17. Hacking Mobile Platforms
App sandboxing
A security mechanism that helps protect systems and users by limiting resources the app can access to its intended functionality on the mobile platform. Often, useful in executing untested code or untrusted programs from unverified third parties, suppliers, untrusted users, and untrusted websites
Android Trojans: SpyDealer
A spying Trojan that ex-filtrates the private and sensitive data from 40 adroid applciations including WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo It employees exploits from a commercial rooting app Baidu Easy Root to gain root privilege It abuses the Android Accessibility Service feature It extracts info like phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location, and connected wifi info.
FaceNiff
Allows you to sniff and intercept web session profiles over the wifi that your mobile is connected to It is possible to hijack sessions only when wifi is not using EAP, but it should work over any private networks
Browser-Based Point of Attackk : Clickjacking
Also known as a user interface redress attack, is a malicious technique used to trick web users to click something different from what they think they are clicking.
Browser-Based Point of Attack : Buffer Overflow
An abnormality whereby a program, while writing data to a buffer, surfeits the intended limit and overwrites the adjacent memory.
zANTI
An android application which allows you to perform following attacks: o Spoof MAC address o Create malicious wifi hotspot o Scan for open ports o Exploit router vulnerabilities o Password complexity audits o Man in the middle attack o DoS attack o Hijack sessions
Untethered Jailbreaking
An untethered jailbreak has the property that if the user turns the device off and back on, the device will start up completely, and the kernel will be patched without the help of a computer—in other words, it will be jailbroken after each reboot.
Application-based Point of Attack : Configuration Manipulation
Apps may use external configuration files and libraries, modifying those entities or affecting apps' capability of using those results in a configuration manipulation attack
Application-based Point of Attack : No Encryption/Weak Encryption
Apps that transmit data unencrypted or weakly encrypted are susceptible to attacks such as session hijacking.
Browser-Based Point of Attack : Man in the middle mobile
Attacker implants malicious code into the victim's mobile device to bypass password verification systems that send one-time passwords (OTPs) via Short Message Service (SMS) or voice calls.
Application-based Point of Attack : Escalated Privileges:
Attackers engage in privilege escalation attacks, which take advantage of design flaws, programming errors, bugs, or configuration oversights to gain access to resources usually protected from an application or user.
Phone/SMS based Point of Attack: Baseband Attacks
Attackers exploit vulnerabilities resident in a phone's GSM/3GPP baseband processor, which sends and receives radio signals to cell towers.
Application-based Point of Attack : Dynamic Runtime Injection:
Attackers manipulate and abuse the runtime of an application to circumvent security locks, logic checks, access privileged parts of an app, and even steal data stored in memory.
Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
Attackers use this to their advantage to exploit and infect a mobile device with malware such as viruses and Trojans, or compromise unencrypted data being transmitted across untrusted networks o Bluesnarfing (Stealing Information via Bluetooth) o Bluebugging (Taking Over a device via Bluetooth
Phone/SMS based Attacks
Baseband attacks SMiShing
Web server-based attack : Cross site request forgery
CSRF attacks exploit web page vulnerabilities that allow an attacker to force an unsuspecting user's browser to send unintended malicious requests. The victim holds an active session with a trusted site and simultaneously visits a malicious site that injects an HTTP request for the trusted site into the victim's session, compromising its integrity.
Jailbreaking iOS
Defined as the process of installing a modified set of kernel patches that allows users to run third-party applications not signed by the OS vendor Jailbreaking provides root access to the operating system and permits downloading of third-party applications, themes, extensions on iOS devices Jailbreaking removes sandbox restrictions, which enables malicious apps to access restricted mobile resources and info
Android Security Tool: Find My Device
Find My Device helps you easily locate a lost Android device, and keeps your info safe and sound while you look. o Go to https://www.google.com/android/find and sign in to your Google Account -If you have more than one device, click the lost device at the top of the screen -The device gets a notification - On the map, see about where the device is -Pick what you want to do. -If needed, first click Enable lock & erase -Play sound: rings your device at full volume for 5 min o Lock: locks your device with your PIN, pattern, or password o Erase: permanently deletes all data on your device
Android Device Tracking Tools
Find My Phone - anti-theft, device recovery app for Android that helps you find your lost, stolen, misplaced mobile phone or tablet. Where's My Droid - device tracking tool that allows you to track your phone from anywhere, either with a text messaged attention word or through the online control center known as Commander. o Prey Anti-Theft: Find My Android and Mobile Security o iHound o Mobile Tracker for Android o Tech Expert o GadgetTrak Mobile Security o My Device o Lost Android
Mobile Spyware : FlexiSPY
FlexiSpy is the mobile monitoring software used to spy on mobile phones and tablets. It supports Android, iPhone, iPad, PC and Mac and it can silently monitor all communications, locations, and user behavior of a smartphone from any web browser. Features: o Spying On Instant Messages o Call Interception o SMS Tracker o Tap into the Room o Cell Phone Tracker o Spy On Mobile Phones o VoIP Call Recording o Spy Remotely
Browser-Based Point of Attack : Data Caching
In mobile devices this stores information that is often required by mobile devices to interact with web applications, thereby saving scarce resources and resulting in better response time for the client application.
