Permanent link: [Article]-Mobile Hacking 101
By Georgia Weidman, M.S., CISSP, NIST 4011, OSCP
Next item on the board meeting agenda: the war on smartphones! For some time now, smartphones have been quietly creeping into our society and slowly infiltrating our families and companies. It started off simply enough: the CEO's husband bought her an iPad for Christmas, and she thought it would be pretty savvy to be able to answer work email on it at a business meeting half way around the world. The fashion slowly trickled down the food chain until everyone wants to put their smartphone devices on the company network. While vacations used to be a time of relaxation, when the pressures of everyday life at the office could be forgotten, now it can be a serious career hazard to be unable to answer emails during the few minutes at the beach when your laptop is out of Wi-Fi range. Gone are the days of parents hovering around the living room praying teenagers will make it home from their dates in one piece and by curfew. In the age of smartphones there's voice chat, video chat, text messaging, picture messages, and email continuously available to worried parents. Special smartphones are even being marketed to the under 13 crowd.
Whether it's bringing your own device or special company BlackBerrys handed out at company meetings, chances are smartphones are able to access emails, deliverables and reports, and other sensitive data in your company environment. How secure are those smartphones? What sorts of attacks are common against the various smartphone platforms? What user behaviors open up your sensitive data to attack? What information could someone who has access to the data on your smartphone learn about you, your family, and your workplace? There are many paths attackers can take to interfere with your smartphone’s intended operation. Jailbreaking, malware, text messages with malicious links, and client-side attacks (like the Safari webkit vulnerability) are a few of the paths discussed in this first entry in a series of articles on hacking mobile devices serves as a primer to the EH-Net crowd. Read on to get a better idea some of the different ways your phone can be compromised along with some of the scenarios attackers are using to make this happen.