Jul 21, 2019
MDT 106 - Mobile Device Security Credits: 3
Lecture Hours: 3
Lab Hours: 0
Practicum Hours: 0
Work Experience: 0
Course Type: Voc/Tech
An introductory course identifying key threats across the mobile environment and techniques to reduce the risk to end-user data on mobile devices. Discuss the range of threats, the potential harm to end-users and the need to provide additional security in mobile apps. Explore app design principles that incorporate countermeasures to attacks targeting mobile devices.
- Compare and contrast the capabilities and limitations of mobile devices that create unique security challenges
- Describe the consumer-oriented nature of mobile device platforms and the responsibility for application developers to protect sensitive personal information while providing a rich client experience.
- Explain mobile applications dependence on frequent communications between the client and servers to store and process data, resulting in personal information being present both on the device and in the cloud.
- Examine the mobile environment’s controlled access to the platform’s operating system and restrictions on interacting with other applications that limit opportunities to mitigate security flaws.
- Identify the stake-holders directly responsible for a safe mobile environment, including mobile app developers, Information Technology (IT) staff/consultants and end-users
- Discuss the mobile risk ecosystem
- Introduce the mobile ecosystem consisting of small portable devices featuring high-speed processors with extensive memory, over-the-air communications networks, centrally distributed apps, and environmentally aware hardware sensors.
- Describe the mobile risk model including the physical, service and app risks.
- Explore sensitive information leakage.
- Explain the inherently greater risk for data leakage when data is stored on mobile devices.
- Describe the many services, within a mobile platform, designed to store sensitive information.
- Identify techniques to mitigate information leakage, such as using more secure on-device storage features, app developers writing more secure code, and using Mobile Device Management (MDM) capabilities.
- Outline the basic functionality of the cellular network.
- Discuss the interoperability of modern cellular networks.
- Identify the targets at the endpoints of the mobile networks that are the focus of attacks and countermeasures
- Describe possible attacks on the mobile network endpoints
- Explore the recommended countermeasures.
- Evaluate the general security model for mobile devices.
- Discuss the mobile device’s underlying hardware and operating system.
- Explore the supporting software libraries and application framework.
- Examine the application layer.
- Describe the security concerns over software fragmentation
- Critique jailbreaking and rooting security issues.
- Define jailbreaking and rooting as related to mobile devices
- Discuss the pros and cons of jailbreaking and rooting.
- Describe techniques for jailbreaking and rooting mobile devices.
- Explore countermeasures to jailbreaking and rooting attempts.
- Explore malware that exploits features distinctive to the mobile environment.
- Explain the fundamentals of mobile malware.
- Examine the malware used to violate the end-user’s privacy, conduct fraud, and disrupt the mobile device.
- Discuss the current countermeasures to prevent malware on mobile devices.
- Assess the vulnerabilities of web services accessible from mobile web apps.
- Discuss the security risks of server-side attacks versus client-side attacks
- Describe general guidelines for securing web services.
- Explore web-based attacks and countermeasures encountered in the mobile environment.
- Review common authentication and authorization frameworks for mobile apps.
- Outline Mobile Device Management (MDM).
- Explain the MDM frameworks ability to remotely (over-the-air) monitor, control, and manage mobile devices.
- Discuss device provisioning by which MDM solutions deploy and enforce policies and restrictions on mobile devices.
- Explore the device-centric, data-centric, and hybrid MDM models.
- Describe the remote wipe and remote lock features of MDM
- Evaluate mobile application development security.
- Describe the application developer’s role in controlling the interface through which end-users interact with the mobile device and network.
- Discuss the built-in security features of the mobile platform and the risks of device theft.
- Explore mobile app threat models for identifying security risks.
- Examine secure mobile development guidelines to mitigate potential attacks.
- Assess the security features of mobile payment systems.
- Describe the current mobile payment systems available to app developers.
- Explain the components of mobile payment applications
- Discuss the functionality of wallet applications including vulnerabilities and defenses.
[Add to Portfolio]