Posted on

Digital Forensics with Autopsy : Part 2

Hello aspiring Computer Forensic Investigators. This article is the second part of performing Digital Forensics with Autopsy. Read the first part here. So let’s continue answering the questions presented by the case.

11. When was the last recorded computer shutdown date/time?

The last recorded shutdown date and time can be found out in the following file in Windows.

“C:\WINDOWS\system32\config\software\Microsoft\WindowNT\CurrentVersion\Prefetcher\ExitTime”

digital forensics

The shutdown date and time is 2004/08/27 10:46:27.

12. List the network cards used by this computer?

The information about the network cards on this computer can be found in the Windows file “C:\WINDOWS\system32\config\software\Microsoft\WindowNT\CurrentVersion\NetworkCards”

There are two network cards on this system. One is a Compaq WL 110 Wireless LAN PC Card and another is Xircom CardBus Ethernet 100 + Modem 56 (Ethernet Interface).

13. A search for the name of “G=r=e=g S=c=h=a=r=d=t” (The equal signs are just to prevent web crawlers from indexing this name; there are no equal signs in the image files) reveals multiple hits. One of these proves that G=r=e=g S=c=h=a=r=d=t is Mr. Evil and is also the administrator of this computer. What file is it? What software program does this file relate to?

The file that reveals all this information is “C:\Program Files\Look@LAN\irunin.ini”

his file belongs to the program Look@LAN.

14. This same file reports the IP address and MAC address of the computer. What are they?

The IP address of this machine is 192.168.1.111 and the MAC address is 0010a4933e09. The LAN user is Mr. Evil. This confirms that Mr. Evil and Greg Schardt are one and the same.

15. An internet search for vendor name/model of NIC cards by MAC address can be used to find out which network interface was used. In the above answer, the first 3 hex characters of the MAC address report the vendor of the card. Which NIC card was used during the installation and set-up for LOOK@LAN?

Media Access Control (MAC) address or the physical address is a 12 digit hexadecimal number hardcoded to the NIC card. The first 3 hexadecimal characters reveal the vendor of the NIC card. There are many websites which offer this service of knowing the vendor of the NIC card. Pasting the MAC address of the computer reveals the vendor.

The Vendor of this NIC card is XIRCOM.

16. What is the SMTP email address for Mr. Evil?

SMTP or Simple Mail Transfer Protocol is a protocol used to send emails. The SMTP email address if present on the system can be found in “C:\Program Files \Agent\Data\AGENT.INI file”.

The SMTP email address is “[email protected]”.

17. What are the NNTP (News Server) settings for Mr. Evil?

This information can be found in the same file as above.

The news server being used is “news.dallas.sbcglobal.net”.

18. What two installed programs show this information?

We searched for local settings of all programs and found the information about this news server in the local settings of Outlook Express.

We found this information in the documents and settings file (and above shown path) of user Mr. Evil.

19. List 5 newsgroups that Mr. Evil has subscribed to?

We can find this information in the same file as above.

User Mr. Evil subscribed to over 23 news groups. The news groups subscribed by the user Mr. Evil are,

  1. Alt.2600.phreakz 2. Alt.2600 3. Alt.2600.cardz 4. Alt.2600codez 5. Alt.2600.crackz 6. Alt.2600.moderated 7. Alt.binaries.hacking.utilities 8. Alt.stupidity.hackers.malicious 9. Free.binaries.hackers.malicious 10. alt.nl.binaries.hack 11. Free.binaries.hacking.talentless.troll_haven 12. alt.hacking 13. free.binaries.hacking.beginner 14. alt.2600.programz 15. Free.binaries.hacking.talentless.troll-haven 16. alt.dss.hack 17. free.binaries.hacking.computers 18. free.binaries.hacking.utilities 19. alt.binaries.hacking.websites 20. alt.binaries.hacking.computers 21. alt.binaries.hacking.websites 22. alt.binaries.hacking.beginner 23. alt.2600.hackerz

20. A popular IRC (Internet Relay Chat) program called MIRC was installed. What are the user settings that were shown when the user was online in a chat channel?

We can find this information in the .ini file of the installed program MIRC. The path to this program is in “C:\Program Files\mIRC\mirc.ini”

The user settings that were shown when the user was online and in a chat channel are
user = Mini Me
email = [email protected]
nick = Mr
anick = mrevilrulez

21. This IRC program has the capability to log chat sessions. List 3 IRC channels that the user of this computer accessed?

This information can be accessed from C:\Program Files\mIRC\logs file.

The IRC channels that this user accessed are
Ushells.undernet.log
Elite.hackers.undernet.log
Mp3xserv.undernet.log
Chataholics.undernet.log
Cybercafé.undernet.log
M5tar.undernet.log
Thedarktower.afternet.log
Funny.undernet.log
Luxshell.undernet.log
Evilfork.efnet.log
Iso-warez.efnet.log
Houston.undernet.log

22. Ethereal, a popular “sniffing” program that can be used to intercept wired and wireless internet packets was also found to be installed. When TCP packets are collected and re-assembled, the default save directory is that users\My Documents directory. What is the name of the file that contains the intercepted data?

After going through the Documents folder, we found the file that contains the intercepted data. It’s name is “interception”.

23. Viewing the file in a text format reveals much information about who and what was intercepted. What type of wireless computer was the victim (person who had his internet surfing recorded) using?

Viewing the file “interception” in text format revealed that the victim was using Windows CE Pocket PC wireless computer.

24. What websites was the victim accessing?

Even this information can be obtained from the same file “interception” which is a packet capture file. We found two websites the victim was accessing, Mobile.msn.com and MSN Hotmail Email.

25. Yahoo mail, a popular web based email service, saves copies of the email under what file name?

Yahoo mail saves copies of email under the file name “ShowLetter[1].htm” which is in the temporary internet files folder of the user’s Documents and Settings.

26. Search for the main user’s web based email address. What is it?

This information can be found out in the same file. The main user’s web based email address is [email protected].

27. How many executable files are in the recycle bin?

The contents in the Recycle bin can be found in the RECYCLER folder.

There are in total four executable files in the Recycle bin.

28. Are these files really deleted?

As most of our readers already know, the files that go to the Recycle Bin are not permanently deleted. They are only deleted temporarily and can be restored easily to their actual location in Windows.

29. How many files are actually reported to be deleted by the file system?

This information can be found out from the INFO2 file.

The actual files deleted are three.

On being asked to find out any evidence that this laptop was used for hacking, we found in our forensic investigation that this laptop belonged to Greg Schardt who also has a online persona “Mr. Evil”. We found his operating system as Windows XP and he was running Ethereal, a packet interception program to capture network traffic. Apart from Ethereal, his system had six other programs which were used for hacking. He was active among many hacking related IRC channels and new groups. Corroborating this evidence with what his associates said about him, we can come to a conclusion that this laptop belonged to Greg Schardt and he was involved in hacking activities. This case can be closed now. Read how to perform forensics on a PDF File.

Posted on

Digital Forensics with Autopsy : Part 1

Hello aspiring ethical hackers. In this article, you will learn how to perform digital forensics with Autopsy. Autopsy is an open source digital forensics tool that acts as a graphical interface for SleuthKit. As our readers will soon see, it is fast and very easy to use this tool. The cross platform tool is used by law enforcement agencies, military agencies and corporate forensic analysts to find out about a hacking attack. It is installed by default in various pen testing distros.

But we have decided to use install Autopsy on a Windows 10 machine. Autopsy can be downloaded from here. After downloading the .msi file, install it just like any other Windows .msi file.

To perform digital forensics, we also need an image of a target computer or any other target device. For this we will use an Encase Image of a suspected Dell Latitude laptop named “Hacking Case” that can be downloaded from here. Here is a feel real back story about this image.

“On 09/20/04, a Dell CPi notebook computer, serial # VLQLW, was found abandoned along with a wireless PCMCIA card and an external homemade 802.11b antennae. It is suspected that this computer was used for hacking purposes, although cannot be tied to a hacking suspect, G=r=e=g S=c=h=a=r=d=t. (The equal signs are just to prevent web crawlers from indexing this name; there are no equal signs in the image files.) Schardt also goes by the online nickname of “Mr. Evil” and some of his associates have said that he would park his vehicle within range of Wireless Access Points (like Starbucks and other T-Mobile Hotspots) where he would then intercept internet traffic, attempting to get credit card numbers, usernames & passwords. Find any hacking software, evidence of their use, and any data that might have been generated. Attempt to tie the computer to the suspect, G=r=e=g S=c=h=a=r=d=t. A DD image and a EnCase image of the abandoned computer have already been made.”

The mission for us is to analyze this Encase Image and answer around 20 questions that solve this case. The questions are also provided by the same people who provided this Hacking Case to us. Let’s start analyzing this image and solve the case. Once the program is installed, open it and click on “New Case”.

autopsy

Give a name to the case. We have named it “Hacking_Case”.

Assign a number to the case and provide the name of the Forensic investigator. Our case number is 00 and the investigator is Luke_Reckah.

Next, select the type of source. Select “Disk Image”.

Select the Data Source. You need to download two Encase Images. Select the first part of the Encase images downloaded.

Next, select all the ingest modules you want to run. Ingest modules are all the tests that can be run on the image to gather information about it. These ingest modules include tests like hash lookup, email parsing etc. We selected all for this.

Autopsy will start analyzing the image. It may take some time to completely analyze the image. However, it will start displaying findings as soon as it finds them. Let the image analysis finish.

After the image analysis is finished, all the extracted information can be found on the left side of the program window.

It’s time to start answering questions related to the case.

1. What is the image hash? Does the acquisition and verification hash match?

In Digital Forensics, as soon as a image is acquired to perform analysis on it, a hash is calculated to check if the file integrity is intact and not compromised. If the acquisition and verification hash do not match, it means our forensic analysis has changed the image which is not at all intended. The image hash is “AEE4FCD9301C03B3B054623CA261959A”. It is found in the File Meta data section.

2. What operating system was used on the computer?

The operating system information can be found in the operating system information of the extracted content.

The operating system is Windows XP.

3. Who is the registered owner?

The information about the registered owner of the computer is found in the same operating system info section in extracted content.

The name of the owner of this computer is “Greg Schardt”.

4. When was the install date?

The install date can be found in the same operating system info section just below the OS information.

The OS on the computer was installed on 19-08-2004 22:48:27.

5. What is the computer account name?

The computer account name on this computer is found in the same section.

The computer account name is N-1A9ODN6ZXK4LQ.

6. How many accounts are recorded?

The information about the user accounts is found in the Operating system user account section.

There are total five user accounts on the target computer. They are Administrator, Mr. Evil, SUPPORT_388945a0, Guest and HelpAssistant.

7. What is the account name of the user who mostly uses the computer?

In the same section, the count section shows how many times the user logged in.

The user Mr. Evil has logged in 15 times while the others didn’t even log in once. So Mr. Evil is the user who mostly uses the computer.

8. Who was the last user to logon to the computer?

The information about the last user to logon to this computer can be found from the Date accessed column of the user account.

The last user to logon to this computer is Mr. Evil.

9. Find 6 installed programs that may be used for hacking?

The programs installed on the computer system can be found out from the Installed programs section of the extracted content.

There are total 32 programs installed on the computer and from them, there are seven programs that can be used for hacking. They are Ethereal 0.10.6 v.0.10.6, Network Stumbler 0.4.0, Look@LAN 2.50 Build 29, 123 Write All Stored Passwords, CuteFTP, Cain & Abel v2.5 beta45 and Anonymizer Bar 2.0.

10. Perform a Anti-Virus check. Are there any viruses on the computer?

Malicious files (if any) are found in the Interesting Items section of the extracted content.

