Mobile Security Final

Risk Assessment

Identifies assets, threats, vulnerabilities, impacts, and mitigation strategies; broader than vulnerability assessment

Vulnerability Assessment

Identifies, evaluates, and documents vulnerabilities; often uses scanners

Interception

Risk where data traveling over a network is captured; mitigated with encryption

Availability

Ensuring systems and services remain accessible; mitigated with redundancy and fault tolerance

Access

Points where users enter/exit a network; controlled with firewalls, IPS, VPN

Exposure Factor (EF)

Percentage of asset loss from a threat

Single Loss Expectancy (SLE)

Monetary loss from one occurrence of a risk

Annual Rate of Occurrence (ARO)

Expected number of times a risk occurs per year

Annualized Loss Expectancy (ALE)

Yearly expected loss; calculated as ARO × SLE

Defense in Depth

Using multiple layers of security controls to protect systems

Version Analysis (Scanning)

Identifies vulnerabilities by checking software versions

Behavior Analysis (Scanning)

Identifies vulnerabilities by analyzing system responses

EAPoL

Protocol used to send authentication credentials between client and access point

RADIUS

Protocol used to authenticate users via a central server

Temporal Keys

Temporary encryption keys given after successful authentication

Passcode vs Biometrics

Passcodes are more legally secure; biometrics can be forced

Mobile Malware

Malicious software targeting mobile devices

Side-loaded Apps

Apps installed from outside official stores; higher security risk

Android Security Model

Linux-based system using sandboxing, permissions, and separate processes

Android Sandbox

Each app runs as its own user/process, isolating data and memory

File-System Permissions (Android)

Prevent apps from accessing other apps’ data unless explicitly allowed

Android Rooting

Gaining root access; bypasses security and increases malware risk

Android Fragmentation

Many devices and OS versions create inconsistent security

Android SDK

Tool used to build/decompile apps; can expose code for analysis

iOS Security Model

Walled garden approach with strict control over apps and system access

Application Provenance

Verifies app authenticity via digital signatures

iOS Sandbox

Isolates apps and prevents access to system/kernel or other apps

Jailbreaking

Removing iOS restrictions; weakens security

Android vs iOS (Core Difference)

Android is open and flexible; iOS is controlled and restricted

BYOD (Bring Your Own Device)

Employees use personal devices for work; creates security risks

MDM (Mobile Device Management)

Controls entire device; remote wipe, lock, update, enforce policies

MAM (Mobile Application Management)

Manages apps; distribution, licensing, configuration

Kali Linux

Security-focused OS with penetration testing tools

Airodump-ng

Tool used to scan wireless networks and collect data

BSSID

MAC address/identifier of an access point

ESSID

Network name (SSID)

Evil Twin Attack

Fake Wi-Fi access point with same SSID to trick users

Deauthentication Packet

Disconnects users from real AP to force reconnection to attacker

RADIUS Impersonation

Fake AP and RADIUS server capture authentication traffic

EAP-TLS

Certificate-based authentication that mitigates RADIUS attacks

Drive-by Browser Exploit

Infection occurs just by visiting a compromised website

Captive Portal Attack

Fake login page used to steal credentials

Public Certificate Authority Exploit

Abuse of SSL/TLS certificates for spoofing or interception

Developer Certificate Abuse

Stolen or forged certificates used to sign malicious apps

OWASP Mobile Risks

Common mobile vulnerabilities like weak auth, insecure storage, broken crypto

Binary Protections

Prevent reverse engineering and tampering of apps

Fingerprinting

Identifying a device/user based on characteristics

Proximity Fingerprinting

Identifying devices on a local network

Remote Fingerprinting

Identifying devices online via browser/system traits

Passive Fingerprinting

Observing existing traffic without interacting

Active Fingerprinting

Directly querying device for info

IMEI

Unique identifier for mobile devices

UDID

Unique identifier used by Apple devices

HTTP Headers (Fingerprinting)

Used to create temporary device fingerprints

Spyware

Tracks user activity like browsing, location, contacts

PUA (Potentially Unwanted Application)

App that tracks data or wastes resources without clear benefit

Stingray / IMSI Catcher

Fake cell tower used to intercept and track mobile devices

Stingray vs Evil Twin

Stingray targets cellular networks; evil twin targets Wi-Fi

Excessive App Permissions

Apps requesting unnecessary access (red flag for malware)

Mobile Browser Security

Use HTTPS, update software, block pop-ups, clear cache, check permissions

Strong Password Policy

Long passwords, auto-lock, and wipe after failed attempts

Remote Wipe

Ability to erase device data remotely if lost or stolen

Data Containerization

Separating business data from personal data on devices