Mobile Protection Tools
Lookout Personal - helps to protect your device from security threats, loss, and theft, available for Android and iPhone devices. It provides mobile security, identity protection, and theft prevention in a single app Zimperium's zIPS - is the mobile intrusion prevention system app that provides comprehensive protection for iOS and Android devices against mobile network, device and application cyber attacks BullGuard Mobile Security - is an app for Android devices that provides total protection for mobile devices and personal data. It delivers complete mobile phone antivirus against all mobile phone viruses
Browser-Based Point of Attack
Phishing Framing Clickjacking Man in the middle mobile Buffer Overflow Data Caching
The System Point of Attack : Carrier-loaded Software
Pre-installed software or apps on devices may contain vulnerabilities that an attacker can exploit to perform malicious activities such as delete, modify, or steal data on the device, eavesdrop on calls, and others.
Mobile Device Management (MDM)
Provides platforms for over the air or wired distribution of applications, data and configuration setting for all types of mobile devices, including mobile phones, smartphones, tablet computers MDM helps in implementing enterprise-wide policies to reduce support costs, business discontinuity, and security risks It hlpes system administrators to deploy and manage software applocations across all enterprise mobile devices to secure, monitor, manage, and supports mobile devices
The System Point of Attack : Android Rooting:
Rooting allows Android users to attain privileged control (known as "root access") within Android's subsystem. Like jailbreaking, rooting can result in the exposure of sensitive data stored in the mobile device. Allows Android users to attain privileged control within Android's subsystem Rooting progress involves exploiting security vulnerabilities in the device firmware, and copying the subinary to a location in the current process's PATH and granting it executable permissions with the chmod command. process involves exploiting security vulnerabilities in the device's firmware, and copying the su binary to a location in the current process's PATH (e.g., /system/xbin/su) and granting it executable permissions with the chmod command
Application-based Point of Attack : Improper SSL Validation
Security loopholes in an application's SSL validation process may allow attackers to circumvent the data security.
Semi-tethered Jailbreaking
This jailbreak has the property that if the user turns the device off and back on, the device will start up completely, it will no longer have a patched kernel, but it will still be usable for normal functions. To use jailbroken addons, the user need to start the device with the help of the jailbreaking tool.
Jailbreaking - iBoot Exploit
This type of exploit can be semi-tethered if the device has a new bootrom. An iboot jailbreak allows user-level access and iboot-level access. This exploit takes advantage of a loophole in iBoot (iDevice's third bootloader) to delink the code-signing appliance. Firmware updates can patch these types of exploits
Jailbreaking Techniques
Untethered Jailbreaking Semi-tethered Jailbreaking Tethered Jailbreaking
Types of Jailbreaking
Userland Exploit iBoot Exploit Bootrom Exploit
Jailbreaking - Bootrom Exploit
Uses a loophole in the SecureROM (iDevice's first bootloader) to disable signature checks, which can be used to load patch NOR firmware. Firmware updates cannot patch these types of exploits. A bootrom jailbreak allows user-level access and iboot-level access. Only a hardware update of bootrom by Apple can patch this exploit.
Jailbreaking - Userland Exploit
Uses a loophole in the system application. It allows user-level access but does not allow iboot-level access. You cannot secure iOS devices against this exploit, as nothing can cause a recovery mode loop. Only firmware updates can patch these types of vulnerabilities
Tethered Jailbreaking
With this jailbreak, if the device starts up on its own, it will no longer have a patched kernel, and it may get stuck in a partially started state; in order for it to start completely and with a patched kernel, it essentially must be "re-jailbroken" with a computer (using the "boot tethered" feature of a jailbreaking tool) each time it is turned on.
