Module 5 - Mobile, Embedded and Specialized Device Security Flashcards

1
Q

Akira is explaining to his team members the security constraints that have made it a challenge for protecting a new embedded system. Which of the following would Akira NOT include as a constraint?

a) Authentication

b) Cost

c) Power

d) Availability

A

D - Availability

To keep costs at a minimum, most embedded devices lack authentication features; to prolong battery life, devices and systems are optimized to draw very low levels of power and thus lack the ability to perform strong security measures; most developers are concerned primarily with making products as inexpensive as possible which means leaving out all security protections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Agape has been asked to experiment with different hardware to create a controller for a new device on the factory floor. She needs a credit-card-sized motherboard that has a microcontroller instead of a microprocessor. What would be the best solution?

A

Arduino

is a device similar to the Raspberry Pi but unlike the RAspberry Pi, which can function as a complete computer, the Arduino is designed as a controller for other devices: it has an 8-bit microcontroller instead of a 64-bit microprocessor, a limited amount of RAM and no operating system; it can only run programs compiled for the Arduino platform (most of which are written in C++), has only a single USB port and power input with a set of input/output pins for connections but consumes little power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hakaku needs a tool with a single management interface that provides capabilities for managing and securing mobile devices, applications and content, What tool would be the best solution?

A

Unified Endpoint Management (UEM)

all the capabilities of Mobile Device Management (MDM), Mobile Application Management (MAM), and Mobile Content Management (MCM) can be supported by UEM; UEM is a group of class of software tools with a single management interface for mobile devices as well as computer devices; it provides capabilities for managing and securing mobile devices, applications and content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. What type of enterprise mobile device deployment model does this company support?

A

CYOD (Choose Your Own Device)

BYOD (Bring Your Own Device) - employees use their own personal mobile device for business purposes; employees have full responsibility for choosing and supporting the device; this model is popular with smaller companies or those with temporary staff

COPE (Corporate Owned Personally Enabled) - employees choose from a selection of company approved devices; employees are supplied the device chosen and paid for by the company, but they can also use it for personal activities; company decides the level of choice and freedom for employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Aoi has been asked to provide research regarding adding a new class of Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Aoi NOT list in her report as a factor in the frequency of Android firmware OTA updates?

a) OEMs are hesitant to distribute Google updates because it limits their ability to differentiate themselves from competitors if all versions of Android start to look the same through updates

b) because many of the OEMs have modified Android they are reluctant to distribute updates that could potentially conflict with their changes

c) wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks

d) because OEMs want to sell as many devices as possible, they have no financial incentive to update mobile devices that users would then continue to use indefinitely

A

C - wireless carries are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the process of identifying the geographical location of a mobile device?

A

Geolocation

mobile devices using geolocation are at increased risk of targeted physical attacks; an attacker can determine where users with mobile devices are currently located and use that information to follow them and steal the mobile devices or inflict physical harm; in addition, attackers can craft attacks by compiling a list of people with whom the users associate and the types of activities they perform

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is used to send SMS text messages to selected users or groups of users?

A

Push notification services

this is a part of mobile management tools under mobile device management (MDM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Enki received a request by a technician for a new subnotebook computer. The technician noted that he wanted USB OTG support and asked Enki’s advice regarding it. Which of the following would Enki NOT tell him?

a) a device connected via USB OTG can function as a peripheral for external media access

b) a device connected via USB OTG can function as a host

c) USB OTG is only available for connecting Android devices to a subnotebook

d) connecting a mobile device to an infected computer using USB OTG could allow malware to be sent to that device

A

C - USB OTG is only available for connecting Android devices to a subnotebook

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Banko’s sister has just downloaded and installed an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called?

A

rooting

this is how users access untrusted content; it is called jailbreaking on Apple iOS devices and rooting on Android devices; jailbreaking and rooting give access to the underlying OS and file system of the mobile device with full permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What technology is able to convert a texting application into a live chat platform?

A

rich communication service (RCS) - can convert a texting app into a live chat platform and supports pictures, videos, locations, stickers, and emojis; threat actors can craft RCS videos that can introduce malware into the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What prevents a mobile device from being used until the user enters the correct passcode?

