book

Hacking Exposed Mobile

by Neil Bergman, Mike Stanfield, Jason Rouse, Joel Scambray, Sarath Geethakumar, Swapnil Deshmukh, Scott Matsumoto, John Steven, Mike Price

August 2013

Intermediate to advanced

320 pages

8h 51m

English

McGraw-Hill

Read now

Unlock full access

Cover
HACKING EXPOSED™: MOBILE SECURITY SECRETS & SOLUTIONS
Copyright Page
Dedication
About the Authors
At A Glance
Contents
Foreword
Acknowledgments
Introduction

1 The Mobile Risk Ecosystem
The Mobile EcosystemScalePerceived InsecurityThe Mobile Risk ModelPhysical RisksService RisksApp RisksOur AgendaSummary
2 Hacking the Cellular Network
Basic Cellular Network FunctionalityInteroperabilityVoice CallsThe Control ChannelsVoice MailboxesShort Message ServiceAttacks and CountermeasuresThe Brave New World of IPSummary
3 iOS
Know Your iPhoneHow Secure Is iOS?Jailbreaking: Unleash the Fury!Boot-based JailbreakHacking Other iPhones: Fury, Unleashed!Summary
4 Android
Security ModelApplication ComponentsData StorageNear Field Communication (NFC)Android DevelopmentAndroid EmulatorAndroid Debug BridgeRootingDecompiling and DisassemblyDecompilingIntercepting Network TrafficAdding Trusted CA CertificatesConfiguring a Proxy ServerIntent-Based AttacksNFC-Based AttacksInformation LeakageLeakage via Internal FilesLeakage via External StorageInformation Leakage via LogsInformation Leakage via Insecure ComponentsGeneral Mitigation Strategies to Prevent Information LeakageSummary
5 Mobile Malware
Android MalwareiOS MalwareMalware Security: Android vs. iOSSummary
6 Mobile Services and Mobile Web
General Web Service Security GuidelinesAttacks Against XML-based Web ServicesCommon Authentication and Authorization FrameworksOAuth 2SAMLMobile Web Browser and WebView SecurityExploiting Custom URI SchemesExploiting JavaScript BridgesSummary
7 Mobile Device Management
MDM FrameworksDevice ProvisioningBypassing MDMDecompiling and Debugging AppsDetecting JailbreaksRemote Wipe and LockSummary
8 Mobile Development Security
Mobile App Threat ModelingThreatsAssetsFinishing and Using the Threat ModelSecure Mobile Development GuidancePreparationSecure Mobile Application GuidelinesTesting to Make SureFor Further ReadingSummary
9 Mobile Payments
Current GenerationContactless Smartcard PaymentsSecure ElementSecure Element APIMobile ApplicationGoogle WalletSquareSummary
A Consumer Security Checklist
Security Checklist
B Mobile Application Penetration Testing Toolkit
iOS Pen Test ToolkitAndroid Pen Test Toolkit
Index

Overview

Proven security tactics for today's mobile apps, devices, and networks

"A great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter." -- Slashdot

Hacking Exposed Mobile continues in the great tradition of the Hacking Exposed series, arming business leaders and technology practitioners with an in-depth understanding of the latest attacks and countermeasures--so they can leverage the power of mobile platforms while ensuring that security risks are contained." -- Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA

Identify and evade key threats across the expanding mobile risk landscape. Hacking Exposed Mobile: Security Secrets & Solutions covers the wide range of attacks to your mobile deployment alongside ready-to-use countermeasures. Find out how attackers compromise networks and devices, attack mobile services, and subvert mobile apps. Learn how to encrypt mobile data, fortify mobile platforms, and eradicate malware. This cutting-edge guide reveals secure mobile development guidelines, how to leverage mobile OS features and MDM to isolate apps and data, and the techniques the pros use to secure mobile payment systems.

Tour the mobile risk ecosystem with expert guides to both attack and defense

Learn how cellular network attacks compromise devices over-the-air

See the latest Android and iOS attacks in action, and learn how to stop them

Delve into mobile malware at the code level to understand how to write resilient apps

Defend against server-side mobile attacks, including SQL and XML injection

Discover mobile web attacks, including abuse of custom URI schemes and JavaScript bridges

Develop stronger mobile authentication routines using OAuth and SAML

Get comprehensive mobile app development security guidance covering everything from threat modeling to iOS- and Android-specific tips

Get started quickly using our mobile pen testing and consumer security checklists

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780071817011

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills