Chapter 38 Β· Flashcards

Mobile Device Vulnerabilities Flashcards

Click any card to reveal its definition.

0 / 10 flipped
Four Mobile Security Challenges
Tap to reveal
Mobile devices are harder to secure than workstations because of four inherent traits: (1) Physical smallness β€” easy to lose, steal, or conceal. (2) Constant motion β€” always connecting to new, potentially untrusted networks. (3) Data density β€” carries both personal and organizational sensitive data simultaneously, making it a high-value target. (4) Persistent connectivity β€” always connected to the internet, creating a continuous attack surface. These traits require additional security policies and technologies such as MDM.
Jailbreaking vs. Rooting β€” Which Platform?
Tap to reveal
Jailbreaking = Apple iOS (iPhone, iPad). Rooting = Android. Same concept, different terminology. Both involve installing custom firmware to gain root-level access to the device OS β€” access the manufacturer restricts by design. Both break the device's security model in the same ways: sandboxing compromised, secure boot bypassed, MDM enforcement unreliable, sideloading enabled. The platform-specific term is the exam detail β€” "jailbreak" on iOS, "root" on Android.
What Does Jailbreaking/Rooting Actually Do?
Tap to reveal
Installs custom firmware β€” replacing or modifying the original operating system β€” to gain root-level (superuser) administrative access. The original OS restricts this access by design. Once rooted/jailbroken: (1) Sandboxing can be escaped by privileged apps. (2) Secure boot verification is defeated β€” the device loads unverified firmware. (3) App permission model can be bypassed. (4) MDM becomes ineffective β€” its enforcement calls go into a compromised OS that cannot be trusted to honor them. (5) Sideloading becomes unrestricted.
Why Does Jailbreaking Make MDM Useless?
Tap to reveal
MDM agents enforce policies by calling operating system APIs. "Enforce encryption" = call the OS encryption API. "Verify PIN complexity" = call the OS lock screen API. "Remote wipe" = call the OS wipe command. On a jailbroken device, those APIs exist within a modified, untrusted OS. The modified OS can be instrumented to return whatever compliance values it wants while actually doing nothing. The MDM agent is still running β€” it just cannot trust the OS it is running on. Policy calls succeed silently, but nothing is actually enforced.
Sideloading
Tap to reveal
Installing applications on a mobile device from a source other than the official, vetted app store. Sideloading bypasses the App Store vetting process β€” no developer verification, no malware scanning, no policy review. On jailbroken iOS: fully unrestricted. On Android: available through "Unknown Sources" / "Install Unknown Apps" setting even without rooting. Risk: a single malicious sideloaded app (a Trojan horse) can steal credentials, exfiltrate data, and silently access camera/microphone. MDM cannot reliably control sideloaded app inventory.
App Store Vetting β€” What It Provides
Tap to reveal
Official app stores (Apple App Store, Google Play) provide security layers before apps reach users: (1) Developer account and identity verification. (2) Automated malware and code scanning on submission. (3) Human policy review for suspicious functionality. (4) Ongoing monitoring β€” known malicious apps can be removed remotely. Sideloading skips all of these. While not perfect (XcodeGhost and others slipped through official reviews), the vetting process meaningfully reduces the probability of installing malicious software compared to installing apps from arbitrary sources.
Trojan Horse App
Tap to reveal
A mobile application that appears useful or legitimate while containing hidden malicious functionality. May appear as a game, utility, productivity tool, or system app. Hidden behavior typically includes: credential harvesting (keystroke logging, form capture), data exfiltration (contacts, files, emails), surveillance (camera/microphone access), or acting as a C2 beacon. Sideloaded apps have a significantly higher Trojan horse risk because no third party has reviewed the code. One successful Trojan installation can expose all data on the device β€” the user installed it voluntarily.
Sandboxing (Mobile)
Tap to reveal
A core mobile OS security mechanism that isolates each app in its own restricted container. A sandboxed app can only access its own data and explicitly granted system resources β€” it cannot read another app's data or access privileged OS functions. Jailbreaking/rooting breaks the sandbox: apps running with root access can escape their container and access any data on the device, including data from other apps (including credential stores, corporate email, banking apps). This is why a Trojan horse on a jailbroken device is significantly more dangerous than on a non-jailbroken device.
AUP and Mobile Devices
Tap to reveal
Acceptable Use Policies (AUPs) are the administrative control layer for mobile device security, complementing technical MDM controls. Typical mobile AUP provisions: jailbreaking and rooting are explicitly prohibited; sideloading is restricted to approved organizational sources; MDM enrollment and compliance are required for corporate access; lost/stolen devices must be reported immediately; violations are subject to disciplinary action up to termination. AUPs don't prevent technical compromise, but establish expectations, create accountability, and give the organization standing to act on violations.
BYOD Mobile Security Risk
Tap to reveal
Bring Your Own Device programs allow personal devices to access corporate resources, introducing unique risks: (1) Devices may already be jailbroken/rooted before enrollment. (2) Employees may resist MDM policies on personal devices, creating pressure to weaken controls. (3) Employees may sideload personal apps that would not be permitted on corporate devices. (4) Personal and organizational data coexist on the same device β€” the organizational data is only as secure as the weakest app on the personal side. MDM enrollment with jailbreak/root detection, compliance checking, and clear BYOD policies are essential controls.