A

screen lock

this falls under mobile device protection (obviously); screen lock can be configured so that whenever the device is turned on or is inactive for a certain amount of time, the user must enter the passcode; there is also context-aware authentication which is using a contextual setting to validate the user; some mobile devices can be configured so that the device automatically unlocks and stays unlocked until a specific action occurs – this is context-aware authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hisoka is creating a summary document for new employees about their options for different mobile devices. One part of his report covers encryption. What would Hisoka NOT include in his document?

a) all modern versions of mobile device OS encrypt all user data by default

b) encryption occurs when the mobile device is locked

c) Apple uses file-based encryption to offer a higher level of security

d) data backed up to an Apple or Google server could be unlocked by a court order

A

C - Apple uses file-based encryption to offer a higher level of security

Android OS offers file-based encryption; all the other statements are TRUE

file-based encryption is considered more secure than full disk encryption because with file-based encryption each file is encrypted with a different key so that files can unlocked independently without decrypting an entire partition at once; the device can decrypt and use files needed to boot the system and process critical notifications while not decrypting personal apps and data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does containerization do?

A

in regards to using devices that contain personal and business data, containerization can separate storage into business and personal and manage each appropriately; segmenting storage on a mobile device used for both business and personal needs has advantages including helping company avoid data ownership privacy issues and legal concerns regarding a user’s personal data stored on the device; in addition, it allows companies to delete only business data when necessary without touching personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What allows a device to be managed remotely?

A

Mobile Device Management (MDM)

MDM typically involves a server component, which sends out management commands to the mobile devices and a client component, which runs on the mobile device to receive and implement the management commands; an admin can then perform OTA updates or change the configuration on one device, groups of devices or all devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of these is NOT a security feature for locating a lost or stolen mobile device?

a) remote lockout

b) last known good configuration

c) alarm

d) thief picture

A

B - last known good configuration

this should say last known good location or last known location; all the others are security features for locating lost or stolen mobile devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What enforces the location in which an app can function by tracking the location of the mobile device?

A

Geofencing

this is feature of Mobile Device Management (MDM)

17
Q

Which of these is considered the strongest type of passcode to use on a mobile device?

a) password

b) PIN

c) Fingerprint swipe

d) draw connecting dots pattern

A

A - password

18
Q

Which of the following is NOT a context-aware authentication?

a) On-body detection

b) Trusted places

c) Trusted devices

d) Trusted contacts

A

D - Trusted contacts

all the other options are Android Smart Lock configuration options

19
Q

Which mobile management tool manages the distribution and control of apps?

A

Mobile Application Management (MAM)

this comprises the tools and services responsible for distributing and controlling access to apps; the apps can be internally developed or commercially available

20
Q

Which type of OS is typically found on an embedded system?

A

real-time operating systems (RTOS)

is an OS specifically designed for system on a chip (SoC) in an embedded or specialized system; standard computer systems, such as a laptop with a mouse and a keyboard or a tablet with a touch screen, typically receive irregular “bursts” of input data from a user or a network connection; embedded systems, on the other hand, receive large amounts of data very quickly, such as an aircraft preparing to land on a runway at night during a storm; an RTOS is tuned to accommodate high volumes of data that must be immediately processed for critical decision making

21
Q

What is a malicious USB cable and a malicious flash drive?

A

a malicious USB cable and flash drive are physical connection vulnerabilities typically found using mobile devices but can also be used with other equipment (laptops, desktops, switches, etc.); the USB cable or the flash drive could be embedded with malware or a controller or both to allow an attacker access to the device

22
Q

What is card cloning and skimming?