There is one malware present on the computer system. It is a zip bomb.

Will be continued in Part 2.

Posted on

PEframe : Analysis of portable executable files

Hi Readers today we will see a PEframe Tutorial. These days hackers are using numerous ways to get into our systems. One of them is by sending a malicious portable executable file to us or make us download the malicious executable file and execute it on our system. We have seen one such Real World Hacking Scenario in the issue of Hackercool February 2017. In this scenario we have not only seen how hackers can make malicious executable files but also how they bypass antivirus and convince the innocent users to click on those malicious files. In this howto, we will learn how to perform analysis of portable executable files.

Analysis helps us to determine what the file was intended to do once clicked. There are two types of analysis: static analysis and dynamic analysis. In static analysis the sample is analyzed without executing it whereas in dynamic analysis the sample is executed in a controlled environment. Static analysis is performed on the source code of the sample portable executable. There are various tools which help us in static analysis of portable executables. One such tool is PEframe. PEframe reveals information about suspicious files like packers, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions and much more. PEframe is open source and can be installed in Kali Linux as shown below.

Open a terminal and type the command as shown below to clone PEFrame from Github.

After PEFrame is cloned successfully, a new directory is formed with name peframe. You are automatically taken into this directory. This tool requires simplejson (a subset of JavaScript). So install it using pip command. Next, we need to run the setup.py file from the directory. Since it is a python file, we need to run the command “python setup.py” install to install PEframe.

Once the installation is finished, type command “peframe -h” to see its simple usage

Before we analyze the portable executables, let us analyze some files we created for tutorials of our magazine. The first one is msf.pdf we created using Metasploit.

As you can see in the above image, we found not only an IP address but also an url hosting some executable file. It can be assumed that as we open this pdf file, another executable will be downloaded from the IP address and executed in our system. Let us now analyze a hta file created with Metasploit next. This file is analyzed as a HTML document with IP address and it has a library called kernel32.dll. This file probably opens a payload when clicked upon. Given below is another similar file in visual basic format.

Given below is a macro file. You can see all these files have an IP address where probably a listener is running.

Now let us analyze a portable executable file. Kali Linux has some exe files already stored in its windows-binaries folder. We will analyze the plink.exe file.

Plink.exe is a command line utility file similar to UNIX ssh. It is mostly used for automated operations. As you can see in the image given above, the program is giving more detailed information to us than the other files. The plink.exe has four sections and none of them appears to be suspicious. But the file has a packer, mutex and antidbg. The packer it used is Microsoft Visual C++ which is normally used for genuine programs.

Given above is its Antidbg and Mutex information. The dynamic link libraries it imports is also given. Given below are the apis (application programming interfaces) used by the file.

The filenames found in the portable executable are given in the image below. As you can see it has a big list of filenames.

Metadata is data about the data. Metadata reveals a lot of information about a file. Given below is the metadata of our portable executable. We can see that it is a part of Putty Suite.

Even the description of the file is given. Normally malware does not contain so much information about itself like this Plink file. Only genuine files contain so much information because they have no use to hide themselves. Now let us analyze another file. This file is also present in Kali Linux and it is a keylogger. It is klogger.exe present in the same windows-binaries folder.

As you can see in the above image, the file which has five sections has two suspicious sections and the packer it uses is ASPack v2.11. Let us have a look at its suspicious sections once.

Given below in the image are its api alerts and filenames. As you have observed, this file reveals very less information than the previous analyzed file. This in itself does not mean that the file is malicious but it gives a general idea about it. That’s all about Forensics using static analyzer PEFrame. We will be back with a new tool in our next howto.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on 5 Comments

PDF analysis for beginners

Hello, aspiring Ethical Hackers. In this blogpost you will learn how to perform PDF analysis on PDF files. In recent times, PDF files are back as initial attack vector. Many APT’s and cyber criminal groups have been seen using PDF files to gain initial access. So, I thought it is a good idea to make an article on PDF analysis. By the end of this article, you will be able to tell whether the PDF file you want to analyze is harmless or malicious.

For this howto, I will create a malicious PDF with Metasploit using the following exploit.

Pdf_analysis_1

As is well known, this exploit hides an exe within a PDF file. This PDF file can be sent to our target using any social engineering technique. When the target user clicks on it, we will get reverse_tcp connection. Another file we will be analyzing is a normal PDF file. Both of the files are shown below.

The first tool will be using is pdfid. Pdfid will scan a file to look for certain PDF keywords, allowing you to identify PDF documents that contain (for example) JavaScript or execute an action when opened. It will also handle name obfuscation.

Let us first analyze the pdf we created with Metasploit as shown below. As we can see below, the evil.pdf has JavaScript, Open action and launch objects which are indeed malicious.

Image explaining about Pdf forensics

Now let us analyze my monthly magazine as shown below.

As you have seen above, it’s totally clean. No JavaScript, nothing. That should calm my magazine readers.

Now coming to the malicious PDF, we can disable the malicious elements of the file using pdfid as shown below. Now the file is clean.

Now if we want to do further analysis on the malicious PDF, we can use another tool called pdf-parser. It will parse a PDF document to identify the fundamental elements used in the analyzed file.

Type command “pdf-parser /root/Desktop/evil.pdf” without quotes.

That will parse the entire PDF and its objects (We saw earlier that our malicious pdf contains 12 objects). On observation, objects 10 and 9 evoke some interest. We can also parse each object of the pdf file. Let us parse the object 10 as shown below.

We can see it has a launch action which launches the cmd.exe.

Similarly in object 9 we can see a JavaScript action.

Using pdf-parser with the ‘c’ option will display the content for objects without streams or with streams without filters.

On observation we can see a stream that looks like shellcode present in object 8.

That’s how we perform PDF analysis of a PDF file.

Posted on

Beginners guide to Mobile Security

Hello aspiring ethical hackers. In this blogpost, you will learn everything about Mobile security. Mobile security refers to the measures taken to protect mobile devices, such as smartphones and tablets, from malicious attacks, unauthorized access, and other security threats. With the increasing use of mobile devices for activities such as online banking, shopping, and accessing sensitive information, it is more important than ever to take steps to protect your devices and personal information.

Mobile architecture and operating systems

A mobile device’s architecture refers to its hardware and software components, including the operating system, firmware, and applications. Understanding the components that make up your device can help you identify potential security threats and take steps to protect your device.

There are several types of mobile operating systems, including iOS, Android, and Windows Phone. Each operating system has its own strengths and weaknesses when it comes to security, and it is important to be aware of the risks associated with using a particular device.

Rooting and jailbreaking are methods used to gain access to the root level of a device’s operating system, allowing users to install custom software and make changes to the device that are not possible with a standard setup. While these methods can offer greater flexibility and customization, they can also introduce security risks, such as allowingmalwareto bypass security measures and access sensitive information.

Android Architecture

Android is an open-source operating system for mobile devices developed by Google. The architecture of Android is composed of multiple layers that interact to provide the functionality of a mobile device. The layers of the Android architecture are:

  • Linux kernel: The Linux kernel is the foundation of the Android operating system. It provides hardware abstraction, power management, and security features to the Android device.
  • Native libraries: These are libraries that are written in C/C++ and are responsible for providing low-level functionality to the Android operating system. Some of the native libraries include SQLite, WebKit, and OpenSSL.
  • Application framework: The application framework is a set of APIs that provide the functionality for the Android applications. It is responsible for managing the life cycle of applications, user interfaces, data storage, and many other functionalities.

