Lesson 13 Secure Mobile Devices Flashcards
MDM
Mobile Device Manager
SW used to configure, protect and remote wipe phones that are enrolled
sets device policies for Authentication, feature use, and connectivity
Allows for device resets and remote wipes
EMM
Enterprise Mobility Management
Method to manage mobile devices
VDI
Virtual Desktop Infrastructure
Used for thin clients who connect to a VM host
Centralizes managements
promotes security
MAM
Mobile Application Management
function of the MDM
Allows a Admins to whitelist or blacklist which apps can be installed
configures an enterprise-managed container or workspace
MEM
Mobile Email Management
part of ERP
Geofencing
ability to accept or reject access to a network based on location of the device
also used to send alerts to a device when the device enters specific area
utilizes geolocation
Geotagging
the recording of the GPS location in the meta data of a file when it is created on a mobile device
Containerization
Used on mobile devices by an employer to mange and maintain the portion of the device that can interface with the corporate network
isolates corporate apps from the rest of the device
enforces storage segmentation of the device
assists in content management and data loss prevention (DLP)
Allows for personal use on the device with out worry of breaching security policies
COPE
Corporate Owned, Personally Enabled
allows personal use on a corporate owned phone
BYOD
Bring Your Own Device
Device is owned by employee
employee must agree to the terms of use
difficult from a security standpoint
COBO
Corporate Owned Business Only
CYOD
Choose Your Own Device
employee is given a choice of device from a list
but still owned by the company
otherwise same as COPE
EMM
Enterprise Mobility Management
SW which applies security policies for mobile devices and apps in the enterprise
2 main functions
Mobile device management (MDM)
Mobile application management (MAM)
UEM
Unified Endpoint Management
visibility across many devices, PC, laptop, smartphone, tablet, IoT devices
extends the concept of network access control (NAC) solutions
logs the use on network
determines access to network
determines ability of device to use of apps, corporate data, and device built-in functions
Rooting
A privilege escalation allowing Android users to gain access to the root account on their device
Jailbreaking
A privilege escalation allowing iOS users to obtain root privileges to side load apps, change or add carriers, or customize the interface.
Carrier Unlocking
Removing the restrictions of locking a device to a single carrier.
Rooting and jailbreaking security concerns and remediations
Rooting and Jailbreaking leave many security measures permanently disabled
- root user can compromise management agent software
- possibly the new firmware could have removed the protections that enforce segmentations
- the OS can no longer be trusted
EMM/UEM can detect rooted or jailbroken devices
- containerization and enterprise workspaces can use cryptography to protect against this
Security and Cellular Data Connections
- To prevent data exfiltration disable while on Enterprise network
- attacks are rare and requires a high degree of sophistication
Security and GPS
Global Positioning System (GPS) use signals from GPS satellites which can be slow. Smartphones employee A-GPS, assisted GPS by using cell towers to triangulate.
- attacks can spoof or jam the GPS signals and cell tower signals, which can lead to defeating geofencing mechanisms
Wi-Fi connection risks
use of open access points
rogue access points imitating a corporate network
allowing for compromised sessions with secure servers using DNS spoofing attac
PANs
Personal Area Network (PAN) allow for hotspots of mobile devices to allow users to share a devices connectivity
- Should be disabled for enterprise use as it can lead to an attack using a bridged connection to the corporate network
Security and Tethering and Hotspots
typically would be disabled when connected t the enterprise network
can circumvent security mechanisms, such as data loss prevention or web content filtering policies
Security and bluetooth
device discovery
- should turn off, but in non-discovery mode attackers can still detect quite easily
authentication and authorization
- change the default passphrase, and regularly
- check the devices paring list
malware
- keep device updated with latest firmware
- several exploits - worms, BlueBorne,
- vulnerabilities in authentication schemes
Security and Infrared/RFID
Radio Frequency ID (RFID) is a method of encoding info into passive tags
- skimming attacks use a fraudulent RFID reader to obtain the information, say from a contactless bank card
- need to protect the information using cryptography
NFC Vulnerabilities
Near Field Communications (NFC)
- Close range reading of RFID information
Vulnerabilities:
- tag handling
- tag could lead to malicious sites
- no encryption so man in the middle exploits
- skimming with a more sensitive antenna to read from further away (several feet)
USB OTG Vulnerabilities
USB On the Go (OTG)
- malware from the host
- malware from the device being connected to the host to infect the host
- charging plug could be a trojan to install apps, called juice-jacking
SMS/MMS/RCS vulnerabilities
Short Message Service (SMS)
Multimedia Message Service (MMS)
Rich Communication Services (RCS)
- vulnerability is DoS in processing the attachments and rich formatting
- keep devices patched to the latest firmware
Push Notification Vulnerabilities
Store services an app or website can use to display an alert on a mobile device
Vulnerability is attackers send fake communications to users from hacked accounts
Developers need to ensure proper security is applied to the accounts to prevent this
Also users could disable the feature of push notifications
Firmware Over-the-Air Updates Vulnerabilities
Potential for attackers create and evil base station using a Stingray/International Mobile Subscriber Identity (IMSI) catcher allowing for identification of cell devices in an operating area.
Allows for a launch of a man in the middle to abuse the firmware update process
