Certified Ethical Hacker (CEH) : Hacking Mobile Platforms

By
asima
-
0
851

Mobile Platform Attack Vectors

OWASP Top 10 Mobile Threats

Mobile Attack Vector

  • Malware
  • Data Loss
  • Data Tampering
  • Data Exfiltration

Vulnerabilities and Risk on Mobile Platform

The most common risks are:

  • Malicious third-party applications
  • Malicious application on Store
  • Malware and rootkits
  • Application vulnerability
  • Data security
  • Excessive Permissions
  • Weak Encryptions
  • Operating system Updates issues
  • Application update issues
  • Jailbreaking and Rooting
  • Physical Attack

Application Sandboxing Issue

Mobile Spam and Phishing

Open Wi-Fi and Bluetooth Networks

Hacking Android OS

Introduction to Android Operating System

Device Administration API

  • Email clients.
  • Security applications can do a remote wipe.
  • Device management services and applications.

Root Access / Android Rooting

Android Phones Security Tools

  • DroidSheep Guard
  • TrustGo Mobile Security
  • Sophos Mobile Security
  • 360 Security
  • Avira Antivirus Security
  • AVL
  • X-ray

Hacking iOS

iPhone Operating System

Jailbreaking iOS

Types of Jailbreaking

  1. Userland Exploit
    A Userland exploit is a type of iOS jailbreaking which allow User-level access without
    escalating to about-level access.
  2. iBoot Exploit
    An iBoot exploit is a type of iOS jailbreaking which allow User-level access and bootlevel
    access.
  3. Bootrom Exploit
    A bootrom exploit is a type of iOS jailbreaking which allow User-level access and
    boot-level access.

Jailbreaking Techniques

  1. Tethered Jailbreaking
  2. Semi-tethered Jailbreaking
  3. Untethered Jailbreaking

Jailbreaking Tools

The following are some of the iOS jailbreaking tools:

  • Pangu
  • Redsn0w
  • Absinthe
  • evasin0n7
  • GeekSn0w
  • Sn0wbreeze
  • PwnageTool
  • LimeRaln
  • Blackraln

Hacking Windows Phone OS

Hacking BlackBerry

Mobile Device Management (MDM)

MDM Deployment Methods

there are two types of MDM deployment

  • On-site MDM deployment
  • Cloud-based MDM deployment

Bring Your Own Device (BYOD)

BYOD Architecture Framework

  • BYOD Devices
  • Wireless Access Points (AP)
  • Wireless LAN Controllers
  • Identity Service Engine (ISE)
  • Cisco AnyConnect Secure Mobility Client
  • Integrated Services Router (ISR)
  • Aggregation Services Router (ASR)
  • Cloud Web Security (CWS)
  • Adaptive Security Appliance (ASA)
  • RSA SecurID
  • Active Directory
  • Certificate Authority

Mobile Security Guidelines

Some of the beneficial guidelines to secure your mobile phone are as follows:

  • Avoid auto-upload of files and photos
  • Perform security assessment of applications
  • Turn Bluetooth off
  • Allow only necessary GPS-enabled applications
  • Do not connect to open networks or public networks unless it is necessary
  • Install applications from trusted or official stores
  • Configure string passwords
  • Use Mobile Device Management MDM softwares
  • Use Remote Wipe Services
  • Update Operating Systems
  • Do not allow rooting / jailbreaking
  • Encrypt your phone
  • Periodic backup
  • Filter emails
  • Configure application certification rules
  • Configure mobile device policies
  • Configure auto-Lock

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here