Mobile Attacks and Countermeasures Flashcards
Which of the following mobile risks can be raised from failure to identify the user, failure to maintain the user’s identity, or weaknesses in session management?
Insecure Authentication: This category captures notions of authenticating the end user or bad session management such as failing to identify the user when it is required, failure to maintain the user’s identity when it is required, weaknesses in session management.
Identify the network-based attack in which the attacker eavesdrops on existing network connections to intrude, read, and modify the data or insert fraudulent data into the intercepted communication.
Man-in-the-Middle (MITM): Attackers eavesdrop on existing network connections between two systems, intrude into these connections, and then read or modify the data or insert fraudulent data into the intercepted communication.
Which of the following protocols allows mobile users to exchange communication through another cellular network while roaming?
SS7 An SS7 attack is a security exploit that takes advantage of a weakness in the design of SS7 (Signaling System 7) to enable data theft, eavesdropping, text interception and location tracking
Which of the following types of attack involves replacing legitimate apps in a mobile device with malicious apps designed by a hacker and producing a large volume of advertisements on the target device to attain financial benefits?
Agent smith attack: mobile malware that generates financial gain by replacing legitimate applications on devices with malicious versions that include fraudulent ads
Jack, a network administrator in an organization, was assigned to identify the risks associated with the organization’s confidential information by implementing a BYOD policy. Jack thoroughly examined and identified a potential exposure of all the corporate data.
Which of the following BYOD security risks is identified by Jack in the above scenario?
Data leakage and endpoint security issues: In this cloud-computing era, mobile devices are insecure endpoints with cloud connectivity. By synchronizing with organizational email or other apps, these mobile devices carry confidential information. If the device is lost, it could potentially expose all the corporate data.
An organization has implemented BYOD policy that allows employees to bring their personal devices for business operations. One day, during lunchtime, Joseph, an employee, transferred project details to his colleague using freely available Wi-Fi. An attacker connected to the same Wi-Fi network sniffed the communication and gained access to the shared data.
Which of the following BYOD risk was demonstrated in the above scenario?
Sharing confidential data on unsecured networks: Employees might access corporate data via a public network. These connections may not be encrypted; sharing confidential data via an unsecured network may lead to data leakage.
Which of the following guidelines helps users identify and protect sensitive data on their mobile devices?
Apply validation of the security of API calls to the sensitive data
Which of the following techniques allows attackers to attain privileged control within Android’s subsystem, resulting in the exposure of sensitive data?
Rooting: Rooting allows Android users to attain privileged control (known as “root access”) within Android’s subsystem. Like jailbreaking, rooting can result in the exposure of sensitive data stored in the mobile device
Which of the following vulnerabilities leads to erratic program behavior, including memory access errors and incorrect results, and causes mobile devices to crash?
Buffer Overflow: Buffer overflow is an abnormality whereby a program, while writing data to a buffer, surfeits the intended limit and overwrites the adjacent memory. This results in erratic program behavior, including memory access errors, incorrect results, and mobile device crashes.
Which of the following vulnerabilities leads to erratic program behavior, including memory access errors and incorrect results, and causes mobile devices to crash?
Buffer Overflow: Buffer overflow is an abnormality whereby a program, while writing data to a buffer, surfeits the intended limit and overwrites the adjacent memory. This results in erratic program behavior, including memory access errors, incorrect results, and mobile device crashes.
Which of the following guidelines must be followed to protect a mobile device from malicious attackers?
Maintain configuration control and management