Index

A

access codes in Bluetooth, 293

Activities in Android, 20, 29–32

adb (Android Debug Bridge), 18–19

adbd (Android Debug Bridge Daemon), 18–19

addition functions in Windows Mobile, 102

addProximityAlert method, 37, 336

Address Space Layout Randomization (ASLR), 65

AdoptFromServer method, 219

AES key, 146

AF_BTH address family, 119

AIDL (Android Interface Definition Language), 21, 40

AJAX SDK, 52

.alx manifest files, 133

Andersen, Buzz, 69

Android, 16–17

Activities, 29–32

application sandboxing, 354

Binder interfaces, 40–42

Broadcasts, 32–34

buffer overflow, 359

conclusion, 46–47

ContentProviders, 35–36

development and debugging, 17–19

files and preferences, 38–39

geolocation, 334–336

intent reflection, 37–38

IntentFilters, 28–29

Intents, 27–29

IPC mechanisms, 20–21

mass storage, 40

permissions, 22–27

policies, 349

security model, 21–22

security tools, 42–46

Services, 34–35

SQL injection, 37

Android Activity Manager, 28

Android Debug Bridge (adb), 18–19

Android Debug Bridge Daemon (adbd), 18–19

Android Interface Definition Language (AIDL), 21, 40

AndroidManifest.xml file

BroadcastReceivers, 32

permissions, 22, 24–25

Services, 34

viewing, 43, 372

App Store, 50

AppAssistant, 244

Apple iPhone. See iPhone

application developers for Android, 17

application isolation, 5

Application Manager, 227

application packaging

BlackBerry, 132–134

iPhone, 62

JME, 170–175

SymbianOS, 200–206

WebOS, 246–247

Windows Mobile, 104–106

Application Permissions Manager, 135, 140

Application Profiler, 166

Application Store, 62–63

Application Web Loader, 134

applications

iPhone, 62–64

sandboxing, 352–354

signing, 354–356

SMS, 324–326

WAP and Mobile HTML, 260–273

Windows Mobile, 110–111

AppTRK device agent, 190–191

Aptana plug-in, 231

ARM architecture

iPhone, 62, 65

SymbianOS, 184, 199

Windows Mobile, 81, 99

arrays in Symbian C++, 194

ASLR (Address Space Layout Randomization), 65

assistants, WebOS, 230–231

asymmetric cryptography, 108

AT commands, 327–329

authentication

Bluetooth, 290–291

keyboard issues, 3

MFA, 8–9

WAP and Mobile HTML, 254–257

Authenticode, 105, 107–110

authorization in Bluetooth, 290–292

B

BAS (BlackBerry Attachment Service), 123

battery-draining attacks, 316–317

BBFileScout application, 144

BD_ADDR (Bluetooth device address), 283

BDM (BlackBerry Desktop Manager), 132–133

bearers in WAP, 306

Berkeley Sockets API, 118

BES (BlackBerry Enterprise Server), 123, 134, 349

Beselo.B worm, 365

Binder interface, 21, 40–42

bindService method, 34

BIS (BlackBerry Internet Service), 123, 148

BlackBerry, 122

application packaging and distribution, 132–134

application sandboxing, 354

buffer overflow, 359

carrier certificates and MIDLet signatures, 140–141

code security, 131

coding environment, 125–126

conclusion, 149–150

debugging, 127–128

development and security testing, 125–134

device and OS architecture, 124–125

disassembly, 129–131

encrypted and device secured storage, 146–148

geolocation, 338–339

introduction, 122–123

local data storage, 143–148

locking devices, 142–143

networking, 148–149

permissions and user controls, 134–143

programmatic file system access, 144–145

RIM Controlled APIs, 135–140

simulators, 126–127

structured storage, 145

BlackBerry Application Web Loader, 134

BlackBerry Attachment Service (BAS), 123

BlackBerry Desktop Manager (BDM), 132–133

BlackBerry Developer Zone site, 158

BlackBerry Enterprise Server (BES), 123, 134, 349

BlackBerry Internet Service (BIS), 123, 148

BlackBerry Signing Authority Tool, 135

BlackHat presentation, 123

Bluebugging, 295

Bluejacking, 295

Bluesnarfing, 295

Bluetooth, 278

alternatives, 279–281

common uses, 279

device identification, 283

future, 281

history and standards, 278–279

modes of operation, 283–284

network topology, 282–283

pairing, 288–290

profiles, 286–287

radio operation and frequency, 281–282

recommendations, 297

security features, 287–294

stack, 285–286

threats, 294–295

vulnerabilities, 295–297

and Windows Mobile, 119

Bluetooth device address (BD_ADDR), 283

Bluetooth Generic Access Profile, 293

Bluetooth Special Interest Group, 278

bondable Bluetooth mode, 284

Brador.a Trojan, 366

BROADCAST_STICKY permission, 34

broadcastIntent method, 33

BroadcastReceivers, 32

Broadcasts in Android, 20, 32–34

browsers

extensions, 377–381

WAP and Mobile HTML, 273–275

buffer overflows

BlackBerry, 131

enterprise security, 357–360

iPhone, 57

JME, 168

Symbian C++, 192

Windows Mobile, 101–102

builds for iPhone, 62

Burns, Jesse, 42

bytecode in JME, 162

C

C development toolkit (CDT), 186

C# language, 103

C/C++ languages

BlackBerry, 131

buffer overflows, 357–358

iPhone, 60

JME, 169

Symbian. See Symbian C++

Windows Mobile, 100–103

CAB files, 104–106

CAB Provisioning File (CPF), 113

Cabir worm, 365

CabWiz.exe tool, 106

Cache Operations (CO), 310–312

caches, browser, 274

caller IDs, 257

caller permissions, 41

calling Android services, 34

Camera capture scene, 245

capabilities of SymbianOS, 207–210

CAPI (Crypto API), 117

car whispering, 295

Carbide.c++, 186–187

carrier certificates, 140–141

CAs (Certification Authorities)

JME, 173, 355

Windows Mobile, 107

categories in Intents, 29

CDC (Connected Device Configuration), 154–155

CDK (C development kit), 186

CDMA (Code Division Multiple Access), 300

CeAppMgr.exe (Mobile Application Manager), 106

cellular emulator, 93–94

Certificate Signing Requests (CSRs), 63

certificate stores, 108–109

certificates

carrier, 140–141

iPhone, 63, 70

Windows Mobile, 107–110

Certification Authorities (CAs)

JME, 173, 355

Windows Mobile, 107

Certified Signed category, 205

Certified Wireless USB, 279

Chaos Communication Congress 2008, 51

characteristics of executables, 97–98

checkCallingPermission method, 41

checkCallingPermissionOrSelf method, 41

checkPermission method, 24–25, 35

CheckPolicy method, 213

claimant devices in Bluetooth, 291

Clang Static Analyzer tool, 61

Clark, Chris, 354

class-dump tool, 54

class-dump-x tool, 54–55

CLDC (Connected Limited Device Configuration), 122, 153–155, 169–170

Cleanup Stack, 196–197

client/server sessions in SymbianOS, 211–216

CM (Connection Manager) component, 118

CO (Cache Operations), 310–312

Cocoa Socket Streams, 73

Cocoa Touch API, 50–51

coddec tool, 129–130

Code Division Multiple Access (CDMA), 300

code security

BlackBerry, 131

JME, 168–170

SymbianOS, 191–200

WebOS, 237–247

Windows Mobile, 100–104

code signing, 12, 63

CodeSigningKey class, 145

coding environments

BlackBerry, 125–126

Windows Mobile, 90–91

cold reboots in Windows Mobile, 83

com.palm buckets, 247

CommDD capability, 210

Commwarrior worm, 365

compilation

BlackBerry, 135

iPhone, 62

confidentiality in Bluetooth, 290, 292–293

configurations for JME, 153–157

Conglomco services, 69

connectability modes in Bluetooth, 284

connectable Bluetooth mode, 284

Connected Device Configuration (CDC), 154–155

Connected Limited Device Configuration (CLDC), 122, 153–155, 169–170

Connection Manager (CM) component, 118

ContactList JME class, 128

content protection in BlackBerry, 146–147

ContentProviders, 21, 35–36

conversion functions in Windows Mobile, 102

cookies

WebOS, 248

Windows Mobile, 102–103

copy-and-paste iPhone functionality, 50

Cordless Telephony Profile, 287

Core Data API, 50–51

Core data in iPhone, 68

Core Idioms (EUserHL), 188, 193, 197

CPF (CAB Provisioning File), 113

CPolicyServer class, 215

Create function, 87

CreateEvent function, 87

CreateFile method, 89

CreatePrivatePath method, 218

CreateSession method, 212, 216

cross-site request forgery (CSRF), 7, 266–269

cross-site scripting (XSS)

