Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TU 2 IT-Sicherheit > Mobile Security > Flashcards

Mobile Security Flashcards

1
Q

Dimensions of Security for Mobile Devices

A
  • Platform Security: Weaknesses of OS, Open/Unprotected Bootloader, Configuration/EMM, Jailbreak/Rooting
  • Network Security: Infrastructure, Backend Protection
  • Application Security: Malware/Trojans, Quality of Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Motivation for attacks on mobile devices

A
  • Devices always online/active
    -> easy remote access
    -> after infection, spyware is anywhere the smartphone user is
  • Physical access through theft/loss
    -> Local key storage and data accessible (if unprotected)
    -> Data contained can represent a comprehensive picture of user
  • Other specific attack vectors from OS extensions: custom keyboards, cloud backups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Attack Vectors Mobile Devices

A
  • Physical: Wireless Interfaces, Memory Cards, SIM, HW Interfaces, Memory, Firmware, USB
  • Logical: Browser, Communication Services, Baseband Processor, Multimedia Player, OS, 3rd Party Apps, User, Remote Maintenance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IOS Eigenschaften

A
  • iOS is closed source for dedicated systems
  • Kernel based on variant of BSD Unix
  • Support of Trusted Execution Environments
  • Secure Boot, verified boot support, full disk encryption
  • Hardware based Kernel integrity protection
  • Apps:
    -> most often written in Objective-C or Swift
    -> are encrypted, decryption at runtime on device
    -> run in a security environment (Sandbox)
    -> Application Signing, application define permissions, user has to grant
    -> No App Side Loading, only iTunes or App Store
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Android OS Eigenschaften

A
  • Android is open source
  • Wide range of hardware, smartphone, …
  • System is built on the top of the Linux kernel, monolithic kernel
  • Support of Trusted Execution Environments, Secure Boot, verified boot support
  • Apps:
    -> are most often written in Java and/or C/C++
    -> run in a security environment (Sandbox)
    -> Each application is running as an individual user, no root user by default
    -> App to App communication via Inter Process Communication (IPC) mechanisms
    -> Application Signing, application define permissions, user has to grant
    -> App Side Loading, Google Play Store and other stores
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Functions Mobile Devices

A
  • Protection in the lost device scenario: remote wipe/remote tracking, passwords/PIN/biometrics
  • USB access only when unlocked
  • Full encryption of the SD card
  • trusted hardware/protection of the boot process against manipulation
  • Internal protective measures: sandbox, permissions, encryption, …
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Secure Boot Chain IOS

A
  • Boot ROM with Apple Root CA = hardware root of trust
  • Each step in the boot process is cryptographically signed by Apple, proceed only after verifying
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Android Block Device Integrity Check Verified Boot

A
  • Hash tree based
  • Root of tree is signed
  • During device boot up, each stage verifies the integrity and authenticity of the next stage before handing over execution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IOS File Encryption

A
  • Files are encrypted with one individual unique or more keys (File Key), each file has its own key
  • Files can be separated in different classes, File Keys are encrypted by the corresponding Class Key
  • Class Key is derived from a Hardware Key or the passcode
  • File metadata and File Key are encrypted with a File System Key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IOS Secure Enclave

A
  • Special coprocessor with a system on a chip
  • Responsible for cryptographic operation, includes hardware random number generator
  • Key generation
  • Own “micro” OS with secure boot process
  • Responsible for processing fingerprint and face data
  • Passcode storage and UID, tangled together, binding data to device
  • Class Key decryption/encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Android Safetynet Attestation

A
  • Device/Environment integrity protection on Application level with Backend channel
  • App can call the SafetyNet Attestation API to send runtime environment information to Google backend
  • Attestation gives a statement about the integrity of the environment
  • Drawbacks: Requires network/internet connection, Userlevel, higher privileged processes can spoof values, weak root check, external private server required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

App Security

A
  • Every installed app can influence security and privacy
    -> Installing apps from alternative sources is very risky
    -> Apps with malware (in original App Stores) with OS exploits in the mobile environment are still rare
    -> Many apps contain exploitable vulnerabilities
    -> Necessity for app security concept in enterprises with matching protection requirements at user group level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Vulnerabilities of Business Apps

A
  • Incorrect check of server authenticity
  • Sniffing user credentials if unprotected authentication used
  • Eavesdropping of corporate data in the absence of encryption
  • Missing check of data
  • Unintended interaction with enterprise app/server
  • Faulty authorization management of mobile portal
  • Unauthorized use of (sensor) data/resources
  • Retrieval of corporate data in malicious app
  • Inadequately protected storage of corporate data and passwords
  • Disclosure of information by using system features
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

IOS Sensitive Data Storage

A
  • iOS Keychain
  • Implemented as a SQLite database (one for all apps)
  • Keychain is protected using a class structure similar to the one used in file data protection
  • Additional police possible
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Android Keystore

A
  • Responsible for key generation and storage, software based or hardware based (file based, not a database like iOS)
  • Two types of protection mechanism:
    -> Cryptographic operations handled in a specific system process, not in the application process
    -> Key material is bound to the secure hardware (Trusted Execution Environment or Secure Element)
  • If hardware backed key support, there is also a key attestation = proof key is stored in HW keystore
  • Key access to specific keys for apps is authorized by Keystore
  • Similar features to iOS, key access authorization if user has been authenticated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Android Sandboxing

A
  • Each application is isolated in its own area
    -> isolated resources
    -> access to sensitive or critical resources requires specific permissions
  • Enforced by the OS more precise by Linux security
    -> Each application runs as a unique dedicated user in a separate process
    -> Each app has its private folder
  • One master process called Zygote which forks all other app processes
17
Q

Sandbox Exceptions

A
  • App has private folder, which is not accessible by other apps
  • External Storage SDcard: accessible by every app
  • App is running with root privileges or can start root process
  • Content provider, SQL like interface, data behind interface can be files, data base, or just a in memory structure
  • SharedUserId: Apps can share data based on the UID of the app
18
Q

Confused Deputy attack

A
  • Evil app + privileged app <-> restricted data access
  • privileged app can be abused to leak data
19
Q

Collusion attack

A
  • Evil app + evil app <-> restricted data access
  • Apps can exchange data
20
Q

Memory Attacks: Drammer

A
  • Idea: Modify special memory regions without accessing it, trigger the bit flip simply by repeatedly accessing (read) “hammering” adjacent region
  • No privileges required but gains more afterwards
  • Countermeasures: blacklisting for special instructions, memory isolation, hardware based
21
Q

Memory Attacks: Coldboot Frost

A
  • Idea: Find keys in memory after reboot from recovery mode, abuse data remanence property of RAM
  • Target: Find encryption key to decrypt device or get protection PIN
  • Requirement: Physical access to the device and a fridge
    1) Device is running
    2) Cool down device
    3) Reboot device
    4) Scan memory
    5) PIN Brute force
22
Q

Device/Mobility Management

A
  • Mobile Device Management can be considered a subset of Enterprise Mobility Management
  • Management and enforcement of security and app requirements on mobile devices
  • Secure management of devices, apps and data
  • Configuration and compliance check of devices
23
Q

Stagefright

A
  • Sicherheitslücke in Multimedia-Framework in Android Geräten
  • Speziell präparierte File kann zum Buffer Overflow führen -> danach kann malicious code ausgeführt werden
24
Q

Certificate Pinning TLS

A
  • Bind certificate (chain) to the application
  • Advantage:
    -> You do not want to trust the default CA’s on the device
    -> Your CA can be compromised
    -> Any trusted CA can be compromised
    -> Attacker can install his own CA
  • Disadvantage:
    -> If there is a new certificate, app has to be updated (depends on pinning technique)
    -> Implementations can be error prone
25
Q

Coldboot Angriff Gegenmaßnahmen

A
  • RAM encrypten
  • RAM während des Runterfahrens überschreiben
  • Module zusammenkleben o. Ä. um physischen Zugang zu vermeiden

TU 2 IT-Sicherheit (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions