Hacking Exposed Mobile

Book description

Proven security tactics for today's mobile apps, devices, and networks

"A great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter." -- Slashdot

Hacking Exposed Mobile continues in the great tradition of the Hacking Exposed series, arming business leaders and technology practitioners with an in-depth understanding of the latest attacks and countermeasures--so they can leverage the power of mobile platforms while ensuring that security risks are contained." -- Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA

Identify and evade key threats across the expanding mobile risk landscape. Hacking Exposed Mobile: Security Secrets & Solutions covers the wide range of attacks to your mobile deployment alongside ready-to-use countermeasures. Find out how attackers compromise networks and devices, attack mobile services, and subvert mobile apps. Learn how to encrypt mobile data, fortify mobile platforms, and eradicate malware. This cutting-edge guide reveals secure mobile development guidelines, how to leverage mobile OS features and MDM to isolate apps and data, and the techniques the pros use to secure mobile payment systems.

  • Tour the mobile risk ecosystem with expert guides to both attack and defense
  • Learn how cellular network attacks compromise devices over-the-air
  • See the latest Android and iOS attacks in action, and learn how to stop them
  • Delve into mobile malware at the code level to understand how to write resilient apps
  • Defend against server-side mobile attacks, including SQL and XML injection
  • Discover mobile web attacks, including abuse of custom URI schemes and JavaScript bridges
  • Develop stronger mobile authentication routines using OAuth and SAML
  • Get comprehensive mobile app development security guidance covering everything from threat modeling to iOS- and Android-specific tips
  • Get started quickly using our mobile pen testing and consumer security checklists
  • Table of contents

    1. Cover
    3. Copyright Page
    4. Dedication
    5. About the Authors
    6. At A Glance
    7. Contents
    8. Foreword
    9. Acknowledgments
    10. Introduction
    11. 1 The Mobile Risk Ecosystem
      1. The Mobile Ecosystem
        1. Scale
        2. Perceived Insecurity
      2. The Mobile Risk Model
        1. Physical Risks
        2. Service Risks
        3. App Risks
      3. Our Agenda
      4. Summary
    12. 2 Hacking the Cellular Network
      1. Basic Cellular Network Functionality
        1. Interoperability
        2. Voice Calls
        3. The Control Channels
        4. Voice Mailboxes
        5. Short Message Service
      2. Attacks and Countermeasures
      3. The Brave New World of IP
      4. Summary
    13. 3 iOS
      1. Know Your iPhone
      2. How Secure Is iOS?
      3. Jailbreaking: Unleash the Fury!
        1. Boot-based Jailbreak
      4. Hacking Other iPhones: Fury, Unleashed!
      5. Summary
    14. 4 Android
      1. Security Model
      2. Application Components
      3. Data Storage
      4. Near Field Communication (NFC)
      5. Android Development
        1. Android Emulator
        2. Android Debug Bridge
      6. Rooting
      7. Decompiling and Disassembly
        1. Decompiling
      8. Intercepting Network Traffic
        1. Adding Trusted CA Certificates
        2. Configuring a Proxy Server
      9. Intent-Based Attacks
      10. NFC-Based Attacks
      11. Information Leakage
        1. Leakage via Internal Files
        2. Leakage via External Storage
        3. Information Leakage via Logs
        4. Information Leakage via Insecure Components
        5. General Mitigation Strategies to Prevent Information Leakage
      12. Summary
    15. 5 Mobile Malware
      1. Android Malware
      2. iOS Malware
      3. Malware Security: Android vs. iOS
      4. Summary
    16. 6 Mobile Services and Mobile Web
      1. General Web Service Security Guidelines
      2. Attacks Against XML-based Web Services
      3. Common Authentication and Authorization Frameworks
        1. OAuth 2
        2. SAML
      4. Mobile Web Browser and WebView Security
        1. Exploiting Custom URI Schemes
        2. Exploiting JavaScript Bridges
      5. Summary
    17. 7 Mobile Device Management
      1. MDM Frameworks
      2. Device Provisioning
      3. Bypassing MDM
      4. Decompiling and Debugging Apps
      5. Detecting Jailbreaks
      6. Remote Wipe and Lock
      7. Summary
    18. 8 Mobile Development Security
      1. Mobile App Threat Modeling
        1. Threats
        2. Assets
        3. Finishing and Using the Threat Model
      2. Secure Mobile Development Guidance
        1. Preparation
        2. Secure Mobile Application Guidelines
        3. Testing to Make Sure
        4. For Further Reading
      3. Summary
    19. 9 Mobile Payments
      1. Current Generation
      2. Contactless Smartcard Payments
        1. Secure Element
        2. Secure Element API
        3. Mobile Application
      3. Google Wallet
      4. Square
      5. Summary
    20. A Consumer Security Checklist
      1. Security Checklist
    21. B Mobile Application Penetration Testing Toolkit
      1. iOS Pen Test Toolkit
      2. Android Pen Test Toolkit
    22. Index

    Product information

    • Title: Hacking Exposed Mobile
    • Author(s): Neil Bergman, Mike Stanfield, Jason Rouse, Joel Scambray, Sarath Geethakumar, Swapnil Deshmukh, Scott Matsumoto, John Steven, Mike Price
    • Release date: August 2013
    • Publisher(s): McGraw-Hill
    • ISBN: 9780071817028