Mobile Attacks and Countermeasures

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

7 hours 6 minutes
Video Transcription
Hey, everyone, welcome back to the course in this video. We're gonna talk about some of the different types of mobile attacks as well as we'll talk about some kind of measures that we can dio.
So we've got several different types of mobile attacks, things like blue smacking, which is basically just a denial of service attack against the actual device. We've got blue jacking, which consists of sending unsolicited messages to and from mobile devices. So they're taking over your communication stream
glue sniffing, which is basically where we sniff around to find Bluetooth enabled devices. Eso kind of like the olden days of war driving where we would go look for wireless networks. This is what blue sniffing is
blue bugging, where we are accessing a Bluetooth enabled device and then remotely using its features
loose snarfing, which is the actual theft of data from the mobile device due to some kind of open connection. So possibly something like the device remaining in discovery mode,
and then finally, blue printing, which is basically the foot printing for Bluetooth devices. So this is where we're collecting information about the device over Bluetooth. So what are some countermeasures that weaken Dio
Well, we could enable the lock screen right, So requiring, like a password or pin code or even biometrics, right? Using our thumb or official recognition toe, actually unlock the mobile device.
We can use encryption so both during transit and at rest. So as we're communicating, that data across the device were actually encrypting it
contain arising our enterprise data, Right? So our company data, making sure that we're segment in that out. So if one aspect of its compromise it doesn't compromise the entire device or all of our data
detecting operating system compromises. So putting something on there to detective and employees trying to jail breaker route are mobile device that we've issued to them selective wiping so both online and offline wiping
out of compliance triggers. So setting those alerts in place. So that way we know our other issues with this particular mobile device on then triggering the network gateway to block access to that mobile device because it's out of compliance, using something like mobile device management for all of our organizations issued devices as well as
using anti malware software on android devices and in training our employees,
Um, a lot of times. The small business owners I speak with have no clue about a lot of this stuff regarding mobile attacks. And so if we just educate people a lot of times, they will do the right thing. As long as we communicate, why you should be doing this very important.
So quick. Quiz question here. This is a type of mobile attack that involves theft of data from a mobile device due to an open connection.
Is that gonna be blue jacking, blue snarfing or blue sniffing?
All right, so if you guessed blue snarfing you are correct.
So in this video, we just briefly covered some of the mobile attacks set are out there and specifically ones you'll need to know for the certified ethical hacker examination.
We also talked about some countermeasures. So things like making sure we have the lock screen in place. So if someone gets physical access, tow our device, they can't actually do anything, or it's less likely that they could do something.
Encrypting the data both in transit and arrest segmenting out our data and containers using things like mobile device management at the corporate level or organizational level. And then, of course, making sure we train people right, making sure that they understand why this is important
Up Next
Penetration Testing and Ethical Hacking

The Penetration Testing and Ethical Hacking course prepares students for industry penetration testing certifications, like CEH. This course walks students through the process of gaining intelligence, scanning and enumerating and hacking the target.

Instructed By