Mobile Vulnerabilities and Attacks
(OBJ 2.3, 2.5, & 4.1)
Different Types of Mobile Vulnerabilities
- Sideloading
- Installing apps from unofficial sources bypassing the device's default app store
- Can introduce malware; download apps from official sources with strict review processes
- Mitigation techniques
- always download apps from an official and trusted source
- Jailbreaking/Rooting
- Gives users escalated privileges on the devices and allows users to circumvent the built-in security measures provided by the devices
- Usually done for greater customization capabilities
- Exposes devices to potential security breaches
- Prevents installation of manufacturer updates, leaving devices vulnerable
- Gives users escalated privileges on the devices and allows users to circumvent the built-in security measures provided by the devices
- Insecure Connection Methods
- Using open Wi-Fi networks or pairing with unknown devices over Bluetooth exposes devices to attacks
- Can expose your mobile devices to eavesdropping, on-path attack, unauthorized data access, or other types of malicious attacks
- Mitigation techniques
- Use cellular data for more secure connections
- More trustworthy and secure than a Wi-Fi network is
- Connect only to known devices and set devices to non-discoverable when not pairing
- Use long, strong, complex passwords
- Use 802.1x authentication methods
- Use cellular data for more secure connections
- Using open Wi-Fi networks or pairing with unknown devices over Bluetooth exposes devices to attacks
Mobile Device Management (MDM)
- MDM solutions minimize mobile vulnerabilities by
- Patching
- Ensuring devices receive necessary security updates
- Configuration Management
- Enforcing standardized configurations for security
- Best Practice Enforcement
- Disabling sideloading, detecting jailbreaking/rooting, and enforcing VPN use
- Patching