mobile sec 2b

Question 1

STAGEFRIGHT

Answer 1

major vulnerability in

Android

Question 2

STAGEFRIGHT What ability or privileges does this

vulnerability provide the attacker?

Answer 2

•It is estimated that 50% of the affected devices
would be able to trigger the vulnerability
without any user interaction!
•For other cases, simply opening the MMS will
compromise the device!

Question 3

STAGEFRIGHT What ability or privileges does this

vulnerability provide the attacker 2?

Answer 3

•During successful attacks, the attacker is able to run
arbitrary code on the target device with media or
system privileges the audio and camera of the device.
•Using these privileges, an attacker can perform
reconnaissance on their victim by listening in on
conversations, and enabling video recording!

Question 4

STAGEFRIGHT What ability or privileges does this

vulnerability provide the attacker 3?

Answer 4

• On some devices, the affected software runs with “system” privileges.
• the attacker has almost full control of the device already.
• Remote code execution allows sophisticated attackers to execute
“privilege escalation” attacks, which allow the attacker to
• change “roles” on the device – providing unfettered control:
• access to read the victim’s emails,
• facebook/ whatsapp messages and
• contacts,
• access data from other applications or
• use the device as a pivot into the customers network and cloud applications

Question 5

STAGEFRIGHT What ability or privileges does this

vulnerability provide the attacker 4?

Answer 5

The attacker can hide traces of the attack by simply deleting the
infected message after a successful attack.
• If an attacker spends additional time refining the attack, it can be
made silent.

Question 6

How to protect from Stagefright

Answer 6

•Update your device:
•Keep your device updated to the latest version
at all times.
•Disable Auto-fetching of MMS:
•You will need to disable this for both Hangout
and regular messaging apps. Here’s how:
How to protect from Stagefright
• HANGOUT: DISABLE AUTO FETCHING MMS
• Open Hangout
• Tap Options on the top left corner
• Tap Settings -> SMS
• In General, If you have Hangout SMS Enabled then in
the Advanced uncheck Auto Retrieve MMS
• MESSAGES: DISABLE AUTO FETCHING MMS Open Messages
• Tap More -> Settings -> More Settings
• Tap Multimedia Messages -> Turn OFF Auto Retrieve.

Question 7

How to protect from Stagefright

•Advanced Protection

Answer 7

• Zimperium’s advanced mobile threat protection solution – zIPS, is
already trained by their core engine z9, to detect and protect from
Stagefright.
• Devices with zIPS activated are fully protected without the need for
device update or disabling the MMS.

Question 8

Quadrooter (7 AUG 2016)

Answer 8

• Check Point today disclosed 4 vulnerabilities affecting
900 million Android smartphones and tablets that use
Qualcomm® chipsets.
• The Check Point mobile threat research team, which
calls the set of vulnerabilities QuadRooter, presented
its findings in a session at DEF CON 24 in Las Vegas

Question 9

Qualcomm is the world’s leading

Answer 9

g designer of LTE
chipsets with a 65% share of the LTE modem
baseband market.
•If any one of the 4 vulnerabilities is exploited, an
attacker can trigger privilege escalations for the
purpose of gaining root access to a device

Question 10

Quadrooter – Which Device affected

Answer 10

•QuadRooter vulnerabilities are found in software
drivers that ship with Qualcomm chipsets.
• Any Android device built using these chipsets is at risk.
• These software drivers, which control communication
between chipset components, become incorporated
into Android builds manufacturers develop for their
devices.

Question 11

Quadrooter – Which Device affected 2

Answer 11

• Since the vulnerable drivers are pre-installed on
devices at the point of manufacture, they can only be
fixed by installing a patch from the distributor or
carrier.
•Distributors and carriers issuing patches can only do
so after receiving fixed driver packs from Qualcomm.

Question 12

Quadrooter – Which Device affected 3

Answer 12

• This situation highlights the inherent risks in the
Android security model.
• Critical security updates must pass through the entire
supply chain before they can be made available to end
users.
•Once available, the end users must then be sure to
install these updates to protect their devices and data.

Question 13

Quadrooter - How are hp exposed to it?

Answer 13

An attacker can exploit these vulnerabilities using a
malicious app.
• Such an app would require no special permissions to
take advantage of these vulnerabilities, alleviating any
suspicion users may have when installing.

Question 14

How can I protect employee’s devices from attacks using these Quadrooter
vulnerabilities?

Answer 14

Without an advanced mobile threat detection and mitigation solution
on the Android device, there is little chance a user would suspect any
malicious behavior has taken place.

Question 15

• What are the risks if an attacker exploits the quadrooter vulnerability on a
device?

Answer 15

If exploited, QuadRooter vulnerabilities can give
• attackers complete control of devices and
• unrestricted access to sensitive personal and enterprise data on them.
• Attacker with capabilities such as keylogging, GPS tracking, and recording
video and audio.

Question 16

Download and install the latest Android updates asap why sia

Answer 16

• Understand the risks of rooting your device – either intentionally or
as a result of an attack.
• Examine carefully any app installation request before accepting it to
make sure it’s legitimate.
• Avoid side-loading Android apps (.APK files) or downloading apps
from third-party sources. Instead, practice better app hygiene by
downloading apps only from Google Play

Question 17

Avoid side-loading Android apps (.APK files) or downloading apps
from third-party sources.

Answer 17

Instead, practice better app hygiene by

downloading apps only from Google Play

Question 18

When referring to Android apps, “sideloading” typically

means

Answer 18

s installing an application package in APK format onto
an Android device.

Such packages are usually downloaded from websites other
than Google play, usually through a computer.
• For Android users sideloading of apps is only possible if the
user has allowed “Unknown Sources” in their Security
Settings.

Question 19

Read permission requests carefully when installing any apps.

• Be wary of apps that ask for

Answer 19

r permissions that seem unusual or
unnecessary or that use large amounts of data or battery life.
• Use known, trusted Wi-Fi networks or while traveling use only those
that you can verify are provided by a trustworthy source.
• End users and enterprises should consider using mobile security
solutions designed to detect suspicious behavior on a device,
including malware that could be obfuscated within installed apps.

Question 20

Bring Your Own Cloud (BYOC)

Answer 20

Build Your Own Cloud, provides
employees with the flexibility to store and access data such as
documents, images, videos and other files via a wide variety of cloud
options, but it can do so at the expense of corporate control, and it
can present potential security risks to the enterprise when security
policies and best practices aren’t implemented or followed.