Applications: The top layer of the Android architecture is the applications that are built using the APIs provided by the application framework. Applications are the software programs that are installed on the Android device and provide the functionality to the user.

iOS Architecture

iOS is a mobile operating system developed by Apple for its devices. The architecture of iOS is based on a layered approach, similar to Android. The layers of the iOS architecture are:

  • Core OS: This is the lowest layer of the iOS architecture and is responsible for providing the core operating system services such as process management, file system access, and memory management.
  • Core Services: The Core Services layer is responsible for providing essential services such as networking, database, and threading.
  • Media Layer: This layer provides support for graphics, audio, and video processing.
  • Cocoa Touch Layer: The Cocoa Touch layer is the top layer of the iOS architecture and is responsible for providing the user interface and application framework.
  • Applications: Applications are the software programs that are installed on the iOS device and provide the functionality to the user.

Mobile hacking attacks

Bluetooth Attacks on Mobile

Bluetooth is a wireless technology used to transfer data between devices. Bluetooth attacks refer to the security threats that target Bluetooth-enabled devices. These attacks can compromise the privacy and security of the device and its data.

Types of Bluetooth Attacks

There are several types of Bluetooth attacks that can target mobile devices, some of them are:

  • Bluejacking: This is a type of Bluetooth attack that involves sending unsolicited messages to another device. The messages can be anything from harmless messages to malicious code.
  • Bluesnarfing: This is a type of Bluetooth attack that involves stealing data from a device. The attacker can access contacts, calendars, and other sensitive information stored on the device.
  • Bluebugging: This is a type of Bluetooth attack that involves taking control of a device. The attacker can access and control the device, including making phone calls and sending text messages.
  • Bluespoofing: This is a type of Bluetooth attack that involves impersonating another device. The attacker can create a fake device and trick a user into pairing with it.

Malware attacks on Mobile

These are malicious software programs that are designed to steal sensitive information or compromise the functionality of your device. Common forms of malware include viruses, Trojans, and spyware. Malware can be spread through downloading infected apps or visiting infected websites, and it can hide in your device’s background, silently collecting information and transmitting it to attackers.

Some Famous Android Trojans

There are several Android trojans that have been discovered in recent years. Some of the most famous Android Trojans are:

  • TimpDoor:This is a trojan that can steal sensitive information from infected devices. It can also install malicious applications and spread to other devices.TimpDoor Turns Mobile Devices Into Hidden Proxies

Devices running TimpDoor could serve as mobile backdoors for stealthy access to corporate and home networks because the malicious traffic and payload are encrypted. Worse, a network of compromised devices could also be used for more profitable purposes such as sending spam andphishingemails, performing ad click fraud, or launching distributeddenial-of-serviceattacks.

  • FakeInstaller:This is a trojan that disguises itself as a legitimate app and tricks users into installing it. Once installed, the trojan can steal sensitive information from the device.

Android.FakeInstaller sends SMS messages to premium rate numbers, without the user’s consent, passing itself off as the installer for a legitimate application. There is a large number of variants for this malware, and it is distributed on hundreds of websites and fake markets. The spread of this malware increases every day.

  • Slempo:This is a trojan that uses phishing techniques to steal sensitive information from the infected device. The trojan can also display fake advertisements and download additional malware onto the device.

JSocket:This is a trojan that opens a back door on the infected device, allowing the attacker to control the device remotely. It can also steal sensitive information and spread to other devices.

The malware is able to remotely control and access microphones and cameras, use a mobile device’s GPS systems to track victims and both modify and view text messages and phone call data.

The JSocket Trojan tends to spread through e-mail attachments masquerading as invoices, purchase orders and other financial documents which vary depending on the campaign.

To infect mobile devices, the Trojan is loaded into apps downloadable outside of the official Google Play store, as the malicious code requires an Android APK to function.

  • Gemini:This is a trojan that can steal sensitive information, including bank account credentials and credit card numbers, from the infected device.

Some Famous iOS Trojans

Although iOS is considered to be more secure than Android, there have still been instances of trojans affecting iOS devices. Some of the most famous iOS Trojans are:

  • KeyRaider:This is a trojan that affects jailbroken iOS devices. It can steal Apple account information and purchase data from the App Store.

It implemented the following malicious behaviors:

Stealing Apple account (user name and password) and device GUID, stealing certificates and private keys used by Apple Push Notification Service and preventing the infected device being unlocked by passcode or by iCloud service.

