Mobile and IoT - key concepts

 https://www.niii.tech/

MOBILE and IoT

https://owasp.org/www-project-mobile-top-10/

2 majors mobile platforms: 

Android (google)

iOS (apple)

Android and iOS have an 

1) OS

2) middleware and 

3) suite of built-in application (example: AI app Siri (woman’s voice)

PERFORM SOME ACTION THATS GRANTS ADMINISTRATIVE (ROOT) ACCESS TO THE DEVICE:

Rooting (Android): KingoRoot, TunesGo, OneClickRoot, MTK Droid

Jailbreaking (iOS): 

Cydia (cydiafree.com)

Hexxa Plus (pangu8.com)

Apricot (pangu8.com)

Yuxigon (yuxigon.com)

Techniques of Jailbreaking:

1) Untethered (kenel remain patched (jalbroken) after reboot)

2) Semi-tethered (reboot no longer retains  the patched kernel)

3) Tethered (reboot removes all jailbteaking patches, and may get stuck forever in a loop on start up)

BYOD (Bring Your Onn Device)

MDM (Mobile Device Management) goal controle enterprise mobiles .

MDM solutions:

1) passcodes for unlocking

2) remote locking

3) remote wipe

4) root / jailbreak detection

5) policy enforcement

6) inventory

7) monitoring/reporting

MDM solutions tools: Citrix Xen Mobile, IBM security MasS2360, SOTI MobilControl

5G, 6G, Bluetooth (10 meters or less)

Modes of bluetooh devices:

-Discovery (how the device lets others know it’s available): discoverable, limited disconverable and nondiscoverable

-Pairing (how device reacts when another Bluetooth system asks  to pair)

PHISHING (example: SMS phishing) and SOCIAL ENGENEERING attacks are MERCILESS with mobile devices…

Trojan for phishing attacks on mobile devices (the list is « infinity »): TeaBot, FakeInst, OpFake, Boxer, Kung Fu

https://amp.thehackernews.com/thn/2022/03/teabot-android-banking-malware-spreads.html

https://www.f-secure.com/v-descs/trojan_android_fakeinst.shtml

https://attack.mitre.org/software/S0308/

SPYWARE for mobile:

Mobile Spy, SPYERA, AndroidLost, Find My Phone, Where’s My Droid

MOBILE DEVICE AS AN ATTACK PLATFORM:

-Network Spoofer controls how wesites appear on a desktop/laptop.

-DroidSheep perform sidejacking listening to wireless packets and pulling session ID.

-Nmap works on mobile device.

-Kali Linux works on mobile device.

-NetCut identifies all systems on your current Wi-fi.

Bluetooh Attacks:

-Bluesmacking (DoS attack against the device); is the MAJOR BLUETOOTH ATTACK.

-Bluejacking (send unsolicited message to and from mobile devices).

-Bluesniffing (to discover Bluetooth devices).

-Bluebugging (accessing a Bluetooth device remotely).

-Bluesnarfing (theft of data from a movile device).

-Blueprinting (Blueprinting for Bluetooth).

IoT: networked physical devices and everyday objects.

IoT architecture have 3 components:

1) sensing Technology

2) IoT gateways

3) cloud (data store availability)

IoT OS:

RIOT OS, ARM med OS, RealSense OS X, Nucleus RTOS, Brillo, Contiki, Zephyr, Ubuntu Core, Integrity RTOS and Apache Mynewt.

4 IoT models:

1) device do device

2) device do gateway

3) device to cloud

4) back-end data sharing

VANET (Vehicle Ad Hoc Network) is the communication network used by vehicles. V2V (spontaneous wireless network  for vehicle-to-vehicle)

Architecture layer inside IoT:

Edge Technology Layer

Access Gateway Layer

Internet Layer

Middlaware Layer

Application Layer

https://ieee-iotj.org/

https://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx

https://owasp.org/www-project-mobile-top-10/

https://owasp.org/www-project-internet-of-things/#

OWASP’s IoT Attack surface areas:

Ecosystem (general)

Device Memory

Device Physical Interfaces

Device Web Interface

Device Firmware

Device Network Services

Administrative Interface 

Local Data Storage

Cloud Web Interface

Third-party Backend API’s

Update Mechanism

Mobile Application

Vendor Backend API’s

Ecosystem Communication

Network Traffic

Authetication /Authorization Privacy

Hardware (sensors)

Sybil attack:

Multiple forged identities are used to create the illusion of traffic congestion that affects everyone else in the local IoT network.

HVAC attacks:

shut down air conditioning services.

Rolling code Attack:

To steak a car

BlueBorne attack:

Set of techniques and attacks against already existing Bluetooth vulberabilities. Hardwares like HackRF One pull off BlueBorne attack.

Mirai malware looks for and interjects itself onto IoT devices. It propagates and creates gigantic botnets (for DDoS attacks).

IoT hacking methodology:

1) information gathering (Shodan, Censys, Thingful)

2 ) vulnerability scanning (nmap. BeyondTrust, beSTORM, IoTsploit, IoT Inspector)

3) lauching attacks (tools: Firmalyzer, KillerBee, JTAGulator, Attify Zigbee Framework)

4) gaining access

5) maintaining acccess

Telnet is used to gain access

Sniffer tools for IoT:

Foren6

CloudShark

OT (operational technology) is hardware/software that detects or causes a change through the monitoring of physical devices.

https://en.m.wikipedia.org/wiki/Purdue_Enterprise_Reference_Architecture

https://www.zscaler.com/resources/security-terms-glossary/what-is-purdue-model-ics-security

https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html

ICS architecture = diferent controls systems (SCADA, BPCS, RTU, DCS, etc) + associated equipament + control mechanism.

OT have an architecture defined with the Purdue Model (PERA)