WAP and Mobile HTML, 260–263

WebOS, 237

Crypto API (CAPI), 117

cryptographic APIs, 147–148

cryptography. See encryption

CryptProtectData API, 117

CryptUnprotectData API, 117

CSI files, 138

CSRF (cross-site request forgery), 7, 266–269

CSRs (Certificate Signing Requests), 63

CSystemRandom class, 220

ctypes interop package, 104

Cydia installer

iPhone, 64

for unauthorized applications, 51, 53

D

D8 debugger, 235

Dalvik virtual machine, 18

Dangerous protection level, 25

Darwin CC Tools, 53

data access in JME, 178

data caging, 218

Data Execution Protection (DEP), 160

Data Protection Act, 341

Data Protection API (DPAPI) technology, 116–117

.data section in PE files, 99

data storage. See storage

data theft, 340

DATK (Device Automation Toolkit), 92

debugging

Android, 17–19

BlackBerry, 127–128

iPhone, 52

JME, 162–167

SymbianOS, 190

WebOS, 234–236

Windows Mobile, 94–96

DebugServer profile, 127

decompilation

iPhone, 52–56

JME, 162–163

Defcon presentation, 123

delete method, 37

deleteQuery method, 35

DEP (Data Execution Protection), 160

depots in WebOS, 248–249

descriptors in Symbian C++, 192–194

Desktop-Passthrough (DTPT) connection, 118

Developer edition of SymbianOS, 186

developer mode in WebOS, 232

developers

certificates, 110

malware mitigation, 369

development

Android, 17–19

BlackBerry, 125–134

JME, 157–175

SymbianOS, 186–191

WebOS, 231–236

Windows Mobile, 90–106

device architecture

BlackBerry, 124–125

SymbianOS, 183–185

Windows Mobile, 81–83

Device Automation Toolkit (DATK), 92

device drivers, insecure, 8

Device Emulator Manager (dvcemumanager .exe), 93

device emulators, 91–94

device identification in Bluetooth, 283

device mode in BlackBerry, 147

device proximity feature, 294

device security

enterprise security, 344–346

Windows Mobile policies, 113–114

device storage

BlackBerry, 146–148

SymbianOS, 185–186

Windows Mobile, 83

device theft of iPhone, 66

DeviceEmulator.exe, 93

Dial Up Networking Profile, 287

direct evaluation vulnerabilities, 238–240

disassembly

BlackBerry, 129–131

iPhone, 52–56

JME, 162–163

SymbianOS, 190–191

WebOS, 234–236

Windows Mobile, 97–100

Disassembly View in Visual Studio, 100

discoverability modes in Bluetooth, 284

disks

encryption, 350

secure data on, 3

distribution

BlackBerry, 132–134

iPhone applications, 62–63

JME, 170–175

SymbianOS, 200–206

WebOS, 246–247

Windows Mobile, 104–106

DJ Java Decompiler, 163

DLLs (dynamic link libraries), 84–85, 105

Document Object Model (DOM), 229

domains in JME, 176

Doombot worm, 367

DOS headers in Windows Mobile, 97–98

double-free bugs, 60–61

DPAPI (Data Protection API) technology, 116–117

Dr. Bolsen, 124, 129

Drewry, Will, 359

DTPT (Desktop-Passthrough) connection, 118

dvcemumanager.exe (Device Emulator Manager), 93

dynamic link libraries (DLLs), 84–85, 105

E

e-mail encryption, 350–351

E32Image format, 200

EABI (Embedded Application Binary Interface), 200

ECC (Elliptical Curve Cryptography), 146

ECDH (Elliptic Curve Diffie-Hellman), 289

Eclipse

BlackBerry, 126, 139

JME, 157

WebOS, 231–232

