Mobile Device Attacks
- Jailbreaking (iOS)
- Grants root privileges, allows sideloading and OS modifications
- Removes Apple’s protections; patches/upgrades may break or be unavailable
- Rooting (Android)
- Grants root access, enables unrestricted actions
- Methods: exploits or custom ROMs (may contain malicious code)
- Systemless Root: Roots without modifying system partitions (harder to detect)
- Sideloading
- Installs apps from APK/IPA outside official stores
- Bypasses security checks; unsigned apps may contain malware
- Example (ADB):
adb install myapp.apk
- Unsigned Apps
- Lack digital signatures → integrity cannot be verified
- Increase risk of malware; install only from official stores
- Security Best Practices
- Device Configuration Profiles (MDM XML policies): ensure only trusted profiles are installed
- Full Device Encryption:
- iOS: 256-bit unique ID; Android: AES
- Protects data-at-rest if device is lost/stolen
- VPNs: Secures connections at OS, app, or web layer
- Location Services & Geofencing: Restrict access based on geographic boundaries
- MobSF (Mobile Security Framework)
- Static Analysis: Decompile APK/IPA, inspect code for vulnerabilities, API keys
- Dynamic Analysis: Sandbox execution, detect runtime issues
- Frida
- Dynamic instrumentation for function hooking, memory dumps, bypass anti-root
frida -U -f com.target.app -l script.js --no-pause
- Drozer
- Android attack framework; probes content providers, IPC, permissions
drozer console connect
run scanner.provider.insecure
- ADB (Android Debug Bridge)
- CLI tool for Android device communication
- Install/debug apps, access shell, inspect file system
adb shell
adb pull /sdcard/log.txt .
Bluetooth Attacks
- Bluejacking
- Sends unsolicited messages via Bluetooth messaging
- Steps:
- Enable Bluetooth (discoverable mode)
- Scan for nearby devices
- Select device, send a contact card with a message
- Harmless but disruptive when many users are present
- Bluetooth Spamming
- Sends repeated messages or files; may exploit device vulnerabilities
- Steps:
- Scan for devices (e.g., Wireshark)
- Collect target addresses
- Automate repeated sends via script/tool
- Mitigations: Disable Bluetooth when not in use; non-discoverable mode; reject unknown pairing
NFC & RFID Attacks
- RFID (Radio Frequency Identification)
- Components: Tags (embedded in badges, containers), Readers (identify tags)
- Uses: Inventory tracking, access badges
- Risks:
- Signal capture: Older EM4100 (125 kHz) tags transmit plain data
- Cloning: Read/write devices can clone vulnerable tags
- Modern RFID: Higher-frequency encrypted tags reduce cloning risk
- NFC (Near Field Communication)
- Short-range (~4 cm) contactless communication (payments, badges)
- Tools: MIFARE Classic Tool (Android) to read/write/clone NFC tags
- Amplification Attack:
- Enhanced antennas extend range to ~20–30 cm
- Mitigations: Disable NFC when unused; require user confirmation for read/write
AI Attacks
- Prompt Injection
- Malicious input causes AI to bypass security or reveal sensitive data
- Defenses: Input validation/sanitization; train models to reject malicious prompts; regular security audits
- Model Manipulation
- Tamper with model’s training data, parameters, or environment
- Defenses: Secure training data sources; monitor for data poisoning; restrict model file access; audit regularly
Operational Technology (OT)
- Definition: Systems managing physical processes (distinct from IT)
- Key Components
- ICS (Industrial Control System): Controls/automates processes via embedded devices
- DCS (Distributed Control System): Network of interconnected ICS in a facility
- Fieldbus: Digital serial communication linking PLCs
- PLC (Programmable Logic Controller): Embedded computers for automation (e.g., assembly lines)
- HMI (Human-Machine Interface): Interfaces (often Ladder Logic) to monitor/control PLCs
- Data Historian: Collects and catalogs ICS data for incident response
- SCADA (Supervisory Control and Data Acquisition): Manages multi-site devices over WAN (e.g., smart meters)
OT Attacks
- Controller Area Network (CAN)
- Vehicle/embedded network lacking message authentication
- Risks:
- OBD-II port injection trusted by ECU
- Remote exploits via cellular/Wi-Fi modules
- Modbus
- OT protocol for PLC configuration/control (Modbus RTU or Modbus TCP)
- Requires specialized incident response (not like standard TCP/IP)
- DDS (Data Distribution Service)
- Provides interoperability and QoS for ICS/SCADA
- Supports on-premise and cloud architectures
- SIS (Safety Instrumented System)
- Sensors, logic solvers, and control elements (horns, lights) to prevent hazardous conditions (e.g., nuclear plant core meltdown)
Testing OT Systems
- Risks of Traditional IT Tools
- Wireshark: May misinterpret Modbus/DNP3/Profibus; packet capture can disrupt processes
- tcpdump: Performance overhead may interrupt real-time OT operations
- Scapy: Crafting/sending custom packets can cause PLC malfunctions or safety incidents
- Recommendations
- Use OT-specific security tools (e.g., Claroty, Nozomi, Indegy) designed for ICS protocols
- Understand protocol specifications and operational context before testing
- Prioritize system availability and safety; avoid disruptive scans or malformed packets