📲Mobile Connection Methods and Receivers
Designing a secure network often starts with a basic understanding of the type of network connectivity that you will be deploying or securing.
🗼Cellular
Cellular networks provide connectivity for mobile devices like cell phones by dividing geographic areas into “cells” with tower coverage allowing wireless communications between devices and towers or cell sites.
Modern cellular networks use technologies like LTE (long-term evolution) 4G and related technology and new 5G networks, which are being steadily deployed around the world. An Adversary might have the ability to monitor the traffic that’s being sent between the mobile device and the cellular tower. They’re could be location tracking functions, so that someone may be able to know exactly where you are based on the signal that you’re sending to these cellular towers. Cellular connectivity is normally provided by a cellular carrier rather than an organization. Meaning the cellular network is secure, managed, and controlled outside of your organization, and that traffic sent via a cellular connection goes through a third-party network.
📶Wi-Fi
The term Wi-Fi covers a range of wireless protocols that are used to provide wireless networking.
Wi-Fi primarily relies on the 2.4 GHz and 5 GHz radio bands and uses multiple channels within those bands to allow multiple networks to coexist Wi-Fi networks tend to be very local. So any concerns we have with security are all based on a local access point and devices in our immediate area. Wi-Fi devices are most commonly deployed in either ad hoc mode, which allows devices to talk to each other directly, or in infrastructure mode, which sends traffic through a base station, or access point. Wi-Fi networks use service set identifiers (SSIDs) to identify their network name. SSIDs can be broadcast or kept private Man-in-the-Middle (MitM) Attacks, Unauthorized Access, Wi-Fi Eavesdropping, Rogue Access Points, DDoS.
🔷Bluetooth
Bluetooth is a short-range wireless standard. Like Wi-Fi and many other technologies, it operates in the 2.4 GHz range, which is used for many different wireless protocols.
Bluetooth is primarily used for low-power, short-range (less than 100 meters and typically 5–30 meters) connections that do not have very high bandwidth needs. Bluetooth devices are usually connected in a peer-to-peer rather than a client-server model. Attacks against authentication, as well as the negotiated encryption keys, mean that Bluetooth may be susceptible to eavesdropping as well as other attacks. Bluetooth Spoofing: Bluetooth spoofing involves impersonating a trusted Bluetooth device to gain unauthorized access to target devices. Bluetooth Eavesdropping: Bluetooth signals can be intercepted and eavesdropped upon by attackers within the wireless range. Man-in-the-Middle (MitM) Attacks: In a Bluetooth MitM attack, an attacker intercepts and modifies the communication between two Bluetooth devices without their knowledge
📟NFC
Near-field communication (NFC) is used for very short-range communication between devices. You've likely seen NFC used for payment terminals using Apple Pay or Google Wallet with cell phones.
NFC is limited to about 4 inches of range, meaning that it is not used to build networks of devices and instead is primarily used for low-bandwidth, device-to-device purposes. Intercepting NFC traffic, replay attacks, and spoofing attacks are all issues that NFC implementations need to account for.
♨️Infrared
Infrared (IR) connections operate by utilizing infrared light waves to transmit data between devices.
While infrared connections have been widely used in the past, they have become less prevalent in recent years due to the rise of alternative wireless technologies like Bluetooth, Wi-Fi, and NFC Line-of-Sight Communication: Infrared connections require a direct line of sight between the transmitting and receiving devices. The devices need to be positioned facing each other without any obstructions blocking the path of the infrared signals Security Concerns: Since IR traffic can be captured by anything with a line of sight to it, it can be captured if a device is in the area. Eavesdropping: Infrared signals can be intercepted and eavesdropped upon by attackers within the line-of-sight range Signal Interference: Infrared connections can be disrupted or affected by external sources of infrared light or other types of interference. Bright sunlight, artificial light sources, or even other nearby infrared devices can interfere with the signals and cause communication errors or interruptions. Lack of Encryption: Infrared technology does not inherently provide encryption for data transmission.
