Section 5: Mobile Device Security Flashcards

1
Q

What is the highest level of wireless security?

A

WPA2 - Wireless Protected Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What Encryption does WPA2 rely on?

A

AES - Advanced Encryption Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does Bluetooth pairing create?

A

A shared link key for encrypting the connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which connection is almost always more secure?

Wired or Wireless?

A

Wired

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can you protect yourself from Mobile Malware?

A
  1. Antivirus
  2. Patched and Updated
  3. Official Apps only
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some Unique Attacks to Mobile Devices?

A
  1. Social Engineering
  2. Pre-texting scams
  3. Texts which include links
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Should you JailBreak/Root your mobile device?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Should you use custom firmware or custom ROM on your mobile device?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Where should you get your Apps for your mobile device?

A

Official App Store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What should you do with your phone’s operating system?

A

Keep it up to date

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a SIM card?

A

Integrated circuit that securely stores the international mobile subscriber identity (IMSI) number and its related keys
- Subscriber Identity Module
- communicates with cell towers and tells them which device is which number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does SIM stand for?

A

Subscriber Identity Module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is SIM cloning?

A

When 2 phones are utilising the same card. This allow’s an attacker to gain access to the phone’s data.
- both phones get the same message/text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which version is harder to clone between SIM V1 and V2?

A

V2 are much harder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can attackers achieve with Social Engineering regarding phone attacks?

A

They can call your phone provider and give them information that is OSINT and found online on social media. Once they get access to your number they can:
- Bypass 2FA
- Get 2FA code in their phones and login to your email accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

If an attacker has your phone number, what can they do?

A
  1. ID theft
  2. Account takeover
17
Q

How can Theft ID & Account takeover be prevented?

A

Do not post your phone numbers online

18
Q

What is a Google Voice Number?

A

A number that sits on top of your real number. This hides your actual phone number which you can then use your real number to authenticated 2FA.

19
Q

What is BlueJacking?

A

When an attacker sends unsolicited messages to Bluetooth enabled devices

20
Q

What is BlueSnarfing?

A

Unauthorised access of information from a wireless device over a Bluetooth connection

21
Q

What is the difference between BlueJacking and BlueSnarfing?

A

BlueJacking - Sending information
BlueSnarfing - Taking information

22
Q

What should you ensure you always have with your device’s data?

A

Device Backup

23
Q

How can you secure your mobile device?

A
  1. Encrypt your device
  2. Full disk encryption
  3. track your device
24
Q

How can you find where your phone is?

A

Apple - Find my iphone
Android - Find my phone

25
Q

What can you also do on the find my phone websites?

A
  • Remote Lock
  • Remote Wipe
26
Q

When browsing, what should you make sure websites have?

A

HTTPS - TLS (Secure tunnel)

27
Q

What is TLS?

A

Transport Layer Security - encrypts data in transit

28
Q

What is a Mobile Device Management (MDM) solution?

A

Centralised software that allows system admins to create and enforce policies across mobile devices

29
Q

What can MDM do?

A
  1. Block Websites
  2. Block Apps
  3. Enforce policies
30
Q

What does Allow Location Access for apps is a concern of?

A

Privacy concern - Apps always know your location

31
Q

What is Geotagging?

A

Embedded geolocation (GPS) coordinates into a piece of data (i.e. photos)

32
Q

What is BYOD?

A

Bring Your Own Device

33
Q

Why could BYOD be a security issue?

A

When the device is connected to your work network, every vulnerability the device has, is introduced to the network
- malware at home, is then brought to the work network

34
Q

What is Storage Segmentation?

A

Creating a clear separation between personal and company data on a single device

35
Q

What are some ways to enforce Storage Segmentation?

A
  • Virtual environment app on your mobile device
  • 2 different email apps for work / personal
36
Q

Is it possible to have MDM on your BYOD?

A

Yes, but who would want that on their personal device?

37
Q

What is CYOD?

A

Alternative to BYOD. Choose Your Own Device

  • employees get a choice of phone
  • can install MDM
  • technical policies etc
38
Q

What can MDM provide?

A
  • block app installation
  • DLP
  • turn features on/off such as WiFi connectivity so you are forced to only use cellular data (policy)
39
Q

What are 10 ways of hardening your mobile device?

A
  1. Update
  2. Antivirus
  3. User training
  4. Only use official app store
  5. no root/jailbreak
    6.only use V2 SIM
  6. turn off unnecessary features
  7. encryption for voice & data
  8. strong password or biometrics
  9. no BYOD