Module 5 - Mobile, Embedded, & Specialized Device Security

Question 1

What are examples of types of mobile devices?

Answer 1

Tablets, Smartphones, Wearables, Portable computers (Laptop, Notebook, Subnotebook, 2-1, Web-based computer)

Question 2

What are some mobile device core features?

Answer 2

1) Small form factor
2) Mobile OS
3) Wireless data network interface for accessing the Internet, such as Wi-Fi or cellular telephony
4) Stores or other means of acquiring applications (apps)
5) Local nonremovable data storage
6) Data synchronization capabilities w/ a separate computer or remote servers

Question 3

What are Additional Features of the Core Feature “Small form factor”?

Answer 3

Global Positioning System (GPS)

Question 4

What are Additoinal Features of the Core Feature “Mobile OS”?

Answer 4

Microphone and/or digital camera

Question 5

What are Additional Features of the Core Feature “Wireless dat network interface for accessing the Internet, such as Wi-Fi or cellular telephony”?

Answer 5

Wireless cellular connection for voice communications

Question 6

What are the Additional Features of the Core Feature “Stores of other means of acquiring applications (apps)”?

Answer 6

Wireless personal area network interfaces such as Bluetooth or near field communications (NFC)

Question 7

What are the Additional Features of the Core Feature “Local nonremovable data storage”?

Answer 7

Removable storage media

Question 8

What are the Additional Features of the Core Feature “Data synchronization capabilities w/ a separate computer or remote servers”?

Answer 8

Support for using the device itself as removable storage for another computing device

Question 9

What are some Mobile Device Connectivity Methods (4)?

Answer 9

1) Cellular
2) Wi-Fi
3) Infrared
4) USB Connections

Question 10

What is “Cellular”?

Answer 10

• coverage area for a cellular telephony network is divided into cells
   Hexagon-shaped cells measure 10 square miles
   Transmitters are connected through a mobile telecommunications switching office (MTSO) that controls all of the transmitters in the cellular network

Question 11

What is “Wi-Fi”?

Answer 11

A wireless local area network (WLAN) designed to replace or supplement a wired local area network (LAN)

Question 12

What is “Infrared”?

Answer 12

• uses light instead of radio frequency (RF) as the communication media
   Due to slow speed & other limitations, infrared capabilities are rarely found today
   Next to visible light on the light spectrum &, although invisible, has many of the same characteristics of visible light
   At one time, infrared data ports were installed on laptop computers, printers, cameras, watches, & other devices so data could be exchanged using infrared light

Question 13

What are “USB Connections”?

Answer 13

These include standard-size connectors, mini-connectors, & micro connectors
 Universal Serial Bus (USB) – used for data transfer

Question 14

What is “Bring your own device (BYOD”?

Answer 14

Allows users to use their own personal mobile devices for business purposes

Question 15

What is “Corporate owned, personally enabled (COPE)”?

Answer 15

Employees choose from a selection of company approved devices

Question 16

What is “Choose your own device (CYOD)”?

Answer 16

Employees choose from a limited selection of approved devices, but the employee pays the upfront cost of the device while the business owns the contract

Question 17

What is “Virtual desktop infrastructure”?

Answer 17

Storing sensitive applications & data on a remote server that is accessed through a smartphone

Question 18

What is “Corporate owned”?

Answer 18

A mobile device that is purchased & owned by the enterprise

Question 19

What are some Enterprise Deployment Models (5)?

Answer 19

1) Bring your own device (BYOD)
2) Corporate owned, personally enabled (COPE)
3) Choose your own device (CYOD)
4) Virtual desktop intrastructure (VDI)
5) Corporate owned

Question 20

What are benefits of BYOD, COPE, & CYOD models for the enterprise (6)?

Answer 20

1) Management flexibility
2) Less oversight
3) Cost savings
4) Increased employee performance
5) Simplified IT infrastructure
6) Reduced internal service

Question 21

What do user benefits include (3)?

Answer 21

1) Choice of device
2) Choice of carrier
3) Convenience

Question 22

What are security risks associated w/ using mobile devices (3)?

Answer 22

1) Mobile device vulnerabilities
2) Connection vulnerabilities
3) Accessing untrusted content

Question 23

What are some Mobile Device Vulnerabilities?

Answer 23

1) Physical security
2) Limited updates
3) Location tracking
4) Unauthorized recording

Question 24

What are the 2 dominant OSs for mobile devices?

Answer 24

1) Apple
2) Google

Question 25

What is a Physical Security mobile device vulnerability?

Answer 25

Mobile devices are frequently lost or stolen

Question 26

What is a Limited Updates mobile device vulnerability?

Answer 26

Security patches & updates for mobile OSs are distributed through firmware over-the-air (OTA) updates

Question 27

What is a Location Tracking mobile device vulnerability?

