MOD 17 - Hacking Mobile Platforms

Question 1

Agent Smith Attack

Answer 1

Persuade victim to install malicious app. The app then replaces legit apps on victim’s device. Attacker then produces a huge volume of irrelevant advertisements on device for financial gain. Optionally the attacker could steal sensitive information. Lots of attack options at this point.

Question 2

AndroidManifest.xml

Answer 2

Every Android application must include this file. It describes essential info about the app, such as the app’s name, components, permissions, activities, services, broadcast receivers, etc. (this is demonstrated in an iLab)

Question 3

Jailbreaking iOS devices

Answer 3

Gain full access

Question 4

iOS Trustjacking

Answer 4

Exploits the iTunes Wi-Fi Sync functionality between an iPhone and a computer. Allows an attacker to capture sensitive information on the phone, even remotely.

Question 5

• Trident

Answer 5

Spyware that attacks an iPhone to spy on the user

Question 6

• Blackjacking

Answer 6

Hijacking someone’s Blackberry to gain access to their corp. network. Often uses the BBProxy tool.

Question 7

• Spearphone attack

Answer 7

A malicious Android app gets installed that allows the attacker to “listen” to what’s coming out of your phone’s speaker.

Question 8

• Reverse Engineering

Answer 8

Dissassembling and extracting the source code (of a mobile app for example) in order to find the underlying vulnerabilities.

Question 9

Tethered Jailbreak:

Answer 9

device cannot boot up unless it is connected to a computer

Question 10

Semi-Tethered Jailbreak:

Answer 10

device can boot on its own, but can’t use jailbreak functionality unless connected to a computer

Question 11

Semi-Untethered Jailbreak:

Answer 11

device can boot on its own, jailbreak functionality is accessed by launching an app on the device

Question 12

Untethered Jailbreak:

Answer 12

device can boot on its own, and jailbreak functionality is automatically enabled upon each bootup