Mobile Communications & IoT Security Risks

These flashcards cover key concepts related to mobile communications and IoT attacks, their methodologies, vulnerabilities, and protections based on OWASP guidelines.

What are the three main attack avenues for mobile and IoT devices?

Device, Network, Data center/cloud.

What type of vulnerability does M2 of the OWASP Mobile Top 10 refer to?

Insecure data storage.

Name one tool used for vulnerability scanning in mobile and IoT environments.

Nmap.

What does rooting ensure on an Android device?

Gaining administrative privileges.

What does the term 'smishing' refer to?

SMS phishing.

List the three methods of jailbreaking an iOS device.

Userland, iBoot, BootROM.

What does OWASP I1 refer to in IoT security?

Weak guessable or hardcoded passwords.

What is the role of a gateway in IoT?

It collects and sends data to the cloud.

M1 in the OWASP Mobile Top 10 addresses what issue?

Improper platform usage.

What attack involves rogue Access Points?

DNS cache poisoning.

Define 'Bluebugging' in the context of Bluetooth attacks.

Gaining unauthorized access to a Bluetooth-enabled device.

What does the OWASP IoT I6 address?

Insufficient privacy protection.

What methodology involves information gathering using Shodan?

Vulnerability assessment.

What type of attack does 'Bluesniffing' refer to?

Intercepting Bluetooth communications to capture data.

What vulnerability is addressed by M8 in the OWASP Mobile Top 10?

Code tampering.

What does maintaining access refer to in an attack methodology?

Ensuring continued control over a compromised system.

In IoT, what is the significance of middleware?

Facilitates communication between applications and networks.

What vulnerability does I4 of the OWASP IoT Top 10 highlight?

Lack of secure update mechanism.

What does 'bluesnarfing' allow an attacker to do?

Access and steal information from a Bluetooth-enabled device.

What is a characteristic of insecure data transfer/storage?

Data is not adequately protected during transmission or at rest.

What kind of attacks can utilize phishing?

Social engineering attacks that deceive individuals to gain confidential information.

In mobile security, what does 'client code quality' refer to?

The security and performance of the code on the client side.

What does I5 of the OWASP IoT Top 10 address?

Use of insecure or outdated components.

Define the purpose of 'reverse engineering' as categorized in OWASP M9.

Analyzing an application's code or structure to find vulnerabilities.

What are the roles of edge technology in IoT?

It processes data close to the source before sending it to the cloud.

What attack method uses Telnet?

Remote access to a device for exploitation purposes.