  • XcodeGhost: This is a trojan that affects iOS applications. It can steal sensitive information from the infected device and spread to other devices through the infected application.

The apps that are infected by the XcodeGhostviruscan collect information about a device user, and then send encrypted messages off to a remote server through the HTTP protocol. Some of the information that is shared includes:

  • Infected app’s name
  • Current time
  • The app’s bundle identifier
  • Network type
  • Device name and type
  • Current system language and country
  • Current device’s UUID
  • Network type

Another risk that is associated with the XcodeGhost malware is that it allows an iOS device to receive commands from an attacker. Such attacks can make the app perform any of the following concerning actions:

Create a fake alert message that can trick a device user to give personal information, hijack the opening of various URLs based on their scheme. This opens the possibility of exploiting vulnerabilities in iOS and macOS, read and write data in the user’s clip This can be used to get passwords to various accounts

  • Pegasus: This is a trojan that can infect an iOS device through a malicious text message or email. It can steal sensitive information and monitor the device’s activity.

As of 2016, Pegasus spyware was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps.

The Pegasus spyware is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones. The NSO Group states that it provides “authorized governments with technology that helps them combat terror and crime.”

  • AceDeceiver: This is a trojan that affects jailbroken iOS devices. It can steal sensitive information, such as Apple account credentials, and spread to other devices.

This malware is able to install itself without an enterprise certificate, unlike previous iOS malware that abused enterprise certificates in order to infect devices. This is also the first iOS malware that exploits design flaws in Apple’s DRM protection mechanism, FairPlay, which means that it can infect devices that aren’t jailbroken.

Protecting Yourself from Deceptive Threats

Social engineeringattacks are a common threat in the mobile space, and they involve tricking users into divulging sensitive information or downloading malware.

These attacks can take many forms, including phishing scams, vishing (voice phishing), and baiting (leaving a USB drive with malware in a public place).

To protect yourself from social engineering attacks, be cautious of unsolicited emails and phone calls, and never provide sensitive information or download attachments from unknown sources.

Securing Your Mobile Payments

With the increasing popularity of mobile payments, it is important to consider the security risks associated with using your mobile device for financial transactions. Make sure to only use trusted payment apps and avoid entering sensitive information on public Wi-Fi networks. Consider setting up two-factor authentication for an added layer of security, and be sure to regularly monitor your accounts for unauthorized transactions.

Protecting Your Data in theCloud

Cloud storage can be a convenient way to store and access data, but it is important to be aware of the security risks associated with storing sensitive information in the cloud. Consider usingencryptionand strong passwords, and be cautious of downloading apps from untrusted sources. Make sure to read the privacy policies of any cloud storage service you use, and be mindful of the types of information you store in the cloud.

Securing Your Physical Device

Physical security refers to protecting your device from theft or unauthorized access. Consider using a password or passcode to lock your device, and keep it in a secure location when not in use. If you lose your device, it is important to act quickly to erase the data on the device to prevent unauthorized access to your sensitive information.

In the Event of Loss or Theft

Remote wipingis a feature that allows you to erase the data on your device in the event of theft or loss. Make sure to enable this feature on your device, and familiarize yourself with how to use it in the event of an emergency. Consider setting up a tracking app to help locate your lost device, and report the loss or theft to your mobile carrier and local law enforcement as soon as possible.

These are malicious software programs that are designed to steal sensitive information or compromise the functionality of your device. Common forms of malware include viruses, Trojans, and spyware. Malware can be spread through downloading infected apps or visiting infected websites, and it can hide in your device’s background, silently collecting information and transmitting it to attackers.

Man-in-the-Middle (MITM) Attacks:This type of attack involves an attacker intercepting and altering the communication between two parties.

In the context of mobile security, this can happen when an attacker is able to intercept a Wi-Fi signal, allowing them to access and steal sensitive information transmitted over the network.

  1. Session Hijacking:This type of attack involves an attacker taking control of a user’s active session by stealing their session ID.