A

card cloning is the unauthorized duplication of smart cards; the process of stealing the information is often called skimming; smart cards have a magnetic strip and the attacker attaches a small device that fits just inside the card readers so that when the card is inserted and removed, both the actual reader and the skimming device capture the information from the magnetic strip

23
Q

Compare and contrast Raspberry Pi, Arduino, and FPGA (field programmable gate array)

A

a raspberry pi is one of the most common hardware components of embedded devices; the raspberry pi is a low-cost, credit-card-sized computer motherboard with hardware ports that can connect to a range of peripherals

an arduino is similar to a raspberry pi but rather the arduino is a controller instead of a motherboard; the arduino is designed as a controller for other devices;

a FPGA is a hardware “chip” or integrated circuit (IC) that can be programmed by the user (“field programmable”) to carry out one or more logical operations; a FPGA is an IC that consists of internal hardware blocks with user-programmable interconnects to customize operations for a specific application; a user can write software that loads onto the FPGA chip and executes functions, and that software can later be replaced or deleted

24
Q

Define what industrial control systems (ICS) and supervisory control and data acquisition (SCADA)

A

Industrial control systems collect, monitor and process real-time data so that machines can directly control devices such as valves, pumps, and motors without human intervention; ICSs are managed by a large supervisory control and data acquisition (SCADA); SCADA systems are crucial today for industrial organizations

25
Q

What are the 10 security constraints listed for embedded systems and specialized devices?

A

1) power - to prolong battery life, devices and systems are optimized to draw very low levels of power and thus lack the ability to perform strong security measures
2) compute - due to their size, small devices typically possess low processing capabilities, which restricts complex and comprehensive security measures
3) network - to simplify connecting a device to a network, many device designers support network protocols that lack advanced security features
4) cryptography - encryption and decryption are resource-intensive tasks that require significant processing and storage capacities that these devices lack
5) inability to patch - few, if any, devices have been designed with the capacity for being updated to address exposed security vulnerabilities
6) authentication - to keep costs at a minimum, most devices lack authentication features
7) range - not all devices have long-range capabilities to access remote security updates
8) cost - most developers are concerned primarily with making products as inexpensive as possible, which means leaving out all security protections
9) implied trust - many devices are designed without any security features but operate on an “implied trust” basis that assumes all other devices or users can be trusted
10) weak defaults - usernames and passwords for accessing devices are often simple and well known

26
Q

What are the 4 types of mobile devices?

A

tablets, smartphones, wearables, and portable computers

tablets are portable computing devices that generally lack a built-in keyboard or mouse, instead they rely on a touch screen that users manipulate with touch gestures to provide input

smartphones are basically a “feature” phone with an underlying OS that allows it to run apps and access the internet

wearables are a class of mobile technology that is worn instead of carried; the most common type of wearable is a smart watch or fitness tracker

portable computers are devices that closely resemble standard desktop computers but are easily moved from one location to another; laptops are regarded as the earliest portable computers; there are also notebooks (smaller versions of laptops) and subnotebooks (which is even smaller than standard notebooks); the latest type of computing device that resembles a laptop is a web-based computer which is basically used to surf the web

27
Q

What are the 4 mobile device connectivity methods listed? Describe each.

A

cellular telephony (cellular); infrared; USB connections; Wi-Fi

cellular telephony networks are divided into hexagon-shaped cells measuring 10 square miles; at the center of each cell is a transmitter that mobile devices in the cell use to send and receive signals; the transmitters are connected through a mobile telecommunications switching office (MTSO) that controls all of the transmitters in the cellular network and serves as the link between the cellular network and the wired telephone world

wi-fi is designed to replace or supplement a wired local area network (LAN)

infrared uses light instead of radio waves to transmit signals; rarely found today

USB connections of different sizes and types can be used for transferring data

28
Q

List and describe the 5 different enterprise mobile device deployment models.

A

Bring Your Own Device (BYOD) - employees use their own personal mobile devices for business purposes; employees have full responsibility for choosing and supporting the device; this model is popular for smaller companies and those with temporary staff

Corporate Owned, Personally Enabled (COPE) - employees choose from a selection of company approved devices; employees are supplied that device chosen and paid for by the company but they can also use it for personal activities; company decides the level of choice and freedom for employees

Choose Your Own Device (CYOD) - employees choose from a limited selection of approved devices but pay the upfront costs of the devices while the business owns the contract; employees are offered a suite of choices that the company has approved for security, reliability and durability; company often provides a stipend to pay monthly fees to wireless carrier

Virtual Desktop Infrastructure (VDI) - stores sensitive applications and data on a remote server accessed through a smartphone; users can customize the display of data as if the data were residing on their own mobile device; enterprise can centrally protect and manage apps and data on server instead of distributing to smartphones

Corporate Owned - the device is purchased and owned by the enterprise; employees use the phone only for company-related business; enterprise is responsible for all aspects of the device

29
Q

List and describe the 4 mobile device vulnerabilities listed in the book.

