PRACTICAL-10

AIM: TO STUDY ABOUT NETWORK EXPLOITS IN MOBILE DEVICES.

THEORY:
Network exploits on mobile devices refer to security
vulnerabilities and attacks that target the communication
channels and protocols used by mobile devices. These exploits
can compromise the confidentiality, integrity, and availability of
data on the device and can lead to various security issues.
Here are some common network exploits in mobile devices:

1) Data Leakage
Mobile apps are often the cause of unintentional data leakage.
For example, “riskware” apps pose a real problem for mobile
users who grant them broad permissions, but don’t always
check security. These are typically free apps found in official
app stores that perform as advertised, but also send personal—
and potentially corporate—data to a remote server, where it is
mined by advertisers, and sometimes, by cybercriminals.

Data leakage can also happen through hostile enterprise-signed

mobile apps. These mobile malware programs use distribution
code native to popular mobile operating systems like iOS and
Android to move valuable data across corporate networks
without raising red flags.

To avoid these problems, only give apps the permissions that

they absolutely need in order to properly function. And steer
clear of any apps that asks for more than necessary. The
September 2019 updates for Android and Apple iOS both added
protocols to make users more aware of it and why apps collect
users’ location data.

2) Unsecured Wi-Fi
No one wants to burn through their cellular data when wireless
hot spots are available—but free Wi-Fi networks are usually
unsecured. According to V3, in fact, three British politicians
who agreed to be part of a free wireless security experiment
were easily hacked by technology experts. Their social media,
PayPal and even their VoIP conversations were compromised.
To be safe, use free Wi-Fi sparingly on your mobile device. And
never use it to access confidential or personal services, like
banking or credit card information.
For example, cybercriminals often set up WiFi networks that
look authentic but are actually a front to capture data that
passes through their system (a “man in the middle” attack).
Here's what that looks like:
How to Reduce Risks Posed By Unsecured Public WiFi
The best way for you to protect your organization against
threats over public WiFi networks is by requiring employees to
use a VPN to access company systems or files. This will ensure
that their session stays private and secure, even if they use a
public network to access your systems.

3) Network Spoofing
Network spoofing is when hackers set up fake access points—
connections that look like Wi-Fi networks, but are actually
traps—in high-traffic public locations such as coffee shops,
libraries and airports. Cybercriminals give the access points
common names like “Free Airport Wi-Fi” or “Coffeehouse” to
encourage users to connect.

In some cases, attackers require users to create an “account”

to access these free services, complete with a password.
Because many users employ the same email and password
combination for multiple services, hackers are then able to
compromise users’ email, e-commerce and other secure
information. In addition to using caution when connecting to
any free Wi-Fi, never provide personal information. And
whenever you are asked to create a login, whether for Wi-Fi or
any application, always create a unique password.

4) Phishing Attacks
Because mobile devices are always powered-on, they are the
front lines of most phishing attack. According to CSO, mobile
users are more vulnerable because they are often monitor their
email in real-time, opening and reading emails when they are
received. Mobile device users are also more susceptible
because email apps display less information to accommodate
the smaller screen sizes. For example, even when opened, an
email may only display the sender’s name unless you expand
the header information bar. Never click on unfamiliar email
links. And if the matter isn’t urgent, then let the response or
action items wait until you’re at your computer.

5) Spyware
Although many mobile users worry about malware sending
data streams back to cybercriminals, there’s a key threat closer
to home: Spyware. In many cases, it’s not malware from
unknown attackers that users should be worried about, but
rather spyware installed by spouses, coworkers or employers to
keep track of their whereabouts and activity. Also known as
stalkerware, many of these apps are designed to be loaded on
the target’s device without their consent or knowledge. A
comprehensive antivirus and malware detection suite should
use specialized scanning techniques for this type of program,
which requires slightly different handling than does other
malware owing to how it gets onto your device and its purpose.

6) Broken Cryptography
According to Infosec Institute training materials, broken
cryptography can happen when app developers use weak
encryption algorithms, or fail to properly implement strong
encryption. In the first case, developers may use familiar
encryption algorithms despite their known vulnerabilities to
speed up the app development process. As a result, any
motivated attacker can exploit the vulnerabilities to crack
passwords and gain access. In the second example, developers
use highly secure algorithms, but leave other “back doors”
open that limit their effectiveness. For example, it may not be
possible for hackers to crack the passwords, but if developers
leave flaws in the code that allow attackers to modify high-level
app functions—such as sending or receiving text messages—
they may not need passwords to cause problems. Here, the
onus is on developers and organizations to enforce encryption
standards before apps are deployed.

7) Improper Session Handling

To facilitate ease-of-access for mobile device transactions,
many apps make use of “tokens,” which allow users to perform
multiple actions without being forced to re-authenticate their
identity. Like passwords for users, tokens are generated by
apps to identify and validate devices. Secure apps generate
new tokens with each access attempt, or “session,” and should
remain confidential. According to The Manifest, improper
session handling occurs when apps unintentionally share
session tokens, for example with malicious actors, allowing
them to impersonate legitimate users. Often this is the result of
a session that remains open after the user has navigated away
from the app or website. For example, if you logged into a
company intranet site from your tablet and neglected to log out
when you finished the task, by remaining open, a cybercriminal
would be free to explore the website and other connected parts
of your employer’s network.

8) End-to-End Encryption Gaps

An encryption gap is like a water pipe with a hole in it. While
the point where the water enters (your users’ mobile devices)
and the point where the water exits the pipe (your systems)
might be secure, the hole in the middle lets bad actors access
the water flow in between.
Unencrypted public WiFi networks are one of the most common
examples of an encryption gap (and it’s why they’re a huge risk
to organizations). Since the network isn’t secured, it leaves an
opening in the connection for cybercriminals to access the
information your employees are sharing between their devices
and your systems.
However, WiFi networks aren’t the only thing that poses a
threat—any application or service that’s unencrypted could
potentially provide cybercriminals with access to sensitive
company information. For example, any unencrypted mobile
messaging apps your employees use to discuss work
information could present an access point for a bad actor.

Solution: Ensure Everything is Encrypted

For any sensitive work information, end-to-end encryption is a
must. This includes ensuring any service providers you work
with encrypt their services to prevent unauthorized access, as
well as ensuring your users’ devices and your systems are
encrypted as well.