This can occur when an attacker is able to intercept a user’s login credentials, allowing them to access the user’s session and sensitive information.

  1. Rootkit Attacks:Rootkits are malicious software programs that are designed to hide their presence and bypass security measures. They can be particularly dangerous on mobile devices, as they can grant attackers full access to your device, allowing them to steal sensitive information and control the device.
  2. Ransomware Attacks: This type of attack involves an attacker encrypting a user’s files and demanding a ransom payment in exchange for the decryption key. On mobile devices, ransomware can be spread through infected apps or visiting infected websites, and it can lock down the device and make it difficult for the user to access their sensitive information.
  1. SMS Spoofing:This type of attack involves an attacker sending text messages from a fake or spoofed number, tricking the recipient into revealing sensitive information or downloading malware. SMS spoofing can be used for phishing attacks or to spread malware.
  2. Ad Fraud:This type of attack involves attackers using bots or malware to artificially inflate the number of clicks or impressions on an ad, resulting in increased revenue for the attacker.

Ad fraud can impact both the advertisers and users, as it can result in increased costs and decreased security.

  1. BlueBorne Attack:This type of attack involves an attacker exploiting vulnerabilities in the Bluetooth communication protocol to gain access to a device. This can allow an attacker to steal sensitive information, install malware, or take control of the device.
  2. Rogue App Attack:This type of attack involves an attacker offering a fake or malicious app, disguised as a legitimate app, in app stores or through third-party sources. When a user downloads the rogue app, it can steal sensitive information, install malware, or take control of the device.
  3. Cloud Jacking Attack:This type of attack involves an attacker accessing and stealing sensitive information stored in the cloud, such as contacts, photos, or financial information. Cloud Hackers can gain access to the cloud through unsecured Wi-Fi networks or by exploiting vulnerabilities in the cloud storage service.

Protecting Your Mobile Device

To protect your mobile device from hacking and malware attacks, it is important to follow some basic security measures. Here are a few tips:

  1. Keep software up to date:Regular software updates include security patches that fix vulnerabilities in your device. Make sure to regularly check for and install updates for both the operating system and installed applications.
  2. Use strong passwords:A strong password consists of a combination of letters, numbers, and symbols and should be unique to your device. Avoid using easily guessable passwords such as “1234” or “password”.
  3. Be cautious of public Wi-Fi:Public Wi-Fi networks are often unsecured and can provide hackers with an easy way to steal sensitive information. Avoid using public Wi-Fi for financial transactions or entering sensitive information.
  4. Install security software:Consider installingantivirussoftware and a mobile security app to protect your device from malware and hacking attacks.
  5. Avoid downloading from untrusted sources:Only download apps from trusted app stores, such as the Apple App Store or Google Play Store. Avoid downloading apps from untrusted websites, as they may contain malware.
  6. Be aware of phishing scams:Be cautious of emails, text messages, or links that ask for sensitive information, such as login credentials or financial information. Always double-check the sender and look for signs of a phishing scam before providing any information.
  7. Use encryption:Encrypting your device’s data helps to protect it from theft and unauthorised access.

By following these simple tips, you can help to protect your mobile device from security threats. Remember, being proactive about mobile security can help keep your personal information and data safe.

Conclusion

It is clear that there are many different types of mobile hacking attacks that pose a threat to your device and sensitive information. By being aware of these threats and taking steps to protect your device, you can help ensure that your personal information and sensitive data remain safe and secure. Keep your device and software updated, use strong passwords and encryption, and be cautious when downloading apps or visiting websites to minimize your risk of a successful attack.

Mobile security is a growing concern; as mobile devices are becoming increasingly integral to our daily lives. By understanding the different types of threats and taking steps to protect your device, you can help ensure that your personal information and sensitive data remain safe and secure. Stay informed and stay protected by keeping your device and software updated, using strong passwords and encryption, and being cautious when downloading apps or visiting websites. Watch out this blogpost for more updates on mobile security