8.3 file format, 105

802.11 technologies

Bluetooth, 280

GPS geolocation, 333–334

Elliptic Curve Diffie-Hellman (ECDH), 289

Elliptical Curve Cryptography (ECC), 146

Embedded Application Binary Interface (EABI), 200

emulator certificates, 110

emulators

BlackBerry, 125

JME, 160–162

SymbianOS, 188–190

WebOS, 233–234

Windows Mobile, 91–94, 110

encryption

BlackBerry, 146–148

Bluetooth, 292–293, 296

enterprise security, 350–351

iPhone, 66

JME, 165, 179

SymbianOS, 220–221

WAP and Mobile HTML, 257–259

Windows Mobile, 107–108, 116–117

Encryption API, 188

end users

geolocation risks, 340–341

malware mitigation, 369–370

Enhanced Data Rate, 282

enterprise security, 344

application sandboxing, 352–354

application signing, 354–356

buffer overflow protection, 357–360

conclusion, 360–361

device security options, 344–346

encryption, 350–351

feature summary, 360

file permissions, 356–357

local storage, 347–348

policies, 348–350

Entitlements in iPhone, 69

entropy in iPhone, 70–71

escapeHTML function, 241, 243

ESOCK component, 210

EUserHL Core Idioms Library, 188, 193, 197

eval statement, 238–240

evalJSON method, 239–240

Executable Image capabilities, 209

Executable Image Format, 200–202

eXecute-in-Place (XiP) DLLs, 84–85

executeSQL method, 249

exploit mitigation in iPhone, 65

Export Table, 98

Express Signed category, 205

Extensible Messaging and Presence Protocol (XMPP) service, 250

EZPass systems, 340

F

fake firmware, 367

FasTrak systems, 340

file handles, 219

file headers, 97–98

File Transfer Profile, 287

FileConnection API, 144

FileOutputStream class, 39

files

Android, 38–39

BlackBerry, 144

encryption, 351

iPhone, 66–71

permissions, 356–357

SymbianOS, 218–219

WebOS, 249–250

Windows Mobile, 114–115

filters, IntentFilters, 28–29

Firebug browser extension, 381

firmware, fake, 367

fixed storage in SymbianOS, 185

FLAG_GRANT flags, 36

flash memory, 125

Flawfinder tool, 61

Flocker worm, 366

format string attacks, 58–59

FoxyProxy browser extension, 377–379

frameworks, SymbianOS, 184–185

free function, 60

Freeman, Jay, 63

frequency-hopping schemes, 294

FTP for iPhone, 72

full disk encryption, 350

fuzzing

Android, 45

frameworks, 387

SMS, 309

G

GameKit, 74–75

GAP (Generic Access Profile), 286

GCCE compiler, 195

gdb debugger, 52

general discoverable mode, 284

Generic Access Profile (GAP), 286

GeoCities website, 124

geolocation, 332

Android, 334–336

best practices, 341–342

Blackberry, 338–339

iPhone, 66, 336–337

methods, 332–334

risks, 339–341

SymbianOS, 337–338

Windows Mobile, 337

GET_TASKS permission, 45

getCallingPid method, 41–42

getCallingUid method, 41–42

getDir method, 38

getFilesDir method, 38

getFileStreamPath method, 38

Gizmo tool, 386

GKPeerPickerController class, 74

GKSession class, 74

GKVoiceChatService class, 74

Gowdiak, Adam, 168

GPS geolocation method, 333–334

GPSGetPosition API, 337

GPSOpenDevice API, 337

grantUriPermission method, 36

/GS protection, 102–103, 358

GUIDs for iPhone, 65

H

Hachoir tool, 388

HAL (Hardware Abstraction Layer)