Web server-based attack: Cross site scripting
XSS attacks exploit vulnerabilities in dynamically generated web pages, which enable malicious attackers to inject client-side script into web pages viewed by other users. It occurs when invalidated input data is included in dynamic content sent to the user's web browser for rendering.
Browser-Based Point of Attack : Phishing
emails or pop-ups redirect users to fake web pages of mimicking trustworthy sites that ask them to submit their personal information such as usernames, passwords, credit card details, address, and mobile number
Mobile Spyware : mSpy
mSpy is a mobile monitoring and spying application which runs on the target device to log all activities including call log history, GPS location, calendar updates, text messages, emails, web history, instant messenger chats, keystrokes, and so on and also can control applications. This product is useful to monitor versatile online/offline actions of employees and underage children. Features: o Monitor Internet Use (Browsing History, Website Bookmarks, Blocking Websites, Wi-Fi Networks, Keyword alerts) o Access Calendar and Address Book (Calendar Activities, Contacts) o Read Instant Messages (Skype, WhatsApp, iMessage, Social Network, Viber, Snapchat, LINE, Telegram, Tinder) o Control Apps and Programs (Installed Applications, Application blocking, Keylogger) o View Multimedia Files (Photos, Videos) o Remote Control (Device Wipeout, Locked Device, Additional Device Info, Control Panel)
iOS Trojans
o AceDeceiver -capable of conducting MITM attacks on any iPhone and is not limited to jailbroken devices - exploits design flaws in Apple's DROM mechanism o Spy/ MobileSpy! iPhoneOS -This malware allows an attacker to eavesdrop all incoming and outgoing calls, SMS, URLs and GPS position are logged to a remote server on the infected iOS device o DualToy Trojan o KeyRaider o XcodeGhost o AdThief/Spad o Trapsms o iKeyGuard o PawnStorm.B o WireLurker o Ikee/Eeki
Layers of Apple iOS
o Cocoa Touch: -This layer contains key frameworks that help in building iOS apps. These frameworks define the appearance of app, offers basic app infrastructure, and supports key technologies such as multitasking, touch-based input, push notifications, and many high-level system services. o Media: -This layer contains the graphics, audio, and video technologies that enable multimedia experiences in apps. o Core Services: -This layer contains fundamental system services for apps. Key among these services are Core Foundation and Foundation frameworks (defines the basic types that all apps use). Individual technologies that support features such as social media, iCloud, location, and networking belong to this layer. o Core OS: -This layer contains low-level features on which most other technologies are built. Frameworks in this layer are useful when dealing explicitly with security or communicating with an external hardware accessory.
Application Framework blocks
o Content Providers—Manages data sharing between applications. o View System—For developing lists, grids, text boxes, buttons, and so on. o Activity Manager—Controls the activity life cycle of applications. o Location Manager—Manages location, using GPS or cell towers. o Package Manager—Keeps track of the applications installed on the device. o Notification Manager—Helps applications display custom messages in a status bar. o Resource Manager—Manages various types of resources used. o Telephony Manager—Manages all voice calls. o Window Manager—Manages application windows.
