Mobile Devices Ethical Hacking

Introduction

The objective of the course is to provide an understanding of the fundamental risks of mobility, as well as those involving Wi-Fi and mobility infrastructure.

It presents real world use cases on how devices can be compromised using industry attack tools and engages attendees in solution analysis methodology designed to protect against such vulnerabilities.

Participants will learn how to significantly mitigate the risk introduced as a result of mobile devices accessing corporate data, while still preserving a seamless and productive user experience. The class involves participants through a combination of focused mobile protection labs and whiteboard sessions detailing potential solution and mitigation options.

More and more, with not only standard everyday mobile phone users but now with businesses increased reliance on these devices, organizations are quickly recognizing that mobile phones and tablets and other portable devices require greater security controls than a rubberized shock protector and complex password.

Course Outline

Module 1 Mobile Problems and Opportunities

  • Challenges and opportunities for secure mobile phone deployments
  • Weaknesses in mobile phones
  • Exploit tools and attacks against mobile phones and tablets

Module 2 Mobile Devices and Infrastructure

  • BlackBerry network and platform architecture
  • iOS security features and weaknesses
  • Managing iOS devices with Microsoft Exchange
  • Google Play Marketplace and third-party application stores
  • Windows Phone architecture and development platforms

Module 3 Mobile Device Security Models

  • Privilege and access models on multiple platforms
  • Device encryption support and threats
  • Emerging changes in platform security from Android and Apple

Module 4 Legal Aspects of Mobile

  • Privacy concerns and threats
  • Mobile phones and data break reporting considerations
  • Proposed legislation affecting mobile devices

Module 5 Policy Considerations and Development

  • Steps and recommendations for establishing policies
  • Mobile devices and local, cloud and offline data storage
  • Device theft/loss and company culture for reporting effectiveness

Module 6 Wireless Network Infrastructure

  • Designing a wireless LAN system for mobile phones
  • Decision: network isolation or integration for mobile phones
  • Threat of guest/open networks

Module 7 Mobile Device Management System Architecture

  • Vendor options for MDM solutions
  • Limitations for remote device management by mobile phone platform
  • MDM network protocols and architectures

Module 8 Mobile Device Management Selection

  • Critical MDM feature evaluation
  • Deployment model considerations for enterprise networks
  • Picking an MDM solution that fits your needs

Module 9 Back-end Application Support Attacks

  • Exploiting SQL injection in mobile application frameworks
  • Leveraging client side injection attacks
  • Getting end-to-end control of mobile application server resources

Module 10 iScanOnline

  • From Developer of Saint
  • Scanning from the inside out
  • MDM, Bricking, Remote Erase
  • GeoLocation

Module 11 Mitigating Stolen Devices

  • Bypassing iOS and Android passcode locks
  • Decrypting iOS keychain credentials
  • Accessing mobile device backup data
  • Creating a lost device reporting program
  • Leveraging remote device wipe strategies

Module 12 Unlocking, Rooting, Jail Breaking Mobile Devices

  • Goals of unlocking
  • Jail Breaking iOS
  • Unlocking Windows Phone
  • Rooting Android
  • BlackBerry platform restrictions