SymbianOS, 184

Windows Mobile, 82

handles in SymbianOS, 217, 219

Hands-Free Profile, 287

hard resets, 83

Hardware Abstraction Layer (HAL)

SymbianOS, 184

Windows Mobile, 82

hardware layer

SymbianOS, 184

Windows Mobile, 81

hashes in Windows Mobile, 108

HCI (Host Controller Interface), 286

heap for iPhone, 65

HiperLAN standard, 280

hives, registry, 115

HKEY_CURRENT_USER (HKCU) hive, 115

HKEY_LOCAL_MACHINE (HKLM) hive, 115

HMAC verifier, 221–222

HomeRF specification, 281

Host Controller Interface (HCI), 286

host layers in Bluetooth, 286

HRESULTs, 101–102

HTML

innerHTML injection, 240–241

security. See Wireless Application Protocol (WAP) and Mobile HTML

HTML 5 Database objects, 249

HTTP

headers, 9

iPhone, 72

redirects, 270–271

Windows Mobile, 119

HTTPOnly flag, 274

HTTPS for iPhone, 72

HyperTerminal program, 327

I

IAT (Import Address Table), 98

id command, 19

IDA Pro tool, 99–100, 190–191

Identified Third Party protection domains, 176

identity checking in Android, 41

IDeviceEmulatorManager interface, 93

images

Executable Image Format, 200–202

Windows Mobile, 92

IMEI (International Mobile Equipment Identity) numbers, 205, 366

Import Address Table (IAT), 98

Import Table, 98

IMSI (International Mobile Subscriber Identity), 366

Industrial Science and Medical (ISM) band, 280

.INF (Information File), 106

Infojack code, 366

information disclosure, 5

Information File (.INF), 106

Infrared Data Association (IrDA)

Windows Mobile, 118

wireless communications, 280

infrared ports, 118

initWithFormat function, 59

injection

programmatic data, 240–246

SQL, 37, 264–266

innerHTML injection, 240–241

input validation, 10

insecure device drivers, 8

install warnings, 22

Installer program, 64

installing Android applications, 24

integer operations in Windows Mobile, 102

integer overflows

iPhone, 57–58

JME, 168

Symbian C++, 195

Windows Mobile, 101–103

Intent Fuzzer tool, 45–46, 375–376

Intent Sniffer tool, 45, 374–375

IntentFilters, 28–29

Intents, Android, 20

reflection, 37–38

uses, 27–29

International Mobile Equipment Identity (IMEI)

numbers, 205, 366

International Mobile Subscriber Identity (IMSI), 366

INTERNET permission, 23

interprocess communication (IPC)

Android, 20–21

SymbianOS, 211–217

IntSafe.h file, 101–102

intuitive URLs, 13–14

IOCollector class, 143

IPC (interprocess communication)

Android, 20–21

SymbianOS, 211–217

iPhone, 50

application format, 62–64

application sandboxing, 354

buffer overflow, 57, 359

conclusion, 77

development, 52–56

geolocation, 66, 336–337

history, 50–52

local storage, 66–71, 347–348

networking, 71–75

permissions and user controls, 64–66

policies, 349

push notifications, 75–76

security testing, 56–62

SMS, 325

iPhone Dev Team, 51

ipkg (Itsy Package Manager System), 246–247

IrDA (Infrared Data Association)

