Mobile Security Threats

 AI-Powered Phishing Attacks: Cybercriminals use AI to create

highly realistic phishing messages that are difficult to detect.

 Deepfake Scams: Fake voice and video calls used to impersonate

trusted individuals and steal sensitive information.

 Zero-Click Exploits: Malware that can infect a device without any

user interaction, often just by receiving a message.

 5G and IoT Vulnerabilities: More connected devices increase the

potential attack surface.

 Malicious Apps on Official Stores: Even official app stores like

Google Play and the App Store are not entirely safe; malicious apps
can still be found.

 Cloud Storage Breaches: Mobile data stored in the cloud is a

prime target for attackers.

 SIM Swapping 2.0: Hackers are improving methods to hijack

phone numbers, steal two-factor authentication (2FA) codes, and
access accounts.

 Cryptojacking on Mobile: Your phone's processing power can be

secretly used to mine cryptocurrency without your knowledge.

Introduction to Mobile Devices

Types of Mobile Devices:

 Smartphones: Devices with all the tools of a feature phone plus an

operating system (OS) that allows it to run apps and access the
internet.

 Wearables: Devices worn by the user, such as smartwatches

 Tablets: Portable computing devices typically without a built-in

keyboard or mouse.

 Portable computers: Devices that closely resemble the

functionality of desktop computers but are smaller, self-contained,
battery-powered, and easily transported. They often have a limited
OS version and a web browser with an integrated media player
Mobile Device Connectivity Methods

 USB connections: Different types and sizes of Universal Serial Bus

(USB) connectors on mobile devices used for data transfer.

 Bluetooth: Uses short-range radio frequency transmissions for

rapid device pairings (typically 10m, but can extend up to 100m).

 Wi-Fi (WLAN): A wireless local area network designed to replace or

supplement a wired local area network (LAN).

 Cellular: Provides coverage area for a cellular telephony network

divided into cells. Transmitters connect through a mobile
telecommunications switching office (MTSO) that controls all of the
transmitters in the cellular network

Enterprise Deployment Models

 Bring Your Own Device (BYOD): Employees use their own

personal mobile devices for business purposes. Employees have full
responsibility for choosing and supporting the device. Popular with
smaller companies or those with temporary staff.

 Benefits for Enterprise: High - Employees use personal devices with

minimal restrictions (Management Flexibility), High - Employees
manage their own devices (Less Oversight), High - No need to
purchase devices (Cost Savings), Low - Variety of devices and OS
creates complexity (Simplified IT Infrastructure), High - Employees
handle their own troubleshooting (Reduced Internal Service), High -
Employees work with familiar devices (Increased Employee
Performance).

 User Benefits: High - Employees use any device they prefer (Choice
of Device), High - Employees select their own carrier and plan
(Choice of Carrier), High - Employees use a familiar device for work
and personal tasks (Convenience).

 Corporate Owned, Personally Enabled (COPE): Employees

choose from a selection of company-approved devices. Employees
are supplied the device and paid for it by the company, but can use
it for personal activities. Company decides the level of choice and
freedom for employees.

 Benefits for Enterprise: Low - IT fully controls and manages devices

(Management Flexibility), Low - IT enforces strict policies (Less
Oversight), Low - Company bears full cost of devices (Cost Savings),
High - Standardized devices streamline management (Simplified IT
 Infrastructure), Low - IT fully responsible for maintenance and
support (Reduced Internal Service), Moderate - Corporate
restrictions may impact usability (Increased Employee Performance).

 User Benefits: Low - Company assigns a specific device (Choice of

Device), Low - Company decides the carrier and plan (Choice of
Carrier), Moderate - Employees carry only one device but with
restrictions (Convenience).

 Choose Your Own Device (CYOD): Employees choose from a

limited selection of approved devices but pay the upfront cost while
the business owns the contract. Employees are offered a suite of
choices that the company has approved for security, reliability, and
durability. Company often provides a stipend to pay monthly fees to
a wireless carrier.

 Benefits for Enterprise: Moderate - IT controls approved devices but

offers employee choice (Management Flexibility), Moderate - IT
manages security, but employees have some autonomy (Less
Oversight), Moderate - Company subsidizes or shares costs with
employees (Cost Savings), Moderate - Fewer devices to support
compared to BYOD (Simplified IT Infrastructure), Moderate - IT
supports a limited range of approved devices (Reduced Internal
Service), Moderate - Employees get a choice while ensuring
compatibility (Increased Employee Performance).