(Bring Your Own Device) BYOD Policy Implementation
o Define your requirement o Select the devices of your choice and build a technology portfolio o Develop policies o Security o Support
(Bring Your Own Device) BYOD Benefits
o Increased productivity: o Employee satisfaction: o Lower Cost o Work Flexibility
iOS Device Tracking Tools
o Find My iPhone -allows you to use another iOS device to track a lost or misplaced mobile, iPhone, iPad, iPod touch, or Mac and protects its data. o Phonty o SpyBubble o GadgetTrak o iLocalis o GPS Tacker by FollowMee o iHound
Android Trojans
o GhostCtrl malware o Triada o AndroRAT o ZitMo (ZeuS-in-the-Mobile) o FakeToken o TRAMP.A o Fakedefender o Obad o FakeInst o OpFake o Dendroid
Jailbreaking Tools
o Keen Jainbreak - unofficial Semi-tethered tool that was released for iOS 11 beta versions o Yalu o Velonzy o Pangu9 Jailbreak o TaiG o Pangu o JAILBREAK o Redsn0w o evasi0n7 o Geeksn0w o Sn0wbreeze o LimeRa1n o Blackra1n
Mobile Attack Vectors
o Malware o Data Ex filtration o Data Tampering o Data loss
Additional Mobile Protection Tools
o McAfee Mobile Security o Kaspersky Internet Security for Android o AVG AntiVirus Pro for Android o F-Secure Mobile Security o Avast Mobile Security o Trend Micro Mobile Security for Android o Norton Mobile Security o Comodo Mobile Security o ESET Mobile Security o Bitdefender Mobile Security o Sophos Mobile Security for Android o WISeID
Android Phone Pen Testing
o Root an Android Phone -Try to Root an Android Phone to gain the administrative access to the Android devices using tools such as Kingo Android ROOT, TunesGo Root Android Tool, and so on. o Perform DoS and DDoS Attacks -Use tool LOIC, AnDOSid to perform DoS and DDoS attacks on Android phone. o Check for vulnerabilities in Android browser -Check whether cross-application-scripting error is present in the Android browser that allows hackers to easily hack the Android device and try to break down the web browser's sandbox using infected java script code. o Check for vulnerabilities in SQLite -Check whether email password is stored as plain text in the SQLite database and also check whether Skype on Android uses unencrypted SQLite database to store contacts, profile information and instant message logs. o Check for vulnerabilities in Intents -Try to exploit Android Intents to obtain the user's private information. You can use apset tool to detect application's communication vulnerabilities. o Detect capability leaks in Android devices -Use tool Co Checker, IntentFuzzer, and so on to detect capability leaks in Android devices.
Cloud: Database Attacks
o SQL injection o Privilege escalation o Data dumping o OS command execution
Android Vulnerability Scanners
o Threat Scan o Norton Halt exploit defender o Shellshock Scanner - Zimperium o Hackode o BlueBorne Vulnerability Scanner by Armis o EternalBlue Vulnerability Scanner
Native libraries
o WebKit and Blink—web browser engine to display HTML content o Open Max AL—it is a companion API to OpenSL ES but is used for multimedia (video and audio) rather than audio only o Libc—Comprises System C libraries o Media Framework—provides media codecs that allows recording and playback of different media formats o Open GL | ES—is a 3D graphics library o Surface Manager—meant for display management o SQLite—a database engine used for data storage purposes o FreeType—meant for rendering fonts o SGL—is a 2D graphics library o SSL—meant for Internet security
The Network point of attack
o Wifi weak encryption/ no encryption o Rogue access points o Packet sniffing o Man in the middle o Session hijacking o DNS poisoning o SSLStrip o Fake SSL Certificates
Mobile Anti-Spyware
-Malwarebytes anti-malware mobile tool is a protection against malware, ransomware, and other growing threats to Android devices. Features: o Detects and removes adware and malware o Blocks malware and ransomware automatically o Conducts privacy audit for all apps o Safer browsing - AntiSpy Mobile - FREE Spyware & Malware Remover - D-Vasive Anti-Spy - SpyWare Removal
OWASP Top 10 Mobile Risks 2016
1. improper platform usage This category covers misuse of a platform feature or failure to use platform security controls. 2. insecure data storage This category covers misuse of a platform feature or failure to use platform security controls. 3. insecure communication This covers poor handshaking, incorrect SSL versions, weak negotiation, cleartext communication of sensitive assets, and so on 4. insecure authentication This category captures notions of authenticating the end user or bad session management 5. insufficient cryptography This category is for issues where cryptography was attempted, but it was not done correctly. 6. insecure authorization This is a category to capture any failures in authorization (e.g., authorization decisions in the client side, and forced browsing) 7. client code quality This is the "Security Decisions Via Untrusted Inputs," one of our lesser-used categories. This would be the catch-all for code-level implementation problems in the mobile client, which is distinct from server-side coding mistakes. 8. code tampering This category covers binary patching, local resource modification, method hooking, method swizzling, and dynamic memory modification. 9. reverse engineering This category includes analysis of the final core binary to determine its source code, libraries, algorithms, and other assets. 10. extraneous functionality Often, developers include hidden backdoor functionality or other internal development security controls that are not intended to be released into a production environment
Android Trojans: BankBot
A banking Trojan that is comprised of sophisticated techniques is code obfuscation, payload dropping, and infection mechanism affecting android accessibility service This Trojan spreads by Jewel Star Classic android game application and after installing the app, the user will be tricked to enable malicious service and enter the credit card details.
