Skip to main content

Posts

Showing posts with the label EHE

EC EHE - Mobile Mess

Source: https://www.nowsecure.com Because of the extensive usage and implementation of bring your own device (BYOD) policies in organizations, mobile devices have emerged as a prime target for attacks. Attackers scan these devices for vulnerabilities. Such attacks can involve the device and the network layer, the data center, or a combination of them. Attackers exploit vulnerabilities associated with the following to launch malicious attacks: Figure 9.2: Anatomy of a mobile attack   The Device Vulnerabilities in mobile devices pose significant risks to sensitive personal and corporate data. Attackers targeting the device itself can use various entry points. Device-based attacks are of the following types: Browser-based Attacks Browser-based methods of attack are as follows: Phishing : Phishing emails or pop-ups redirect users to fake web pages that mimic trustworthy sites, asking them to submit their personal information such ...

EC EHE - Mobile OWASP 10

  Source: https://www.owasp.org According to OWASP, the following are the top 10 mobile risks : M1—Improper Platform Usage This category covers the misuse of a platform feature or the failure to use platform security controls. It includes Android intents, platform permissions, and the misuse of Touch ID, Keychain, or some other security control that is part of the mobile device’s OS. There are several ways in which mobile apps can be exposed to this risk. M2—Insecure Data Storage Insecure data storage vulnerability arises when development teams assume that users and malware will not have access to a mobile device’s file system and subsequently to sensitive information in the device’s data stores. “Jailbreaking” or rooting a mobile device bypasses encryption protection mechanisms. OWASP recommends analyzing platforms’ data security application programming interfaces (APIs) and calling them appropriately. Unintended data leakage occurs when a developer unint...

EC EHE - Bluetooth Crak-Toolz

  Bluetooth hacking refers to the exploitation of Bluetooth stack implementation vulnerabilities to compromise sensitive data in Bluetooth-enabled devices and networks. Bluetooth-enabled devices connect and communicate wirelessly through ad-hoc networks known as piconets. Attackers can gain information by hacking the target Bluetooth-enabled device from another Bluetooth-enabled device. The following are some Bluetooth device attacks: Bluesmacking: A Bluesmacking attack occurs when an attacker sends an oversized ping packet to a victim's device, causing a buffer overflow. This type of attack is similar to an Internet Control Message Protocol (ICMP) ping-of-death attack. Bluejacking: Bluejacking is the use of Bluetooth to send messages to users without the recipient's consent, similar to email spamming. Prior to any Bluetooth communication, the device initiating the connection must provide a name that is displayed on the recipient's ...