โ Scribed by Neil Bergman, Mike Stanfield, Jason Rouse, Joel Scambray
No coin nor oath required. For personal study only.
Cover
Title Page
Copyright Page
Contents
Foreword
Acknowledgments
Introduction
1 The Mobile Risk Ecosystem
The Mobile Ecosystem
Scale
Perceived Insecurity
The Mobile Risk Model
Physical Risks
Service Risks
App Risks
Our Agenda
Summary
2 Hacking the Cellular Network
Basic Cellular Network Functionality
Interoperability
Voice Calls
The Control Channels
Voice Mailboxes
Short Message Service
Attacks and Countermeasures
The Brave New World of IP
Summary
3 iOS
Know Your iPhone
How Secure Is iOS?
Jailbreaking: Unleash the Fury!
Boot-based Jailbreak
Hacking Other iPhones: Fury, Unleashed!
Summary
4 Android
Security Model
Application Components
Data Storage
Near Field Communication (NFC)
Android Development
Android Emulator
Android Debug Bridge
Rooting
Decompiling and Disassembly
Decompiling
Intercepting Network Traffic
Adding Trusted CA Certificates
Configuring a Proxy Server
Intent-Based Attacks
NFC-Based Attacks
Information Leakage
Leakage via Internal Files
Leakage via External Storage
Information Leakage via Logs
Information Leakage via Insecure Components
General Mitigation Strategies to Prevent Information Leakage
Summary
5 Mobile Malware
Android Malware
iOS Malware
Malware Security: Android vs. iOS
Summary
6 Mobile Services and Mobile Web
General Web Service Security Guidelines
Attacks Against XML-based Web Services
Common Authentication and Authorization Frameworks
OAuth 2
SAML
Mobile Web Browser and WebView Security
Exploiting Custom URI Schemes
Exploiting JavaScript Bridges
Summary
7 Mobile Device Management
MDM Frameworks
Device Provisioning
Bypassing MDM
Decompiling and Debugging Apps
Detecting Jailbreaks
Remote Wipe and Lock
Summary
8 Mobile Development Security
Mobile App Threat Modeling
Threats
Assets
Finishing and Using the Threat Model
Secure Mobile Development Guidance
Preparation
Secure Mobile Application Guidelines
Testing to Make Sure
For Further Reading
Summary
9 Mobile Payments
Current Generation
Contactless Smartcard Payments
Secure Element
Secure Element API
Mobile Application
Google Wallet
Square
Summary
A: Consumer Security Checklist
Security Checklist
B: Mobile Application Penetration Testing Toolkit
iOS Pen Test Toolkit
Android Pen Test Toolkit
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Z
๐ SIMILAR VOLUMES
The Mobile Risk Ecosystem -- Hacking the Cellular Network -- iOS -- Android -- Mobile Malware -- Mobile Services and Mobile Web -- Mobile Device Management -- Mobile Development Security -- Mobile Payments -- Consumer Security Checklist -- Security Checklist -- Mobile Application Penetration Testing
Proven security tactics for todays mobile apps, devices, and networks.<br>ยซA great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter.ยป Slashdot.<br>Hacking Exposed Mobile continues in the great tradition of th
Hacking Exposed Mobile continues in the great tradition of the Hacking Exposed series, arming business leaders and technology practitioners with an in-depth understanding of the latest attacks and countermeasures - so they can leverage the power of mobile platforms while ensuring that security risks
The new edition of this powerful best-seller contains a CD-ROM with links to security tools mentioned in the book, key security tools for download from the CD, and a password database. Inside the book, you'll also get all-new security information on 802.11 (Wireless) hacking, Windows XP, Windows.NET
The new edition of this powerful best-seller contains a CD-ROM with links to security tools mentioned in the book, key security tools for download from the CD, and a password database. Inside the book, you'll also get all-new security information on 802.11 (Wireless) hacking, Windows XP, Windows.NET