Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2849 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Ethical Hacking and Countermeasures Version 6 Module XXXVI Hacking Mobile Phones, PDA and Handheld Devices Ethical Hacking and Countermeasures v6 Module XXXVI: Hacking Mobile Phones, PDAs, and Handheld Devices Exam 312-50 Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2850 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://news.zdnet.com/ News  News Warnings about the Trojan known as “iPhone firmware 1.1.3 prep” or “113 prep” were posted on the iPhone modification forum that said, “This Trojan on installation displays nothing except the word “shoes”. While uninstalling this application, it wipes the files from the /bin directory.” According to security vendor Symantec, it also breaks “Erica’s Utilities”, which are a collection of command-line utilities for the iPhone and overwrites the OpenSSH, an open-source encryption protocol. It is the first Trojan horse seen for the iPhone that seemed to be a trick. According to Symantec, the affected users have to uninstall the Trojan and reinstall the affected files. There is a minimum risk factor for the user as they would have to choose to install the bogus package, and the site that was hosting those packages has been taken offline. Apple warned that its own updates could break unlocked iPhones running unofficial iPhone software. Users should be careful while downloading the third-party iPhone applications. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2851 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Different OS in Mobile Phone • What Can A Hacker Do • Vulnerabilities in Mobile Phones • BlackBerry • PDA • iPod • Mobile: Is It a Breach to Enterprise Security • Viruses • Antivirus • Security Tools • Mobile Phone Security Tips • Defending Cell Phones and PDAs against Attack This module will familiarize you with: Module Objective This module will familiarize you with:  Different OS in Mobile Phones  What Can an Attacker Do?  Vulnerabilities in Mobile Phones  BlackBerry  PDA  iPod  Mobile: Is It a Breach to Enterprise Security  Viruses  Antivirus  Security Tools  Mobile Phone Security Tips  Defending Cell Phones and PDAs against Attack Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2852 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow What Can A Hacker Do BlackBerry Vulnerabilities in Mobile Phones PDA iPod Viruses Mobile Phone Security Tips Security Tools Defending Cell Phones and PDAs against Attack Mobile: Is It a Breach to Enterprise Security Antivirus Different OS in Mobile Phone Module Flow Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2853 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Different OS in Mobile Phone Palm OS Windows Mobile Symbian OS Linux  Different OS in Mobile Phone Advanced mobile phones usually work on any of the following operating systems:  Symbian OS  Windows Mobile OS  Linux OS  Palm OS Symbian Operating System: The Symbian Operating System is an open mobile operating system. This OS supports a wide range of devices that are categorized with different user interfaces. Features:  Supports multimedia and graphics  Supports various mobile technologies like CDMA, GSM, GPRS, and so on  Supports packet-switched networks Windows Mobile Operating System: Windows Mobile Operating System is developed by Microsoft Corporation. It is an operating system used in mobile devices and smart phones. It acts like a standard platform for PDAs and cell phones to provide common user interfaces. This is a non-component based operating system. Set of applications included in Windows Mobile Operating system are Office Mobile, Internet Explorer Mobile, Windows Media player Mobile, APIs, and so on. Linux Operating Systems: This is another important operating system that provides integrated Software Environment to run the Java Applications and Linux applications. Features:  Open source operating system  Highly secured  More flexible Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2854 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.  Provides Internet Access, VoIP, and WiFi Palm OS PalmOS is one of the most popular handheld compact operating system designed in the year 1996. Features:  Users can access email services  Portable and flexible  Multitasking and multithreading Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2855 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Different OS Structure in Mobile Phone  Different OS Structure in Mobile Phone The three different OS structures in mobile phones are shown in the diagram: Fig: OS Structure in Mobile Phones Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2856 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evolution of Mobile Threat • Connectivity to mobile networks and the Internet • Symbian installation files (SIS) • SMS • MMS • Bluetooth • Wireless • USB • Infrared Malware propagates on the network by: Mobile phone operating systems consist of open APIs which may be vulnerable to attack OS has a number of connectivity mechanisms through which malware can spread  Evolution of Mobile Threat Mobile malware is a fast growing threat difficult to detect. Among all other malware, mobile malware can spread more quickly. It is expected that the growth of mobile malware will increase the growth of Internet malware. Most individuals and organizations are now depending on mobile communication. A pandemic-level attack can harm millions of mobile users. Smartphones are programmable mobile device running on Symbion, PalmOS, and Windows mobile operating systems. These OS consist of many open APIs, which are vulnerable to attack. OS has a number of connectivity methods, by which the malware can be spread. Reasons for spreading of mobile threats:  Connectivity to mobile networks and the Internet  SMS  Bluetooth technology  Wireless  Symbian installation files (SIS)  MMS  USB Devices  Infrared The mobile malware has increased at an alarming rate in the past years. They all are aimed at sabotage and financial gain. These attacks finally can lead to denial of mobile resources, data theft or destruction, and fraud . Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2857 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Threats • Malware propagates across the Internet and infects PCs • Infected PC can infect a smartphone via: • IR • Bluetooth • Infected smartphone can in turn propagate the malware through wireless LAN to other smartphones Mobile Malware Propagation: • Botnets on infected mobile devices wait for instructions from their owner • After getting instruction to launch DDoS floods, the mobile provider’s core infrastructure may be overwhelmed with a high volume of seemingly legitimate requests • It results into denial of service, failure in connecting call as well as transmitting data DDoS Floods:  Threats Mobile Malware Propagation: Mobile malware spreads via the Internet and first infects the PCs; the infected PCs can then infect smartphones by using:  IR  Bluetooth Malware infected smartphone spreads this malware to another smartphone via. Wireless LAN. The mobile malware can infect many mobiles through the MMS, and then this infected device can spread the malware to another mobile device by using General Radio Packet Service (GPRS). DDoS Floods: A collection of bots present in a channel is a botnet. It can compromise large numbers of machines without the intervention of machine owners. Botnets consist of a set of compromised systems that are monitored for specific command infrastructure. These bots can pose threats in terms of denial-of-services attacks, or compromised machines running programs such as Trojans and worms. A botnet owner needs to send an instruction to the botnet present on the mobile device after infecting it. After receiving instruction to launch DDoS floods, the mobile owner’s core infrastructure is filled with a high volume of seemingly legitimate requests. It results into:  Denial-of-Service.  Failure in connecting call.  Failure in transmitting data. Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module XXXVI Page | 2858 Ethical Hacking and Countermeasures v6Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Can A Hacker Do Steal your information: • Hackers can download addresses and other personal information from your phone Rob Your Money • Hacker can transfer money from your account to another account Spying Access your voice mails Insert the virus  What Can a Hacker Do? Attackers can do various things with your mobile phone using spyware and other mobile malwares. Attackers can download addresses and other personal information from your mobile without your knowledge. Some attackers not only extract your information, but also change all your contact numbers. Attackers can access your contact book, read messages and mails using various mobile spywares and also gain access to your calls to listen to your conversations. Attackers insert these viruses and spywares in your mobile using Bluetooth or GPRS. Attackers can access your personal voice mails from your mobile if the password is disabled. This virus can remove all your personal information such as contacts, messages, and mails. . 6 Module XXXVI Hacking Mobile Phones, PDA and Handheld Devices Ethical Hacking and Countermeasures v6 Module XXXVI: Hacking Mobile Phones, PDAs, and Handheld. Handheld Devices Exam 312-50 Ethical Hacking and Countermeasures v6 Exam 312-50 Certified Ethical Attacker Hacking Mobile Phones, PDA and Handheld Devices Module