A

physical security - mobile devices can be lost or stolen due to their portability; a stolen mobile device could be an entry point for attackers to gain entry to corporate networks

limited updates - security patches and updates for mobile OSs are distributed through firmware over-the-air (OTA) updates; because people are keeping devices for longer periods of time, it is likely that a user may posses a mobile device that is no longer receiving updates and becomes vulnerable

location tracking - mobile devices using geolocation are at increased risk of targeted physical attacks; GPS tagging (geo-tagging) is adding geographical identification data to media such as digital photos, an attacker may access the private information found in the photo data

unauthorized recording - a threat actor who has infected a mobile device with malware would be able to access the microphone and/or camera on the device

30
Q

List and describe the 4 mobile device connection vulnerabilities listed in the book.

A

tethering - a mobile device with an active internet connection can be used to share that connection with other mobile devices through bluetooth or Wi-Fi; basically a hotspot; an unsecured mobile device may infect other tethered mobile devices or the corporate network

USB On-the-Go (OTG) an OTG mobile device with a USB connection can function as either a host (to which other devices may be connected such as a USB flash drive) for external media access or as peripheral (such as a mass storage device) to another host; connecting a malicious flash drive infected with malware to am mobile device could result in an infection, just as using a device as a peripheral while connected to an infected computer could allow malware to be sent to the device

malicious USB cable - a USB cable could be embedded with a Wi-Fi controller that can receive commands from a nearby device to send malicious commands to the connected mobile device; the device will recognize the cable as a Human Interface Device (similar to a mouse or keyboard), giving the attacker enough permissions to exploit the system

hotspots - a hotspot is a location where users can access the Internet with a wireless signal; because public hotspots are beyond the control of the organization, attackers can eavesdrop on the data transmissions and view sensitive information

31
Q

How would a user access untrusted content on a mobile device?

A

by jail-breaking an Apple iPhone or rooting an Android device; jail-breaking and rooting are basically the same thing except for rooting is only for Android devices and jail-breaking is for Apple devices; this allows a user to access the underlying OS

other ways users access untrusted content is through SMS, MMS, and RCS; SMS (short message service) are text messages of a maximum of 160 characters; MMS (multimedia messaging service) are text messages that include pictures, videos, and audio; RCS (rich communication service) convert a texting app into alive chat platform and supports pictures, videos, location, stickers and emojis; threat actors can send SMS messages containing links to untrusted content or specially craft MMS or RCS videos that can introduce malware into the device

32
Q

What are the 4 device configurations listed by the book?

A

strong authentication, managing encryption, segmenting storage and enabling loss or theft services

strong authentication includes setting up a password, PIN, biometric scan or swipe pattern

managing encryption includes encrypting data at rest and in-transit; most if not all mobile devices encrypt user data on the device by default

segmenting storage includes separating business data from personal data; this is used in BYOD, CYOD, and COPE deployment models

enabling loss or theft services includes allowing a remote wipe of the device if necessary

33
Q

Compare and contrast the 4 mobile management tools.

A

MDM (mobile device management) allows a device to be managed remotely by an organization; MDM typically involves a server component, which sends out management commands to the mobile devices and a client component which runs on the mobile device to receive and implement the management commands

MAM (mobile application management) comprises the tools and services responsible for distributing and controlling access to apps

MCM (mobile content management) supports the creation and subsequent editing and modification of digital content by multiple employees

UEM (unified endpoint management) is a group or class of software tools with a single management interface for mobile devices as well as computer devices; it provides capabilities for managing and securing mobile devices, applications and content