Mobile Communications and IoT Flashcards
What are the 3 main attack types for Mobile devices?
- Device attacks (Browser, SMS, App, Rooted/Jailbroken devices)
- Network attacks (DNS cache poisoning, rogue/evil twin APs, packet sniffing)
- Cloud attacks (Databases, photos, cloud data e.g. Apple iCloud)
OWASP Top 10 Mobile Risks
M1 - Improper Platform Usage
Misuse of features or security controls (Android intents, TouchID, Keychain)
OWASP Top 10 Mobile Risks
M2 - Insecure Data Storage
Improperly stored data and data leakage
OWASP Top 10 Mobile Risks
M3 - Insecure Communications
Insecure handshaking, incorrect SSL, clear-text communication
OWASP Top 10 Mobile Risks
M4 - Insecure Authentication
Authenticating end user or bad session management
OWASP Top 10 Mobile Risks
M5 - Insufficient Cryptography
Code that applies cryptography to an asset, but is insufficient
OWASP Top 10 Mobile Risks
M6 - Insecure Authorization
Failures in authorization such as access rights
OWASP Top 10 Mobile Risks
M7 - Client Code Quality
Code level implementation problems
OWASP Top 10 Mobile Risks
M8 - Code Tampering
Binary patching, resource modification, dynamic memory modification
OWASP Top 10 Mobile Risks
M9 - Reverse Engineering
Reverse core binaries to find vulnerabilities and exploits
OWASP Top 10 Mobile Risks
M10 - Extraneous Functionality
Use of hidden or unknown functionality which could introduce series of vulnerabilities and exploits, such as backdoors that were inadvertently placed by coders
What is mean by untethered jailbroken device?
iOS device remains jailbroken after a reboot.
What is mean by tethered jailbroken device?
Device only usable in a single boot when jailbroken this way, and patch is removed upon reboot. Device may get stuck in a boot loop if not repaired via computer based tools.
What is meant by Semi-Tethered jailbreak?
iOS device remains jailbroken for a single session and removes the patch upon reboot, but is able to boot back up as normal without any issues such as boot loop.
List 3 different Bluetooth discovery modes
- Discoverable - Answers all inquiries
- Limited Discoverable - Restricts some actions
- Non-Discoverable - Ignores all inquiries
Why type of Mobile tools are:
1. KingoRoot
2. TunesGo
3. OneClickRoot
4. MTK Droid
Used for Android Rooting
What type of mobile tools are:
1. evasi0n7
2. GeekSn0w
3. Pangu
4. Redsn0w
5. Absinthe
6. Cydia
Used for iOS jailbreaking
What type of mobile exploits are these:
1. Userland Exploit
2. iBoot exploit
3. BootROM exploit
iOS jailbreaking exploits
Which mobile attack method uses the following tools:
1. Obad
2. Fakedefender
3. TRAMPS
4. ZitMo
Trojans, can be used in phishing
Which mobile attack method uses the following tools:
1. Mobile Spy
2. Spyera
Spyware
What type of mobile tools are:
1. BlueScanner
2. BT Browser
3. BlueSniff
4. btCrawler
5. Bloover
6. PhoneSnoop
7. Super Bluetooth Hack
Used for bluetooth hacking
What are the 3 basic components of IoT architecture?
- Sensing Technology
- IoT gateways
- Cloud
What are the 3 main characteristics of RIOT OS?
- Embedded System
- Actuator (moving) Boards
- Sensors
Which 2 terms best describes ARM mbed OS?
- Used on wearables
- Low-powered
What is RealSense OS X mainly used in?
Sensors and cameras
Which 3 type of applications would you find Nucleus RTOS used in?
- Aerospace
- Medical
- Industrial
What are the 4 method of communication in IoT?
- Device to Device
- Device to Cloud
- Device to Gateway
- Back-End Data Sharing
What are the 5 Architecture Levels in IoT?
- Edge Technology (Sensors, RFIDs, Readers, Devices)
- Access Gateway (First data handling, messages, routing)
- Internet (Main component that provide communication via internet )
- Middleware (Data and device management)
- Application (Front end delivery of service and data to users)
IoT Vulnerabilities and Attacks:
I1 - Insecure Web Interface
Problems such as account enumeration, weak credentials, and no account lockout
IoT Vulnerabilities and Attacks
I2 - Insufficient Authentication/Authorization
Assumes interfaces will only be exposed on internal networks and thus is a flaw
IoT Vulnerabilities and Attacks
I3 - Insecure Network Services
May be succeptible to buffer overflow or DoS attacks
IoT Vulnerabilities and Attacks
I4 - Lack of Transport Encryption/Integrity Verification
Data transported without encryption
IoT Vulnerabilities and Attacks
I5 - Privacy Concerns
Due to collection of personal data
IoT Vulnerabilities and Attacks
I6 - Insecure Cloud Interface
Easy-to-guess credentials make enumeration easy
IoT Vulnerabilities and Attacks
I7 - Insecure Mobile Interface
Easy-to-guess credentials on mobile interface
IoT Vulnerabilities and Attacks
I8 - Insufficient Security Configurability
Cannot change security which causes default passwords and configuration
IoT Vulnerabilities and Attacks
I9 - Insecure Software/Firmware
Lack of a device to be updated or devices that do not check for updates
IoT Vulnerabilities and Attacks
I10 - Poor Physical Security
Because of the nature of devices, these can easily be stolen
What does HVAC and what type of system is it?
Heating, Ventilation and Air Conditioning - Indoor climate control system
What is a Rolling Code attack?
Jam a key fob’s communications, steal the code, and then create a duplicate code
What is a BlueBorne attack?
Attack against Bluetooth devices
IoT Hacking Methodology
- Information Gathering
- Vulnerability Scanning
- Launching Attacks
- Gaining Access
- Maintaining Access
What type of device would you use the following tools against?
1. Foren6
2. Nmap
3. RIoT Vulnerability Scanner
4. beSTORM
5. IoTSploit
6. IoT Inspector
7. Firmalyzer
8. KillerBee
9. JTAGulator
10. Attify
IoT device hacking
What is a Blackjacking attack?
Act of hijacking a BlackBerry Connection. Using BlackBerry to bypass security.
What is BBProxy used for?
Allowing the attacker to use a BlackBerry device as a proxy between the internet and internal networks via covert channels.
(Used part of Blackjacking attack)
What type of tools is BBScan?
Port scanning tool used against BlackBerry devices.
What type of tool is Blooover?
Bluetooth Hoover - Serves as an audit tool to check phones for vulnerable to Bluetooth vulnerabilities such as BlueSnarf.
What kind of Bluetooth attack is Bluesmacking?
DoS - Overflows bluetooth enabled devices with random packets
What kind of Bluetooth attack is bluejacking?
Sending messages over bluetooth enabled devices
What kind of Bluetooth attack is Bluesnarfing
Theft of information through via bluetooh on enabled devices
What kind of Bluetooth Utility is BlueSniff used for?
Bluetooth tool used for warwalking/wardriving discovery of Bluetooth devices.
What kind of Bluetooth attack is Bluebugging?
Remote access to a remote device via discoverable Bluetooth connection
What kind of Bluetooth attack is BluePrinting?
Collection of information about Bluetooth enable devices, includes manufacturer, device model, and firmware versions.
What is a piconet?
A network made of Bluetooth connected devices
What type of malware is ZitMo?
Banking malware, Zeus ported to Android
