CH. 15:
Hacking Mobile Platforms
Chapter 15: Objectives
•
Understanding Mobile Platform Attack Vectors
•
Understanding Various Android Threats and Attacks
•
Understanding Various iOS Threats and Attacks
•
Understanding Various Windows Phone OS Threat and Attacks
•
Understanding Various BlackBerry Threats and Attacks
•
Understanding Mobile Device Management (MDM)
•
Mobile Security Guidelines and Security Tools
•
Overview of Mobile Penetration Testing
The Future of Mobile
Module Flow
Mobile Platform Attack Vectors pg 1917
Vulnerable Areas in Mobile Business Environment
Mobile Platform Attack Vectors pg 1918
OWASP Mobile Top Ten Risks
Mobile Platform Attack Vectors pg 1921 - 27
Anatomy of a Mobile Attack
Mobile Platform Attack Vectors pg 1928
How a Hacker can Profit from Mobile attacks
Mobile Platform Attack Vectors pg 1929
Mobile Attack Vectors
Mobile Platform Attack Vectors pg 1930
Mobile Platform Vulnerabilities and Risks
Mobile Platform Attack Vectors pg 1931
Security Issues Arising from App Stores
Mobile Platform Attack Vectors pg 1932
App Sandboxing Issues
Mobile Platform Attack Vectors pg 1933
Mobile Spam
Mobile Platform Attack Vectors pg 1934
SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
•
Most of the consumers access the
internet through a mobile
•
Easy to set up a mobile phishing
campaign
•
Difficult to detect and stop before they
cause harm
•
Mobile users are not conditioned to
receiving spam text messages on
their mobile
•
No mainstream mechanism for
weeding out spam SMS
•
Most of the mobile anti-virus does not
check the SMS
Mobile Platform Attack Vectors pg 1935
Why SMS is Effective and Examples
You Can't Patch Stupid!
Mobile Platform Attack Vectors pg 1936
Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
Open or discoverable mobile devices
are a considerable risk of Bluetooth
attacks to include:
BlueSnarfing – Theft of information from
a wireless device through BT.
Allows
attacker access to contact lists, emails,
text messages, photos, videos and any
other data on the phone.
Bluebugging – Attacker gaining remote
access to use its features without
victims knowledge.
Attacker creates
backdoor allowing sniffing of all data,
receive calls, text messages, intercept
phone calls and messages, as well as
forwarding the messages.
Attacker also
has access to photos, videos and
contact list.
Module Flow
Hacking Android OS
pg 1939
Android OS
Hacking Android OS
pg 1940
Android OS Architecture
•
Introduced in Android 2.2
provides device
administration features.
Allowing rich control over
employees devices in an
enterprise environment.
Hacking Android OS
pg 1942
Android Device Administration API
You've reached the end of your free preview.
Want to read all 102 pages?
- Spring '15
- Tom Mabe
- App Store, Windows Mobile, Mobile operating system