🔌USB
USB is an important connectivity method for many mobile devices. Since USB is a direct cabled connection, it isn't subject to the same risks that a wireless network is, but it does come with its own concerns.
🧭GPS
Global Positioning System (GPS) is not used to create a network where devices transmit. Instead, it uses a constellation of satellites that send out GPS signals, which are received by a compatible GPS receiver.
Security Concerns: GPS signals can be jammed or spoofed, although attacks against GPS are uncommon in normal use.
📻RFID
RFID (Radio frequency identification) is a relatively short-range (from less than a foot of some passive tags to about 100 meters for active tags) wireless technology that uses a tag and a receiver to exchange information.
RFID may be deployed using either: Active tags, which have their own power source and always send signals to be read by a reader Semi-active tags, which have a battery to power their circuits but are activated by the reader; Passive tags, which are entirely powered by the reader. Security Concerns: Simple destruction or damage of the tag so that it cannot be read or modification of tags, some of which can be reprogrammed. Tags can be cloned, modified, or spoofed; readers can be impersonated; and traffic can be captured.
📴Mobile Device Management (MDM)
Mobile devices can be a challenge to manage, particularly due to operating system limitations, variability between hardware manufacturers, carrier settings, and operating system versions.
When administrators and security professionals need to manage mobile devices, they frequently turn to Mobile Device Management (MDM) or Unified Endpoint Management (UEM) tools.
📵Application Management
Application Management features are important to allow enterprise control of applications.
These features may include: Deploying specific applications to all devices Limiting which applications can be installed Remotely adding, removing, or changing applications and settings for them Monitoring application usage. Not all applications are secure, so we need some way to be sure that we can allow or disallow certain applications from being installed This can be achieved through the use of an allow list.
🫙Content Management
Content Management (sometimes called MCM, or mobile content management) ensures secure access and control of organizational files, including documents and media on mobile devices.
A major concern for mobile device deployments is the combination of organizational data and personal data on BYOD and shared-use devices. Content management features lock away business data in a controlled space and then help manage access to that data
🧼Remote Wipe
Remote-wipe capabilities are used when a device is lost or stolen, or when the owner is no longer employed by the organization.
It is important to understand the difference between a full device wipe and wiping tools that can wipe only the organizational data and applications that have been deployed to the device. Remote wipe with a confirmation process that lets you know when it has succeeded is a big part of helping protect organizational data. Remote-wipe capabilities will work only if the device can receive the command to perform the wipe. This means that thieves and attackers who want to steal your data will immediately place the device in airplane mode or will isolate the phone using an RF-blocking bag or other container to ensure that the device can't send or receive Bluetooth, Wi-Fi, or cellular signals. 🌎Geofencing + Geofencing
Geolocation and Geofencing capabilities allow you to use the location of the phone to make decisions about its operation.
Some organizations may only allow corporate tablets to be used inside corporate facilities to reduce the likelihood of theft or data access outside their buildings. Difference between Geofencing and Geolocation: Geofencing focuses on creating virtual boundaries and triggering actions based on a user's entry or exit from a defined area, while Geolocation revolves around determining the precise geographic location of a user or device. 🔒Screen Locks
Screen locks, passwords, and PINs are all part of normal device security models to prevent unauthorized access.
Screen lock time settings are one of the most frequently set security options for basic mobile device security. Much like desktops and laptops, mobile device management tools also set things like password length, complexity, and how often passwords or PINs must be changed. Ex. The MDM administrator could configure your system to wait for 10 invalid screen lock attempts in a row. And once you hit the 10th invalid attempt, it deletes everything that’s on that mobile device. Or they could create a lockout policy that completely locks the phone and requires administrative access to be able to unlock and use that mobile device again. 📲Push Notifications
Push Notifications may seem like an odd inclusion here, but sending messages to devices can be useful in a number of scenarios.