Pangu Anzhuang
A simple application that allows you to install jailbreak apps for iOS 11.2.1 - iOS 10.2 versions. It is a No PC required jailbreak method. It is an online jailbreaking app installer for latest iOS versions. Anzhuang helps you to install jailbreak apps using the dev code extraction method. Specializes is that it perfectly works with all 64-bit and 32-bit devices. It allows you to install Cydia and popular Jailbreak apps to your latest iOS versions from developer code extraction method
Rooting Androids using KingRot
A tool used to root android devices. This tool can be used with or without PC. KingoRoot helps users root their Android devices to the following: - Preserve battery life - Access root-only apps - Remove carrier "bloatware" - Customizable appearance - Attain admin level permission
The Network point of attack : SSLStrip
A type of MITM attack in which attackers exploit vulnerabilities in the SSL/TLS implementation on websites. It relies on the user validating the presence of the HTTPS connection. The attack invisibly downgrades connections to HTTP, without encryption,
Phone/SMS based Point of Attack: SMiShing or SMS phishing
A type of phishing fraud in which an attacker utilizes SMS to send text messages to a victim that contains a deceptive link of a malicious website or a telephone number.
Mobile Pen Testing Toolkit
Hackode - is the hacker's toolbox. It is an application for penetration testers, ethical hackers, IT administrators, and cyber security professionals to perform different tasks such as reconnaissance, scanning for exploits, and so on.
Security Issues from App Stores
Insufficient or no vetting of apps leading to malicious and fake apps entering app marketplace App stores are common target for attackers to distribute malware and malicious apps Attackers can also social engineering users to download and run apps outside the official app stores Malicious apps can damage other applications and data, and send your sensitive data to attackers
Browser-Based Point of Attack : Framing
Involves a web page integrated into another web page using iFrame elements of HTML
Network Spoofer
Lets you change websites on other people's computers from an Android phone Features: o Flip pictures upside down o Flip text upside down o Make websites experience gravity o Redirect websites to other pages o Delete random words word from websites o Replace words on websites with others o Change all pictures to Trollface oWobble all pictures/ graphics around a bit
Application-based Point of Attack: Unintended Permissions
Misconfigured apps can at times open doors to attackers by providing unintended permissions.
Kaspersky Mobile Antivirus
Mobile antivirus is an Android security app focusing on anti-theft and virus protection for mobile and tablet devices. It is designed to help users find their device, step-by-step, in case if it is lost or stolen. It also protects the device against virus or malware attacks. Features o Antivirus protection o Background check o App Lock o Find my phone o Anti-Theft o Anti-Phishing o Call blocker o Web filter o Android 8 Support o Antivirus Database Expansion
Low Orbit Ion Cannon LOIC
Mobile application that allows the attacker to *perform DoS/ DDoS attacks* on the target IP address. This application can perform UDP, HTTP or TCP flood attacks Features: o Full control over traffic flow o Send data pcket to any IP address o Various methods to send data packets o Retrieve IP address from any real web-address o Send data packets to any port
Apple iOS
Operating system which supports Apple devices such as iPhone, iPod touch, iPad, and Apple TV The user interface is based on the concept of direct manipulation, using multi-touch gestures Applications: Cocoa Touch Media Core Services Core OS
Orbot Proxy
Proxy app that empowers other apps to use the internet more privately It uses Tor to encrypt your internet traffic and then hides it by bouncing through a series of computers around the world Attackers can use this application to hide their identity while performing attacks or surfing through the target web applications
Android Vulnerability Scanner: X-Ray
Scans your Android device to determine whether there are vulnerabilities that remain unpatched by your carrier. It presents you with a list of vulnerabilities that it is able to identify and allows you to check for the presence of each vulnerability on your device X-Ray is automatically updated with the ability to scan for new vulnerabilities as they are discovered and disclosed
DroidSheep
Simple Android tool for web *session hijacking*. It listens for HTTP packets sent via a wireless network connection and extracts the session IDs from these packets in order to reuse them. o It can capture sessions using the libpcap library and supports: OPEN Networks, WEP encrypted networks, WPA and WPA2 encrypted networks o ("sidejacking"), using libpcap and arpspoof.