Answer 27

Mobile devices w/ GPS capabilities typically support geolocation

Question 28

What is an Unauthorized Recording mobile vulnerability?

Answer 28

By infecting a device w/ malware, a threat actor can spy on an unsuspecting victim & record conversations or videos

Question 29

What are some Connection Vulnerabilities (4)?

Answer 29

1) Tethering
2) USB On-the-Go (OTG)
3) Malicious USB cable
4) Hotspots

Question 30

Description/Vulnerability of Tethering as a Connection Vulnerability.

Answer 30

Description:
A mobile device w/ an active Internet connection can be used to share that connection w/ other mobile devices through Bluetooth or Wi-Fi

Vulnerability:
An unsecured mobile device may infect other tethered mobile devices or the corporate network

Question 31

Description/Vulnerability of USB On-the-Go (OTG) as a Connection Vulnerability.

Answer 31

Description:
An OTG mobile device w/ a USB connection can function as either a host (to which other devices may be connected such as a USB flash drive)

Vulnerability:
Connecting a malicious flash drive infected w/ malware to a mobile device could result in an infection, just as using a device as a peripheral while connected to an infected computer could allow malware to be sent to the device

Question 32

Description/Vulnerability of Malicious USB Cable as a Connection Vulnerability.

Answer 32

Description:
A USB cable could be embedded w/ a Wi-Fi controller that can receive commands from a nearby device to send malicious commands to the connected mobile device

Vulnerability:
The device will recognize the cable as a Human Interface Device (similar to a mouse or keyboard), giving the attacker enough permissions to exploit the system

Question 33

Description/Vulnerability of Hotspots as a Connection Vulnerability.

Answer 33

Description:
A hotspot is a location where users can access the Internet w/ a wireless signal

Vulnerability:
Because public hotspots are beyond the control of the organization, attackers can eavesdrop on the data transmissions & view sensitive information

Question 34

How do users circumvent the built-in installation on their smartphone?

Answer 34

Jailbreaking - Apple
Rooting - Android

Question 35

What are the 3 types of text messaging?

Answer 35

1) SMS - text message up to 160 characters
2) MMS - text message w/ pictures, video, audio
3) RCS - can convert a texting app into a live chat platform

Question 36

What are configurations that should be considered when setting up a mobile device for use?

Answer 36

1) Strong Authentication
2) Managing Encryption
3) Segmenting Storage
4) Enabling Loss or Theft Services

Question 37

What are 5 ways to use Strong Authentication?

Answer 37

1) A passcode
2) A PIN
3) A fingerprint
4) A pattern connecting dots to unlock the device
5) A screen lock

Question 38

What are some Android Smart Lock Configuration Options?

Answer 38

1) On-body detection
2) Trusted Places
3) Trusted Devices
4) Trusted Face
5) Trusted Voice

Question 39

What does it mean to “Segment Storage”?

Answer 39

Separates business data from personal data on mobile devices

Users can apply containerization to separate storage into business & personal “containers”

Question 40

What are 5 Security Features for Locating Lost or Stolen Mobile Devices?

Answer 40

1) Alarm
2) Last known location
3) Locate
4) Remote lockout
5) Thief picture

Question 41

What are 4 Mobile Management Tools?

Answer 41

1) Mobile Device Management (MDM)
2) Mobile Application Management (MAM)
3) Mobile Content Management (MCM)
4) Unified Endpoint Management (UEM)

Question 42

What is Mobile Device Managment?

Answer 42

Tools allow a device to be managed remotely by an organization

• Typically involves a server, which sends out management commands to the mobile devices, & a client component, which runs on the mobile device to receive & implement the management commands

Question 43

What is Mobile Application Management?

Answer 43

Covers application management, which comprises the tools & services responsible for distributing & controlling access to apps

• The apps can be internally developed or commercially available

Question 44

What is Mobile Content Management?

Answer 44

Supports the creation & subsequent editing & modification of digital content by multiple employees

• Tunes to provide content management to hundreds or even thousands of mobile devices used by employees in an enterprise

Question 45

What are the 4 things Mobile Content Management (MCM) can include?

Answer 45

1) Tracking editing history
2) Version control
3) Indexing
4) Searching

Question 46

What is Unified Endpoint Management (UEM)?

Answer 46

A group or class of software tools w/ a single management interface for mobile devices as well as computer devices

• It provides capabilities for managing & securing mobile devices, applications, & content

Question 47

What are the 5 Categories of Embedded & Specialized Devices?

Answer 47

1) Hardware & software
2) Specialized systems
3) Industrial systems
4) Other devices
5) IoT devices

Question 48

What is the Raspberry Pi?

Answer 48

A low-cost, credit-card-sized computer motherboard

• Can perform almost any task that a standard computer can & can be used to control a specialized device

Question 49

What is the Arduino?

Answer 49

A controller for other devices

• Has 8-bit microcontroller, limited amount of RAM, no OS

Question 50

What is a Field-Programmable Gate Array (GPFA)?

Answer 50

A hardware “chip” that can be programmed by the user to carry out one or more logical operations

Question 51

What is a System on a Chip (SoC)?q

Answer 51

Combines all the required electronic circuits of the various computer components on a single chip

• An OS specifically designed for an SoC is an embedded or specialized system

Question 52

What is an Embedded System?

Answer 52

Computer hardware & software contained within a larger system that is designed for a specific function

• Receive a large amount of data very quickly

Question 53

What are 4 kinds of Specialized Systems & what do they use?

Answer 53

1) Utilities
2) Medical systems
3) Aircraft
4) Vehicles

Smart meter.

Question 54

What are 4 actions of Meters (Analog vs Smart)?

Answer 54

1) Meter readings
2) Servicing
3) Tamper protection
4) Emergency communication

Question 55

Analog vs Smart Meters of Meter Reading.

Answer 55

Analog:
Employee must visit the dwelling each month to read the meter

Smart:
Meter readings are transmitted daily, hourly, or even by the minute to the utility company

Question 56

Analog vs Smart Meters of Servicing.

Answer 56

Analog:
Annual servicing is required in order to maintain accuracy

Smart:
Battery replacement every 20 years

Question 57

Analog vs Smart Meters of Tamper Protection.

Answer 57

Analog:
Data must be analyzed over long periods to identify anomalies

Smart:
Can alert utility in the event of tampering or theft

Question 58

Analog vs Smart Meters of Emergency Communication.

Answer 58

Analog:
None available

Smart:
Transmits “last gasp” notification of a problem to utility company

Question 59

What are Industrial Control Systems?

Answer 59

Systems that control locally or remote locations by collecting, monitoring, & processing real-time data to control machines

Question 60

What are Industrial Control Systems managed by?

And what do they help do?

Answer 60

1) Managed by supervisory control & data acquisition (SCADA) systems
2) Help to maintain efficiency & provide information on issues to help reduce downtime

Question 61

What is a Supervisory Control & Data Acquisition (SCADA) System?

Answer 61

A system that controls multiple industrial control systems (ICS)

Question 62

What are drones used for?

Answer 62

1) Policing & surveillance
2) Product deliveries
3) Aerial photography
4) Infrastructure inspections
5) Drone racing

Question 63

What are examples of “Other Specialized Systems”?

Answer 63

1) HVAC
2) Multifunctional printer (MFP)
3) Unmanned aerial vehicle (UAV) aka drone
4) Voice over IP (VoIP)

Question 64

What is the Internet of Things (IoT)?

Answer 64

Any device to the Internet for the purpose of sending & receiving data to be acted upon

Question 65

What is an example of IoT where it’s related to the body?

Answer 65

Body area networks (BAN) - network system of IoT devices in close proximity to a person’s body that cooperate for the benefit of the user

Managed body sensor network (MBSN) - when readings are transmitted via computer or smartphone to a third-party physician who can make decisions regarding any medications to prescribe or lifestyle changes to recommend

Autonomous body sensor network (ABSN) - introduces actuators in addition to the sensors so that immediate effects can be made on the human body

Question 66

What are 10 Security Constaints for Embedded Systems & Specialized Devices?

Answer 66

1) Power
2) Compute
3) Network
4) Cryptography
5) Inability to patch
6) Authentication
7) Range
8) Cost
9) Implied trust
10) Weak defaults

Question 67

How is Power a Security Constraint?

Answer 67

To prolong battery life, devices, & systems are optimized to draw very low levels of power & thus lack the ability to perform strong security measures

Question 68

How is Compute a Security Constraint?

Answer 68

Due to their size, small devices typically possess low processing capabilities, which restricts complex & comprehensive security measures

Question 69

How is Network a Security Constraint?

Answer 69

To simplify connecting a device to a network, many device designers support network protocols that lack advanced security features

Question 70

How is Cryptography a Security Constraint?

Answer 70

Encryption & decryption are resource-intensive tasks that require significant processing & storage capacities that these devices lack

Question 71

How is Inability to Patch a Security Constraint?

Answer 71

Few, if any, devices have been designed w/ the capacity for being updated to address exposed security vulnerabilities

Question 72

How is Authentication a Security Constraint?

Answer 72

To keep costs at a minimum, most devices lack authentication features

Question 73

How is Range a Security Constraint?

Answer 73

Not all devices have long-range capabilities to access remote security updates

Question 74

How is Cost a Security Constraint?

Answer 74

Most developers are concerned primarily w/ making products as inexpensive as possible, which means leaving out all security protections

Question 75

How is Implied Trust a Security Constraint?

Answer 75

Many devices are designed w/o any security features but operate on an “implied trust” basis that assumes all other devices or users can be trusted