You may need to alert a user to an issue or ask them to perform an action. Or you may want to communicate with someone who found a lost device or tell a thief that the device is being tracked! Thus, having the ability to send messages from a central location can be a useful tool in an MDM or UEM system. The administrator of the Mobile Device Manager can set policies that can control exactly what would appear with the notifications on our screen. And they may choose to disable all notifications except those that are pushed directly from the MDM. 🧬Biometrics
Biometrics are widely available on modern devices, with fingerprints and facial recognition the most broadly adopted and deployed.
Biometrics can be integrated into mobile device management capabilities so that you can deploy biometric authentication for users to specific devices and leverage biometric factors for additional security or ease of use. But this might not be the most secure authentication factor you can find. On some devices, it’s very easy to circumvent these biometric systems. And some organizations prefer using other types of authentication instead of biometrics. ❔Context-Aware Authentication
Context-aware authentication goes beyond PINs, passwords, and biometrics to better reflect user behavior.
Context may include things like location, hours of use, and a wide range of other behavioral elements that can determine whether a user should be able to log in. For example, during the authentication process, the IP address or location of where you’re logging in may be examined. They may notice that you’re in a place that you would normally frequent, based on previous GPS information that was stored. If the authentication request is made from a recognized device, location, and behavior pattern consistent with the user's history, the system may allow access with minimal authentication. However, if there are anomalies or higher-risk factors present, additional verification steps or authentication factors may be required, such as two-factor authentication, biometric authentication, or step-up authentication. 🫙Containerization
Containerization is an increasingly common solution to handling separation of work and personal-use contexts on devices.
Using a secure container to run applications, store data, and otherwise keep the use of a device separate greatly reduces the risk of cross-contamination and exposure. Each container operates as a self-contained ecosystem, with its own storage, network connectivity, and security policies. Containerization provides a higher level of isolation and control, allowing for the secure execution and management of apps and their data. In many MDM models, applications use wrappers to run them, helping keep them separate and secure. In others, a complete containerization environment is run as needed.
📦Storage Segmentation
Storage Segmentation in Mobile Device Management (MDM) refers to the practice of separating and partitioning the storage on mobile devices into distinct areas or containers.
It involves creating isolated spaces on the device where different types of data can be stored separately and secured based on specific policies and access controls. Difference between Storage Segmentation and Containerization. Storage Segmentation: Focuses on separating and securing different types of data on the device, creating isolated storage areas. It primarily deals with data separation and access controls at the storage level. Containerization: Focuses on isolating and securing entire applications and their ecosystems. It encompasses not only storage separation but also isolating app runtime environments, network access, and security policies. 🔣Full Device Encryption
Full-device encryption (FDE) remains the best way to ensure that stolen or lost devices don't result in a data breach.
When combined with remote-wipe capabilities and strong authentication requirements, FDE can provide the greatest chance of a device resisting data theft.
📱Specialized Mobile Device Security Tools
📇MicroSD Hardware security Module (HSM)
MicroSD HSM is a hardware key management and Public Key Infrastructure (PKI) tool in a very small form factor.
Like other HSMs, these devices provide services for: MicroSD HSMs also provide secure storage: Can keep different encryption and decryption keys in the HSM. Could store our cryptocurrency as part of the hardware of our mobile device. These devices aren't useful on their own and require an app to use them.
🌊SEAndroid
SEAndroid (Security-Enhanced Android) is a version of Security Enhanced Linux for Android devices. SEAndroid provides the ability to enforce mandatory access control on Android devices.