Cydia
Software application for iOS that enables a user to find and install software packages on a jailbroken iPhone, iPod Touch, or iPad
Android OS
Software environment developed by Google for mobile devices that includes an operating system, middleware, and key applications. Architecture: o System applications o Java API framework o Native C/C++ Libraries o Android Runtime o Hardware Abstraction layer o Linux Kernel
Application-based Point of Attack : Sensitive Data Storage
Some apps installed and used by mobile users employ weak security in their database architecture, which make them targets for attackers to hack and steal sensitive user information stored in them
The System Point of Attack : Jailbreaking iOS
The process of removing security mechanisms set by Apple to prevent malicious code from running on the device. It provides root access to the OS and removes sandbox restrictions.
Android Device Administration API
These APIs allow developers to create security-aware applications that are useful in enterprise settings, in which IT professionals require rich control over employee devices. One can use a device administration ("admin") API to write device admin applications that users install on their devices. Policys supported o password enabled o Alphanumeric password required o Complex password required o Minimum length, letters, lowercase letters required in password o Minimum nonletter characters required in password o Minimum symbols, uppercase letters, numerical digits required in password o Password expiration timeout and history restriction o Maximum failed password attempts,inactivity time lock o Require storage encryption Disable camera
The System Point of Attack : User-initiated Code:
User-initiated code is an activity that tricks the victim to install malicious applications or clicking links where an attacker can install malicious code to exploit a user's browser, cookies, and security permissions.
The Data enter/ CLOUD point of attack
Web server-based Database.
NetCut
Wifi killing application that allows the attackers to identify the target devices and *block the access of WiFi* to the victim devices in a network. Block wifi access: 1. download and install NetCut android application on your device 2. launch the NetCut app in the mobile 3. after opening, it automatically scans for all the devices accessing the wifi network and displays the list under CUT tab on the interface 4 identify the target device and tap on it to block the wifi access to the device. The wifi propagation symbol on the left of the blocked device name turns red from blue. You can confirm this by nabigating to the JAIL tab on the interface, where the list of blocked devices will be displayed.
General Guidelines for Mobile Platform Security
o Use passcode o Update OS and Apps o Enable remote management and use remote wipe services o Do not allow Rooting or Jailbreaking o Encrypt storage o Perform periodic backup and synchronization o Filter e-mail forwarding barriers o Configure Application certification rules o Harden browser permission rules o Design and implement mobile device policies
Spy/ MobileSpy! iPhoneOS create files
o *System/Library/LaunchDaemons/com.ms.msd.plist*: this file ensures the msd daemon is run after reboot, and then run permanently. o *System/Library/LaunchDaemons/com.ms.mslocd.plist*: same but for the mslocd daemon. o *User/Library/SMS/sms.db*: this is a SQLite 3 database. messages, the spyware's version, and various internal counters. o *User/Library/CallHistory/call_history.db*: same as sms.db but for call logs. o *usr/libexec/msd*: the main spyware daemon o *usr/libexec/mdlocd*: location manager daemon o var/mobile/.ll.dat
Android Security Tools
o Avira Antivirus Security o Avast Antivirus & Security o McAfee Mobile Security & Lock o Lookout Security & Antivirus o Sophos Mobile Security o Malwarebytes for Android o AVG AntiVirus FREE for Android Security 2017 o TrustGo Mobile Security o 360 Security -Free Antivirus,Booster,Space Cleaner o Trend Micro Mobile Security & Antivirus o DroidSheep Guard oBull Guard Mobile Security o AVL Pro
iOS Devie Security Tools
o Avira Mobile Security -provides features such as web protection, identity safeguarding, identifies Phishing websites that target you personally, securing emails, tracking your device, identifying activities, organizing device memory, and backing up all your contacts, and so on for all iOS devices. o Norton Mobile Security o LastPass Password Manager o Lookout for iOS o SplashID Safe Password o Webrrot SecureWeb Browser o Wicker Me
iPhone Pen Testing
o Jailbreak the iPhone -Try to Jailbreak the iPhone using tools such as Cydia, Anzhuang, and so on. o Unlock the iPhone -Unlock the iPhone using tools such as iPhoneSimFree. o Use SmartCover to bypass passcode -Hold the power button of an iOS operating device until the power off message appears. Close the smart cover until the screen shuts down and opens the smart cover after few seconds. Press the cancel button to bypass the password code security. o Hack iPhone using Metasploit -Use the Metasploit tool to exploit the vulnerabilities in iPhone. Try to send malicious code as payload to the device to gain access to the device. o Check for access point -Setup an access point with the same name and encryption type. o Check iOS device data transmission on Wi-Fi networks -Perform MITM/SSL stripping attack by intercepting wireless parameters of iOS device on Wi-Fi network. Send malicious packets on Wi-Fi network using Cain & Abel tool. o Check whether the malformed data can be sent to the device -Use social engineering techniques such as sending emails and SMSs to trick the user to open links that contain malicious web pages.