 User Benefits: Moderate - Employees choose from a list of approved

devices (Choice of Device), Moderate - Limited selection of
company-approved carriers (Choice of Carrier), High - Employees
get a company-approved device that suits their needs
(Convenience).

 Virtual Desktop Infrastructure (VDI): Stores sensitive

applications and data on a remote server accessed through a
smartphone. Users can customize the display of data as if it were
residing on their own mobile device. Enterprise can centrally protect
and manage apps and data on a server instead of distributing to
smartphones.

 Corporate owned: The device is purchased and owned by the

enterprise. Employees use the phone only for company-related
business. Enterprise is responsible for all aspects of the device.

Mobile Device Risks

Increased reliance on mobile devices for business means employees
access sensitive data, increasing the interest of threat actors. Security
risks include:

 Mobile device vulnerabilities

 Connection vulnerabilities

 Access to untrusted content

Mobile Device Vulnerabilities

 Physical security: Mobile devices are frequently lost or stolen.

 Limited updates: Security patches and OS updates are distributed

through firmware over-the-air (OTA) updates.

 Location tracking: Using geolocation data increases the risk of

targeted physical attacks. GPS tagging is a related risk.

 Unauthorized recording: Malware can infect a device and allow a

threat actor to spy on an unsuspecting victim and record
conversations or videos.

Connection Vulnerabilities

 Tethering: An unsecured mobile device tethered to a corporate

network may infect the network.

 USB On-the-Go (OTG): Connecting a malicious flash drive infected

with malware to a mobile device via OTG could lead to infection. The
infected device could then connect to an infected computer,
allowing malware to be sent.

 Malicious USB cable: A USB cable with an embedded Wi-Fi

controller can receive commands from a nearby device to send
malicious commands. This could exploit the system by giving the
attacker enough permissions.

 Hotspots: Public hotspots are beyond the control of the

organization. Attackers can eavesdrop on data transmissions and
view sensitive information.

Accessing Untrusted Content

 Users can bypass built-in installation limitations by jailbreaking

(iOS) or rooting (Android) their devices to download from unofficial
third-party app stores (sideloading).

 Untrusted content can enter mobile devices via SMS, MMS, and RCS
text messaging.
  Mobile devices can access untrusted content using QR codes.
Attackers can create advertisements with QR codes containing
malicious URLs (QR code phishing or quishing).

Jailbreaking and Rooting

 Jailbreaking an iPhone involves exploiting vulnerabilities in iOS to

remove Apple's security restrictions, gaining root access and
installing unauthorized apps or modifications. Jailbreak tools exploit
kernel exploits to bypass security layers like secure boot
process, kernel memory protections, or sandboxing
mechanisms. Jailbreaking runs iOS in a restricted user mode,
preventing access to system files, but elevates user privileges to
root, allowing unrestricted control.

Security Risks of Jailbreaking

 Increased Malware Risk: Unauthorized apps can introduce spyware

or ransomware.

 Weakened System Integrity: Removing Apple's security layers

exposes the device to attacks.

 No Software Updates: Jailbroken devices may not receive Apple's

official security patches.

 App and Service Restrictions: Some apps (e.g., banking apps) detect
jailbreaking and refuse to run for security reasons.

Protecting Mobile Devices

Configurations to consider:

 Strong Authentication: Verifying the authentic user of a device

requires a strong passcode and restricts unauthorized users with a
screen lock. Options include passcodes, PINs, fingerprint or facial
recognition, and pattern connecting dots.

 Segmentation: Separating business data from personal data on

mobile devices using containerization. This separates storage into
business and personal "containers" and helps companies avoid data
ownership privacy issues and legal concerns.

 Enable Loss or Theft Services: Security features to locate a lost

or stolen device. If location is impossible, a remote wipe may be
necessary.

 Security features include:

 Alarm: Device generates an alarm if on mute.

 Last known location: If the battery is low, the device's last known
location is shown online.

 Locate: Current location is pinpointed on a map via GPS.

 Remote lockout: Mobile device can be remotely locked with a

custom message on the login screen.

 Thief picture: Taking a picture of users who enter incorrect

passcodes three times and emailing it to the owner.

 Mobile Device Management (MDM): Tools to remotely manage a

device by an organization.

 Mobile Application Management (MAM): Covers application

management, including tools and services for distributing and
controlling access to apps.

 Mobile Content Management (MCM): Supports the creation,

editing, and modification of digital content by multiple employees.

 Unified Endpoint Management (UEM): Provides capabilities for

managing and securing mobile devices, applications, and content.