That means that Android processes of all types can be better compartmentalized, limiting exploits as well as helping to secure system services, system and application data, and logs. Made the default version of android back in July 2013. Mandatory Access Control (MAC): SEAndroid implements a MAC model, specifically the SELinux (Security-Enhanced Linux) framework, to enforce access control policies. MAC ensures that access to system resources, such as files, processes, and network communication, is governed by a set of predefined rules and policies. This helps prevent unauthorized access, privilege escalation, and the spread of malicious activities. Before, Discretionary Access Control or DAC was used. Difference between DAC and MAC. The key difference between DAC and MAC lies in the control and authority over access decisions. DAC provides resource owners with discretionary control, allowing them to determine access permissions. In contrast, MAC operates on a centralized security policy, where access decisions are determined by predefined rules and security labels By enforcing the following below, SEAndroid mitigates the risks associated with unauthorized access, privilege abuse, and the spread of malware or malicious activities within the Android ecosystem fine-grained access controls
🫱🏾🫲🏻UEM (Unified Endpoint Management)
Unified Endpoint Management (UEM) is an approach and solution for managing and securing a diverse range of endpoint devices and operating systems from a single unified platform.
Ex. We might work on our laptop when we’re in the office or our smartphone when we’re at home. But we’re providing exactly the same security posture in both of those environments
Key characteristics and capabilities of UEM include:
Device Management: UEM provides centralized management capabilities for a wide range of endpoints, including smartphones, tablets, laptops, desktops, wearables, and IoT devices. It allows administrators to enroll, configure, monitor, and manage devices from a single management console. By centralizing endpoint management and security from a single platform, organizations can achieve better control, increased productivity, and enhanced data protection across their entire endpoint ecosystem.
🏪Mobile Application Management (MAM)
MAM (Mobile Application Management) is a comprehensive set of tools, policies, and technologies designed to manage, secure, and distribute mobile applications within an organization.
MAM focuses specifically on the management of applications, ensuring their controlled deployment, configuration, and security across various mobile devices and platforms.
You would use the mobile application management to be able to manage the applications that are running on those mobile devices. For example, your organization might maintain an app catalog that’s specific to your enterprise. MAM gives you the ability to provision, update, and remove apps. Also give the ability to monitor application usage, and remotely wipe application data if need be.
🚓Enforcement and Monitoring Of:
3️⃣Third-Party App Stores
Not every application that you’re going to get from a Third-Party App store is secure, but these organizations (Google Play + iOS store) do a very good job at finding applications that are malicious and preventing them from being part of their App Store.
Monitoring the usage of these app stores by your organization’s mobile devices can be achieved through whatever MDM is being utilized. The MDM administrator of that system can allow or disallow certain apps from running on your mobile device. These app stores aren’t perfect, and a malicious app is bound to slip through the security cracks eventually.
👨🏾💻Jailbreaking/Rooting
Jailbreaking is the process of removing software restrictions imposed by the operating system vendor (such as Apple for iOS devices) on mobile devices, allowing users to gain root access and exert greater control over their devices.
Root Access: Jailbreaking provides users with administrative privileges or root access to their mobile devices. It allows users to access and modify files, settings, and functionalities that are typically restricted by the device's operating system. With root access, users can customize their devices, install unauthorized applications, and make system-level change Customization and Personalization: Jailbreaking enables users to personalize their devices beyond what is allowed by the official operating system. Unauthorized App Installations: Jailbreaking allows users to install applications from unofficial sources or app stores other than the official app store provided by the device manufacturer or operating system vendor. Removing Limitations: Jailbreaking removes various limitations imposed by the operating system, such as restrictions on file access, system-level configurations, or app interoperability. Risks and Security Implications: Jailbreaking carries certain risks and security implications. By bypassing the built-in security mechanisms and restrictions of the operating system, users may expose their devices to potential security vulnerabilities, malware, or unauthorized access. Jailbreaking is generally discouraged in enterprise or organizational environments due to the potential risks it introduces, such as compromised device security, compatibility issues, and loss of official support. Organizations typically enforce strict device policies and guidelines that prohibit jailbreaking to maintain a secure and controlled mobile environment. Jailbreaking makes your MDM completely useless!
🛹Sideloading
Sideloading refers to the process of installing and running mobile applications on a device from sources other than the official app store provided by the operating system vendor or authorized app distribution channels.
