able to pick up the RF signals
emitted by NFC from several feet away, giving an attacker the ability to eavesdrop
from a more comfortable distance. An attacker with a reader may also be able to skim
information from an NFC device in a crowded area, such as a busy train. An attacker
may also be able to corrupt data as it is being transferred through a method similar
to a DoS attack—by flooding the area with an excess of RF signals to interrupt the
transfer.

Question 59

USB OTG

Answer 59

• USB OTG allows a port to function as a device or hub

Some Android USB ports support USB On The Go (OTG) and there are adapters for
iOS devices. USB OTG allows a port to function either as a host or as a device. For
example, a port on a smartphone might operate as a device when connected to a
PC, but as a host when connected to a keyboard or external hard drive. The extra pin
communicates which mode the port is in.

Question 60

USB OTG vulernabilitie

Answer 60

• USB with malicious firmware might be able to perform an exploit
  
  • Spread malware between computers using the device as a vector
  • Install or run malware to try to compromise the smartphone itself

•Juice jacking

Question 61

juice-jacking

Answer 61

It is also possible that a charging plug could act as a Trojan and try to install
apps (referred to as juice-jacking), though modern versions of both iOS and Android
now require authorization before the device will accept the connection.

Question 62

sms and mms

Answer 62

The Short Message Service (SMS) and Multimedia Message Service (MMS) are
operated by the cellular network providers. They allow transmission of text messages
and binary files. Vulnerabilities in SMS and the SS7 signaling protocol that underpins
it have cast doubt on the security of 2-step verification mechanisms (kaspersky.com/
blog/ss7-hacked/25529).

Question 63

RCS

Answer 63

Rich communication services (RCS)
•Exploits against handling of attachments or rich formatting

Rich Communication Services (RCS) is designed as a platform-independent advanced
messaging app, with a similar feature set to proprietary apps like WhatsApp and
iMesssage. These features include support for video calling, larger binary attachments,
LICENSED FOR USE ONLY BY: TYLER LUKE · 16249171 · MAY 26 2021
Lesson 13: Implementing Secure Mobile Solutions | Topic 13B
The Official CompTIA Security+ Student Guide (Exam SY0-601) | 361
group messaging/calling, and read receipts. RCS is supported by carriers via Universal
Profile for Advanced Messaging (gsma.com/futurenetworks/digest/universal-profileversion-
2-0-advanced-rcs-messaging). The main drawbacks of RCS are that carrier
support is patchy (messages fallback to SMS if RCS is not supported) and there is no
end-to-end encryption, at the time of writing (theverge.com/2020/5/27/21271186/
google-rcs-t-mobile-encryption-ccmi-universal-profile).
Vulnerabilities in processing attachments and rich formatting have resulted in DoS
attacks against certain handsets in the past, so it is important to keep devices patched
against known threats.

Question 64

Push notifications

Answer 64

• Potential vector for spam, phishing, or hoaxing
• Make sure developer account credentials are kept secure

Push notifications are store services (such as Apple Push Notification Service and
Google Cloud to Device Messaging) that an app or website can use to display an alert
on a mobile device. Users can choose to disable notifications for an app, but otherwise
the app developer can target notifications to some or all users with that app installed.
Developers need to take care to properly secure the account and services used to
send push notifications. There have been examples in the past of these accounts being
hacked and used to send fake communications.

Question 65

Firmware Over-the-Air Updates

Answer 65

This is updates to the device’s modem’s operating systems…not the devices operating system (ios, android)…might need to read this section again.

• Baseband updates and radio firmware
• Over the Air (OTA) update delivery
• Risks from rooted/jailbroken devices
• Risks from highly targeted attacks

Question 66

Microwave Radio

Answer 66

Cellular networks are microwave radio networks provisioned for multiple subscribers.
Microwave radio is also used as a backhaul link from a cell tower to the service
provider’s network. These links are important to 5G, where many relays are required
and provisioning fiber optic cabled backhaul can be difficult. Private microwave links
are also used between sites.

Question 67

Modes a microwave link can be provisioned

Answer 67

Point-to-point (P2P) microwave

Point-to-multipoint (P2M)

Question 68

P2P

Answer 68

Point-to-point (P2P) microwave uses high gain antennas to link two sites. High
gain means that the antenna is highly directional. Each antenna is pointed directly
at the other. In terms of security, this makes it difficult to eavesdrop on the signal,as an intercepting antenna would have to be positioned within the direct path. The
satellite modems or routers are also normally paired to one another and can use
over-the-air encryption to further mitigate against snooping attacks.

Question 69

P2M

Answer 69

Point-to-multipoint (P2M) microwave uses smaller sectoral antennas, each
covering a separate quadrant. Where P2P is between two sites, P2M links multiple
sites or subscriber nodes to a single hub. This can be more cost-efficient in high
density urban areas and requires less radio spectrum. Each subscriber node is
distinguished by multiplexing. Because of the higher risk of signal interception
compared to P2P, it is crucial that links be protected by over-the-air encryption.

Question 70

Other types of multipoint

Answer 70

Multipoint can be used in other contexts. For example, Bluetooth supports a multipoint
mode. This can be used to connect a headset to multiple sources (a PC and a
smartphone, for instance) simultaneously.