Mobile Device Management Solutions
o MaaS360 - supports the complete MDM lifecycle for smartphones and tablets including iPhone, iPad, Android, Windows Phone, BlackBerry, and Kindle Fire o Citrix XenMobile contains MDM - mobile application management (MAM), mobile content management (MCM), secure network gateway, and enterprise-grade mobile productivity apps in one comprehensive enterprise mobility management solution. o VMware AirWatch o Sicap Device Management Centre o SOTI MobiControl o MobiLock Pro o ManageEngine Mobile Device Manager Plus o MobileIron's Mobile device management o Tangoe MDM
Mobile Platform Vulnerabilities and Risks
o Malicious apps in stores o Mobile malware o App sandboxing vulnerabilities o Weak device and app encryption o OS and app updates' issues o Jailbreaking and rooting o Mobile application vulnerabilities o Privacy issues (Geolocation) o Weak data security o Excessive permissions o Weak communication security o Physical attacks
SMS Phishing Countermeasures
o Never reply to a suspicious SMS without verifying the source o Do not click on any links included in the SMS o Never reply to a SMS that requires personal and financial information from you o Review the bank's policy on sending SMS o Enable the "block texts from the internet" feature from your provider o Never reply to a SMS that urges you to act or respond quickly o Never call a number left in a SMS o Do not fall for scams, gifts, and offers that seem to be unexpected o Attackers might send text messages through an Internet text relay service to conceal their identity; thus, it is best to avoid messages from nontelephonic numbers o Check for spelling mistakes, grammatical errors, or language inconsistency in text messages
The System Point of Attack
o No passcode/ weak passcode o iOS Jailbreaking o Android Rooting o OS data caching o Passwords and data accessible o Carrier-loaded software o User-initiated code
Android-based Sniffers
o Packet Sniffer o tPacketCapture o Android PCAP o Wicap. Sniffer Demo [ROOT] o Testeldroid o Postern o WiFinspect [Root] o SniffDroid
Cloud: Web server-based attacks
o Platform vulnerabilities o Server misconfiguration o Cross site scripting o Cross site request forgery o Weak input validation o Weak input validation o Brute force attacks
Application based Point of Attack
o Sensitive data storage o No encryption/ weak encryption o Improper SSL Validation o Configuration manipulation o Dynamic runtime injection o Unintended permissions o Escalated Privileges
(Bring Your Own Device) BYOD Risks
o Sharing confidential data on unsecured network o Data leakage and endpoint security issues o Improperly disposing device o Support of many different devices o Mixing personal and private data o Lost or stolen devices o Lack of awareness o Ability to bypass organizations network policy rules o Infrastructure issues o Disgrunted employees
Mobile Spyware Applications
o Spyera o Highster Mobile o TeenSafe o MobiStealth o TheTruthSpy o FlexiSpy o mSpy
Android Rooting Tool
o TunesGo—This tool has an advanced android root module that recognizes and analyzes your Android device and chooses the appropriate Android-root-plan for it automatically o One Click Root is Android rooting software that supports the most devices and comes with extra fail-safes (like instant unrooting) feature and offers full technical support. o Unrevoked o MTK Droid o Superboot o Superuser X [Root] o Root Uninstaller o Root Browser File Manager o Titanium Backup Root
Basic Features of MDM software
o Use of a passcode to the device o Remotely lock the device if lost o Remotely wipe data in the lost or stolen device o Detects if the device is rooted or jailbroken o Enforce policies and track inventory o Perform real time monitoring and reportin