Mobile Device Security and Ethical Hacking

Device Architecture and Common Mobile Threats

The first section of the course quickly looks at the significant threats affecting mobile device deployments, highlighted with a hands-on exercise evaluating network traffic from a vulnerable mobile banking application. As a critical component of a secure deployment, we will examine the architectural and implementation differences and similarities in Android (including Android Marshmallow), Apple iOS 9, and the Apple Watch and Google Wear platforms. We will also look at the specific implementation details of popular platform features such as iBeacon, AirDrop, App Verification, and more. Hands-on exercises will be used to interact with mobile devices running in a virtualized environment, including low-level access to installed application services and application data.
 

We'll look at the tools used to evaluate mobile devices as part of establishing a lab environment for mobile device assessments including the analysis of mobile malware affecting Android and non-jailbroken iOS devices. Finally, we will address the threats of lost and stolen devices (and opportunities for a pen tester) including techniques to bypass mobile device lock screens.

Benefits:

With most of our digital lives now revolving around the use of smartphones and tablets, mobile security has become a major security concern. This course will look in-depth into all aspects of mobile security. Beginning with risk assessment of mobile applications we will examine the various dangers and threats which put our consumer and data privacy at risk. We cover real world examples security breaches either of the smartphone security framework or by 3rd party applications. Concepts of rooting/jailbreaking will be covered to show how 3rd party apps can be installed on the device. The training also covers in detail the various security frameworks across different mobile platforms like Apple & Android with understanding of common threats and best security practices. Secure mobile application design strategies will be put forward to encourage programmers and developers to write secure code in their application(s) for making robust and hardened apps. This will ensure the highest levels of security measures in the apps and subsequently peace of mind for the clients.

Target Audience:

  • Security Enthusiasts
  • IT professionals
  • Mobile Application Developers seeking to understand typical mobile application security issues in detail.

Prerequisites:

  • Basic Knowledge of Computer and Internet

Course Length:

  • 40 hours

Course outline:

Mobile Problems and Opportunities
  • Challenges and opportunities for secure mobile phone deployments
  • Weaknesses in mobile devices
  • Exploiting weaknesses in mobile apps: bank account hijacking exercise
Mobile Device Platform Analysis
  • iOS and Android permission management models
  • Code signing weaknesses on Android
  • Inter-app communication channels on iOS
  • Android app execution: Android Runtime vs. Android Dalvik virtual machine
  • Android Marshmallow security benefits
Wearable Platforms
  • Application isolation and data sharing for Apple Watch
  • Network connectivity and Android Wear apps
  • Data exfiltration in WatchOS
  • Weaknesses in wearable device authentication controls
  • Deficiencies in Android Wear and storage encryption
  • Evaluating other wearable platforms: Fitbit and Tizen
Mobile Device Lab Analysis Tools
  • Using iOS and Android emulators
  • Android mobile application analysis with Android Debug Bridge (ADB) tools
  • Uploading, downloading and installing applications with ADB
  • Application testing with the iOS Simulator
Mobile Device Malware Threats
  • Trends and popularity of mobile device malware
  • Mobile malware command and control architecture
  • Efficiency of Android ransomware malware threats
  • Analysis of iOS malware targeting non-jailbroken devices
  • Mobile malware defenses: what works, and what doesn't