.png)
Module17 Hacking Mobile Platforms
Module 17: Hacking Mobile Platforms
Learn about mobile platform attack vectors, Android vulnerability exploits, and
mobile security guidelines and tools. Hands-On Lab Exercises: O ver 5
hands-on exercises with real-life simulated targets to build sk ills on how to:
> Hack an Android device by creating binary payloads
> Exploit the Android platform through ADB
> Hack an Android device by creating APK file
> Secure Android devices using various Android security tools
Key topics covered:
> Mobile Platform Attack Vectors
> OWASP Top 10 Mobile Risks
> App Sandboxing
> SMS Phishing Attack (SMiShing)
> Android Rooting
> Hacking Android Devices
> Android Security Tools
> Jailbreaking iOS
> Hacking iOS Devices
> iOS Device Security Tools
> Mobile Device Management (MDM)
> OWASP Top 10 Mobile Controls
> Mobile Security Tools
Section 01: Mobile Platform Attack Vectors
OWASP mobile top 10
M1: Improper platform usage
M2: Insecure data storage
M3: Insecure communication
M4: Insecure authentication
M5: Insecure cryptography
M6: Insecure authorization
M7: Client code quality
M8: Code tampering
M9: Reverse engineering
M10: Extraneous functionality
Bring your own device (BYOD)
Bring your own device is also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device.
Smsishing
Smishing is a form of phishing that utilizes our mobile phones as the attack platform to solicit our personal details like SSN or credit card number.
iOS jailbreaking
On Apple devices running iOS and iOS-based operating systems, jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by the manufacturer. Typically it is done through a series of kernel patches.
Android rooting
Rooting is the process of allowing users of the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems.
Section 02: Mobile Device Management
Acceptable use policy
An acceptable use policy (AUP), acceptable usage policy or fair use policy is a set of rules applied by the owner, creator or administrator of a computer network website, or service. That restricts the ways in which the network, website or system may be used and sets guidelines as to how it should be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers (ISPs),[4] and website owners,[5] often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.
Mobile device management (MDM)
Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices.
Personally Owned, Corporate Enabled
A personally owned device is any technology device that was purchased by an individual and was not issued by the agency. A personal device includes any portable technology such as cameras, USB flash drives, mobile wireless devices, tablets, laptops or personal desktop computers.
Coorperate Owned, Personally Enabled
As part of enterprise mobility, an alternative approach are corporate-owned, personally enabled devices (COPE). Under such policies, the company purchases and provides devices to their employees, but the functionality of a private device is enabled to allow personal usage.
0 Comments: