Module17 Hacking Mobile Platforms

Thursday, February 29, 2024 0 Comments

 Module 17: Hacking Mobile Platforms

Learn about mobile platform attack vectors, Android vulnerability exploits, and

mobile security guidelines and tools. Hands-On Lab Exercises: O ver 5

hands-on exercises with real-life simulated targets to build sk ills on how to:

> Hack an Android device by creating binary payloads

> Exploit the Android platform through ADB

> Hack an Android device by creating APK file

> Secure Android devices using various Android security tools

Key topics covered:

> Mobile Platform Attack Vectors

> OWASP Top 10 Mobile Risks

> App Sandboxing

> SMS Phishing Attack (SMiShing)

> Android Rooting

> Hacking Android Devices

> Android Security Tools

> Jailbreaking iOS

> Hacking iOS Devices

> iOS Device Security Tools

> Mobile Device Management (MDM)

> OWASP Top 10 Mobile Controls

> Mobile Security Tools

Section 01: Mobile Platform Attack Vectors

OWASP mobile top 10

    M1: Improper platform usage

    M2: Insecure data storage

    M3: Insecure communication

    M4: Insecure authentication

    M5: Insecure cryptography

    M6: Insecure authorization

    M7: Client code quality

    M8: Code tampering

    M9: Reverse engineering

    M10: Extraneous functionality

Bring your own device (BYOD)

Bring your own device is also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device.

Smsishing

Smishing is a form of phishing that utilizes our mobile phones as the attack platform to solicit our personal details like SSN or credit card number.

iOS jailbreaking

On Apple devices running iOS and iOS-based operating systems, jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by the manufacturer. Typically it is done through a series of kernel patches.

Android rooting

Rooting is the process of allowing users of the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems.

Section 02: Mobile Device Management

Acceptable use policy

An acceptable use policy (AUP), acceptable usage policy or fair use policy is a set of rules applied by the owner, creator or administrator of a computer network website, or service. That restricts the ways in which the network, website or system may be used and sets guidelines as to how it should be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers (ISPs),[4] and website owners,[5] often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.

Mobile device management (MDM)

Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices.

Personally Owned, Corporate Enabled

A personally owned device is any technology device that was purchased by an individual and was not issued by the agency. A personal device includes any portable technology such as cameras, USB flash drives, mobile wireless devices, tablets, laptops or personal desktop computers.

Coorperate Owned, Personally Enabled

As part of enterprise mobility, an alternative approach are corporate-owned, personally enabled devices (COPE). Under such policies, the company purchases and provides devices to their employees, but the functionality of a private device is enabled to allow personal usage.