Ethical Hacking: Hacking Mobile Platforms

Pluralsight is not an official partner or accredited training center of EC-Council. Your company has decided to start allowing BYOD, plus upper management just purchased multiple mobile devices. You'll learn how to make sure everything stays secure.
Course info
Rating
(91)
Level
Beginner
Updated
Jan 29, 2019
Duration
4h 56m
Table of contents
Description
Course info
Rating
(91)
Level
Beginner
Updated
Jan 29, 2019
Duration
4h 56m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Okay, who here DOESN'T have a mobile device? Hands anyone? Didn't think so. Mobile devices have, at an alarming rate, become extremely popular with users and businesses. So next question, what are you doing about it's security? Anyone? Most folks have approached mobile devices with the attitude of "if it works, syncs, and plays games, I'm good". Overlooking this side of technology will lead you into one day appearing on an online video with the words "FAIL" plastered across your company's logo (or your face!). This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

About the author
About the author

Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.

More from the author
More courses by Dale Meredith
Section Introduction Transcripts
Section Introduction Transcripts

MDM: Mobile Device Management, Guidelines, and Tools
So the next logical step in this whole environment is how to manage it. We're going to do that with something called MDM, as well as creating guidelines and using some cool tools. Now speaking from a traditional IT perspective, we'd like to manage our desktops and laptops with some type of device. And when it comes to then adding in all these additional mobile devices, I'm reminded of the quote from the classic non-Oscar winning film, Top Gun, in the famous quote of, "I feel the need... "the need for speed", no drug reference there. And the reason why both Maverick and Goose wanted this was not only for the exhilaration, but for aircraft there is two things that helps them as far as combating the enemy, and that one is altitude, and the other is speed. Sometimes going fast and outrunning them, other times slowing way down so that they can turn sharper. And that's kind of the concept here is that we need some way of managing this nightmare. Now in this particular module we'll go through and take a look at MDM in detail, well, not in massive detail because I'm sure there's some other Pluralsight videos out there for vendor-specific MDM solutions, but we'll look at what those are, as well as how to evade MDMs. And we'll also take a look at the attacks themselves that can be done. Now with us introducing in a MDM into our environment, it also becomes a target, so we'll also wanna take a look at how do we protect that device or that solution that's trying to protect us. And then we'll also look at something that helps us to detect jailbreaking or rooting of devices. Then we'll go through and take a look at those wonderful guidelines and tools that are available to us. So strap in, and let's buzz the tower just one time. And if you don't know that reference, then go watch a movie or ask somebody who was alive in the '80's. Here we go.

Mobile Malware
So when it comes to mobile malware, okay, folks, really? There is no difference here between what we know about malware when it comes to the desktop platform versus the mobile platform, but it's kind of interesting how they're getting around some of the security mechanisms that are in place. Typically it's being done by social engineering. Now as far as the attackers are concerned, when it comes to malware on the mobile device, again these are just simply computers and so they actually may take the attitude of you know, this is our house, these are our rules, and we can't stop, whoa, and we won't stop, whoa. Yeah, you didn't think I could throw in a Miley Cyrus lyric in the middle of a course, did you? Well, you would be wrong. But it's kind of the same concept here. Again, since they're computers, it's the same type of environment for them. So again, it is their house and it is their rules. No twerking out there, folks! So in this module we're going to go through and take a look at first of all, malware in the iOS platform. We'll also go through and take a look at Android malware. In both cases we'll look at what we've seen in the past as well as again, we need to understand that a lot of the malware that we get is just a repackaging of older attacks on our systems. Then we'll go through and kind of sum it up and see if we can see the differences between a fruit and a robot. So let's see if I can't teach you something because all I wanted was to break your walls and all you ever did was wreck me. See how I did that? That's two Miley Cyrus jokes. Some of you are saying, eh those aren't funny, Dale, so they're not classified as jokes. But let's continue anyway.

Mobile Payments
Mobile Payments. This isn't the payments you make to your mobile provider. This is using your phone to make payments, which some of you may be thinking, ahhh, Houston, we have a problem here, especially when it comes to security, and I see that perspective. But if you look at the technology that's being utilized in the back end, actually it's better than any of the magnetic credit card technologies that we're still utilizing, at least here in the United States. Yeah, we're so on top of the ball here, aren't we? Now before we continue, I know some of you are thinking, ah, Dale, it wasn't Tom Hanks who said that; typically it was Jim Lovell from the Apollo 13 mission who Tom Hanks portrayed in the movie Apollo 13, but I'm going to get you on that one, because technically what Jim Lovell said was Houston, we had a problem. Check and that's game. That'll teach you to try to stump me. So in this module, we're going to just simply wave my magic wand, or phone, and see what it is that's actually happening when we try to pay with our devices. We'll look at what they refer to as Secure Element versus Host Card Emulation. We'll also then take a look at Android Pay as well as Apple Pay. Ah, but Dale, what happened to Google Wallet? Well, Google Wallet's been upgraded for those of you guys that aren't aware to Android Pay, and then of course we'll take a look at other mobile pay options that involve our mobile devices, which would be our mobile credit card interfaces. Yeah, that one does scare me a tad. So let's jump into this and I'll roll up my sleeves so you can see there's nothing up my sleeves.