Cyber Security Fundamentals

Lecture 10
Mobile Device Security
Penetration Testing

Mukasheva A.K., Ph.D, associate professor

School of Information Technology and Engineering, KBTU
How mobile devices and apps are attacked
There are five main attack scenarios. Among them:
1.Physical access.
If the phone was stolen or lost, the owner gave it to a service or plugged it into a fake
charger via USB - all of these open the door to an attack.
How to protect yourself
First of all, be careful not to leave your phone and tablet unattended in public places. Be
sure to set a password to unlock your device or enable biometric protection if possible. Do
not elevate privileges to administrative (jailbreak or root), disable displaying notifications
on the locked screen.
How mobile devices and apps are attacked
2.Malicious app on the device.
Sometimes such apps can get on the device even from official sources, Google Play and App
Store (for Android, for iOS).

How to protect yourself

To protect yourself from such attacks, it is recommended to avoid installing applications
from untrusted sources in the first place. You should also be cautious about installing
applications with suspicious names, even from official app stores, as no checks work
perfectly. Update your OS and applications in a timely manner to eliminate the possibility of
attacks through known vulnerabilities.
How mobile devices and apps are attacked
3.An attacker in the communication channel.
By connecting to an untrusted Wi-Fi, proxy server or VPN, we become vulnerable to in-
channel attacks.
How to protect yourself
Don't connect to dubious access points or use proxy and VPN servers that you don't trust
with your personal and banking information. Don't install third-party certificates on your
device.
As a rule, most popular messengers and social networking apps are well protected against
such attacks; if, for example, one of these apps suddenly refuses to work over your current
Wi-Fi connection, it may mean that this access point is unsafe and it is better to disconnect
from it to avoid jeopardizing other apps, including your mobile bank.
How mobile devices and apps are attacked
4.Remote attacks.
An attacker can act remotely by using mobile app servers or other services to deliver an
exploit.

How to protect yourself

In this case, timely installation of application and OS updates is the only way to protect
yourself. If you can't install an update or it hasn't been released yet, you can temporarily
stop using the vulnerable application: uninstall it from your device or simply unlog it.
How mobile devices and apps are attacked
5.Server-side attacks.
Attacks on the server side of mobile applications can be considered separately from all other
attacks, since in this case the attacker does not need access to the device.
How to protect yourself
In this case, there is not much an ordinary user can do. However, it is possible to reduce the risk of
suffering a server attack by using a complex password and setting up two-factor authentication with
one-time passwords in all critical applications that allow it.
To minimize the likelihood of a successful attack on a mobile application, its developers should test
the feasibility of each of the scenarios described. Different intruder patterns should be taken into
account during development, and some protection measures should be taken at the design stage.
A good recommendation for developers is to implement security development lifecycle (SDL)
practices and regularly analyze the security of the application. Such measures will not only help to
identify potential threats in a timely manner, but will also increase the level of security knowledge
of developers, which will increase the level of security of developed applications in the long term.
What is penetration testing?
Pentest (penetration testing) or "ethical hacking" is the practice of testing a computer system, network, or web
application to identify vulnerabilities that an attacker can exploit. There are many methods of cyberattacks, the most
common of which are:

exploitation of
Malware social credential
hacking web DDoS attacks
exploitation engineering mining.
vulnerabilities

Penetration testing is a set of activities aimed at overcoming the defense systems of the customer's infrastructure by
simulating real attacks. If the attack is successful, a demonstration of exploitation of the identified vulnerabilities is
performed and recommendations for remediation are made.
Pentest includes:

Gathering information Identification of

about the target prior possible entry points Final report of findings
to testing and hacking attempts
What are the causes of system vulnerabilities?
Security loopholes appear at different stages of the process and depend on a variety of factors:
• Design error (e.g., design flaws are one of the most important factors in the occurrence of
security loopholes);
• incorrect setup and failed configuration of related hardware and software;
• network connectivity issues (a secure connection eliminates the possibility of malicious attacks,
while an insecure network provides a gateway for hackers to attack the system);
• human error (an error committed intentionally or unintentionally by an individual or team in the
design, deployment and maintenance of a system or network);
• communication error (improper or open transmission of sensitive data and information among
teams or individuals);
• excessive system complexity (it is easy to monitor the security mechanism of a simple network
infrastructure, but it is difficult to monitor leaks or any malicious activity in complex systems);
• Lack of training (lack of knowledge and proper security training both internally and for those
working outside the organizational structure).
What is the difference between penetration testing and vulnerability assessment?

Both of these techniques share the same goal of making a software product secure, but
have different workflows.
Penetration testing is real-time testing, either manually or with automation tools; the
system and its associated component are exposed to simulated malicious attacks to identify
security flaws.
Vulnerability assessment involves examining and analyzing a system using testing tools to
find loopholes in the defenses for multiple variants of malicious attacks. Through this
technique, vulnerable areas are identified that can provide hackers an opportunity to
compromise the system. In addition, the vulnerability assessment process includes various
corrective measures to address the identified weaknesses.
Vulnerability assessment follows a predefined and established procedure, whereas
penetration testing addresses the sole objective of destroying the system irrespective of
the approaches adopted.
How do you perform penetration testing?
System penetration testing may be performed using any of the following approaches:

manual automated
testing testing

a combination of manual and automated testing.

Manual penetration testing
A consistent standard approach is used to perform manual penetration testing of a
software product, including the following steps:

Penetration
Post-
testing Intelligence Vulnerability Exploitation. Reporting.
exploitation.
planning analysis
Automatic penetration testing
To name just a few of the popular and widely used penetration testing tools:

Nmap, THC OpenSSL, Cain &

Nessus Metasploit Wireshark.
Hydra w3af Abel
Combination of manual and automatic penetration testing
Penetration testing can be categorized into the following types depending on the elements
and objects used:

Social Web Network Remote Wireless

Client side
Engineering Application Service connection Networks.

Penetration testing can also be classified based on the testing approaches used:

White Box Black Box Gray Box

Limitations of penetration testing.
Penetration testing has a number of limitations:

limited scope of
testing based on the the possibility of
requirements in a system destruction
Data vulnerability
given time period or loss of a system lack of time and
(loss, corruption or
(which can lead to in a failed state as a high cost of testing
damage)
other important result of
areas being penetration testing
overlooked)

Hackers, armed with advanced technology with a wide range of resources and tools, often
easily break into a system or network with the intention of damaging a company's
reputation and assets. Penetration testing, more than other types of testing, can be seen as
a tool to identify various security gaps, helping to negate potential threats to the system as
a whole.