Section 01: Mobile Platform Attack Vectors

Attack Vectors

OWASP mobile top 10

• M1: Improper platform usage

• M2: Insecure data storage

• M3: Insecure communication

• M4: Insecure authentication

• M5: Insecure cryptography

• M6: Insecure authorization

• M7: Client code quality

• M8: Code tampering

• M9: Reverse engineering

• M10: Extraneous functionality

BYOD (Bring your own device)

Bring your own device (BYOD /ˌbiː waɪ oʊ ˈdiː/)—also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device.

Smsishing

Smishing is a form of phishing that utilizes our mobile phones as the attack platform to solicit our personal details like SSN or credit card number.

iOS jailbreaking

On Apple devices running iOS and iOS-based operating systems, jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by the manufacturer. Typically it is done through a series of kernel patches.

Andriod rooting

Rooting is the process of allowing users of the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems.

Links

• https://owasp.org/www-project-mobile-top-10/

• https://en.wikipedia.org/wiki/Bring_your_own_device

• https://en.wikipedia.org/wiki/IOS_jailbreaking

• https://en.wikipedia.org/wiki/Rooting_(Android)