It involves manually downloading and installing an application package (APK for Android or IPA for iOS) onto a device, bypassing the standard app installation process. While sideloading can offer certain benefits and flexibility, it also raises security concerns: Source Verification: Sideloading allows users to install applications from unofficial or unverified sources, which may introduce security risks Malware and Security Risks: Sideloading increases the potential for malware and other security risks. Unofficial app sources may distribute modified versions of legitimate applications that contain malicious code or unauthorized modifications Lack of Review and Validation: Official app stores employ strict review processes to ensure that applications meet certain quality standards, security requirements, and adhere to policies. Increased Attack Surface: Sideloading expands the attack surface of a device by introducing applications that have not undergone the scrutiny of official security measures. This can make devices more susceptible to exploit attempts, data breaches, and unauthorized access. 🦄Custom Firmware
Custom Firmware replaces the official operating system during the jailbreaking / Rooting process.
Installing custom firmware allows you to circumvent security features and sideload potentially malicious apps. 🔓Carrier Unlocking
Carrier Unlocking refers to the process of removing the software restrictions imposed by a mobile network carrier on a device, allowing it to be used with other carriers or SIM cards.
It enables users to use their devices with different service providers, both domestically and internationally. Most phones are locked to the carrier that you’re using. AT&T phones can’t be switched over to T-Mobile.
Security Risks:
MDM Circumvention: Since a lot of the security that we configure on our mobile device managers are associated with the configuration of this phone, unlocking it and moving it to a different carrier could potentially circumvent the security of that Mobile Device Manager. The MDM administrator would need policies that would either allow or not allow someone from unlocking their phone to move it to a different carrier, or they would need a series of processes in place to put it back into the MDM after it’s been moved to the new carrier. Unauthorized Modifications: Carrier unlocking often involves rooting (for Android) or jailbreaking (for iOS) the device to bypass software restrictions imposed by the carrier. These unauthorized modifications weaken the device's security posture and can undermine the integrity of the MDM solution. Rooted or jailbroken devices may bypass MDM controls, allowing users to install unauthorized applications, alter device settings, or bypass security policies. 🛩️Firmware over-the-air (OTA) update
Firmware Over-The-Air (OTA) refers to the process of updating or upgrading the firmware of a mobile device wirelessly, without requiring physical connections or manual intervention.
Firmware refers to the software embedded in the device's hardware that provides low-level control and functionality. The MDM normally pushes out needed mobile device updates OTA. Here's an explanation of Firmware OTA in mobile devices:
Wireless Updates: Firmware OTA allows mobile device manufacturers or software vendors to deliver updates to the device's firmware over a wireless network, such as Wi-Fi or cellular data. This enables users to receive the latest firmware enhancements, bug fixes, security patches, or new features without needing to connect the device to a computer or use physical media. Remote Delivery: Firmware updates are delivered remotely to the device via a secure network connection. The device communicates with a central server or update management system to check for available firmware updates. If an update is available, the device downloads the updated firmware package and installs it automatically or with user consent. Firmware OTA plays a crucial role in maintaining the functionality, security, and performance of mobile devices.
It enables users to receive timely firmware updates, enhances device reliability, addresses security vulnerabilities, and ensures compatibility with the latest software and services. 📸Camera Use
Camera Use is almost always a bad thing to have in high-security environments.
Fortunately, MDMs have complete and total control over camera use in enterprise environments. If you’re anywhere near the main corporate building, which is very secure, the camera feature may be disabled. But once you leave the building, the geo-fencing features of your MDM can recognize that you’re no longer near the main office, and it can re-enable the camera functionality. 📼SMS/Multimedia Messaging Service (MMS)/ Rich Communication (RCS)
One way that users can transfer data off of their mobile device is by using SMS and MMS. This stands for Short Message Service and Multimedia Message Service, but we often just refer to this as texting.
These text messages can contain pictures, audio, movies, and other types of data as well. So they can be used for outbound data leaks or disclosure of financial information. Just like the controls we have available to our camera, the Mobile Device Manager can also control the MMS and SMS functionality of your mobile device. So the text messaging on your device may be disabled completely or it may only be available when you’re in certain areas. Mobile Device Management (MDM) is important when placing restrictions on SMS (Short Message Service) and MMS (Multimedia Messaging Service) in secure environments due to the following reasons:
Data Leakage Prevention: Secure environments often deal with sensitive or confidential information. By using MDM, administrators can place restrictions on SMS and MMS to prevent data leakage. Unauthorized transmission of sensitive data via text or multimedia messages can be restricted or monitored, reducing the risk of confidential information being shared outside the secure environment. Mitigation of Security Risks: SMS and MMS can be potential attack vectors for security breaches. Malicious actors may attempt to exploit vulnerabilities in messaging protocols to gain unauthorized access to sensitive information or deliver malware. MDM can enforce restrictions on SMS and MMS functionality, reducing the risk of these attack vectors being exploited. 💿External Media
Mobile Device Management (MDM) solutions typically offer a range of security capabilities when it comes to external media, such as USB drives, SD cards, or other removable storage devices.
These capabilities help organizations protect sensitive data and mitigate the risks associated with the use of external media. Device-Level Restrictions: MDM allows administrators to enforce device-level restrictions on the use of external media. This includes the ability to disable or restrict the use of USB ports or other external connectivity options, preventing unauthorized access or data transfer to external media. Encryption: MDM solutions often include encryption capabilities for external media. Administrators can enforce encryption on external storage devices, ensuring that data stored on those devices is protected from unauthorized access in case of loss or theft. Access Controls: MDM enables granular access controls for external media. Administrators can define policies that restrict or control the types of files or data that can be stored on external media. This helps prevent sensitive or confidential information from being copied or transferred to external storage devices. 🚥USB On-The-Go (USB OTG)
USB On-The-Go (OTG) is a specification that enables mobile devices to act as USB hosts and interact with USB peripherals directly, without the need for a computer or other host devices.
It allows users to connect various USB peripherals, such as storage devices, keyboards, mice, and audio devices, to their mobile devices and use them as if they were directly connected to a computer. Made available on USB 2.0 🎤Recording Microphone
Like most features on your mobile phone, all of the audio Recordings can be enabled or disabled from your Mobile Device Manager.
MDM provides administrators with the ability to enforce policies and restrictions related to audio recording capabilities on managed devices. Can either disable completely or geofence it. 🗺️GPS Tagging
Geotagging refers to the process of attaching geographic location information, such as latitude and longitude coordinates, to various types of digital media, including photos, videos, or text data.
Geotagging enables the precise identification and association of content with specific geographic locations. Geotagging photos can potentially cause security concerns due to the following reasons:
Location Privacy: Geotagging reveals the precise geographic location where a photo was taken. This can pose a risk to personal privacy, as it discloses sensitive information about an individual's whereabouts, habits, or routines. Social Engineering and Fraud: Geotagged photos shared on social media platforms or online forums may inadvertently provide information that could be used in social engineering attacks or facilitate fraudulent activities. Confidential or Sensitive Locations: Geotagged photos taken in confidential or sensitive locations, such as corporate facilities, government buildings, or research facilities, may compromise security measures.
🕸️Wi-Fi Direct/Ad Hoc
Wi-Fi Direct is a peer-to-peer wireless communication technology that allows devices to establish direct connections with each other without the need for a traditional Wi-Fi network or access point.
It enables devices to share data, files, or establish network connections directly between them. While Wi-Fi Direct offers convenience and flexibility, there are certain security implications to consider:
Unauthorized Connections: Wi-Fi Direct allows devices to connect with each other without the need for a network password or access point. 
3.5 Given a scenario, implement secure mobile solutions