Windows Mobile, 118

wireless communications, 280

ISM (Industrial Science and Medical) band, 280

isolation of application, 5

issues overview, 2–9

Itsy Package Manager System (ipkg), 246–247

J

J2ME geolocation APIs, 338

jad (Java application decompiler), 163

JAD (Java Application Descriptor) files, 132, 171–173

jailbreaking in iPhone, 51, 64

JARs (Java archive files), 163

Java application decompiler (jad), 163

Java Application Descriptor (JAD) files, 132, 171–173

Java archive files (JARs), 163

Java Community Process (JCP), 152

Java Development Environment (JDE), 125

Java Mobile Edition (JME), 152

application packaging and distribution, 170–175

code security, 168–170

conclusion, 179

configurations, profiles, and JSRs, 153–157

development and security testing, 157–175

emulators, 160–162

permissions and user controls, 175–179

reverse engineering and debugging, 162–167

standards development, 152–153

Java native invocation (JNI), 124, 169

Java Runtime Environment (JRE), 173

Java Specification Requests (JSRs)

adding and removing, 161

CLDC, 169

MIDP, 171, 175

profiles and configurations, 153–154

standards, 152–156

Java Verified program, 173

Java virtual machines (JVMs), 124, 153

JavaScript Object Notation (JSON), 239–240

JCP (Java Community Process), 152

JD-GUI decompiler, 163, 235

JDE (Java Development Environment), 125

JME. See Java Mobile Edition (JME)

JNI (Java native invocation), 124, 169

JPG overflow, 326

JRE (Java Runtime Environment), 173

JSON (JavaScript Object Notation), 239–240

JSRs. See Java Specification Requests (JSRs)

Just Works association model, 289

JVMs (Java virtual machines), 124, 153

K

KDWP (KVM Debug Wire Protocol), 165

kernel architecture in Windows Mobile, 83–90

Kernel Layer, 82

kernel mode, 88–90

Kernel Object Manager (KOM), 87

kernel services layer in SymbianOS, 184

key pairs in Windows Mobile, 108

keyboards

and strong authentication, 3

WAP and Mobile HTML, 254–255

keychain-access-groups, 69

Keychain Access tool, 63

Keychain storage, 68–69, 347–348

keys

BlackBerry, 138, 146

Bluetooth, 295–296

JME, 173

registry, 115

SymbianOS, 220–221

Windows Mobile, 107–108

kill switch in iPhone, 63

Kilobyte Virtual Machine, 168

Kleer company, 280

KOM (Kernel Object Manager), 87

Kouznetsov, Pavel, 163

KVM Debug Wire Protocol (KDWP), 165

L

L2CAP (Logical Link Control and Adaptation Protocol), 286

Large Memory Area (LMA), 84–85

launch parameter script injection, 244–245

Lawler, Stephen, 129

LCleanedupXXX classes, 197–199

least privilege model, 11

leaves in Symbian C++, 195–199

libraries

DLLs, 84–85, 105

SymbianOS, 189

limited discoverable mode, 284

link time verification, 136

Linux for WebOS, 232–233

_LIT_SECURITY_POLICY macros, 211–212

Live HTTP Headers browser extension, 379–380

LMA (Large Memory Area), 84–85

LManagedXXX classes, 197–199

LoadLibrary function, 189

local data injection, 243–246

local data storage

BlackBerry, 143–148

enterprise security, 347–348

iPhone, 66–71

Windows Mobile, 114–117

Location Manager, 37

location privacy and security, 8

Location Services JSR, 175

location tracking in Bluetooth, 294

LocationManager service, 335

locking devices

BlackBerry, 142–143

Windows Mobile, 111–112

Logical Link Control and Adaptation Protocol (L2CAP), 286

Luna, 227–228

M

M2M (Mobile2Market) program, 109

MAC (Mandatory Access Controls), 64

malware, 6, 364

mitigating, 369–370

past, 364–367

threat scenarios, 367–368

WebOS, 246

managed code, 103

managedQuery method, 37

Mandatory Access Controls (MAC), 64

Manifest Explorer tool, 43, 372–373

manifest files, 133

manifest permissions in Android, 22–27

manual deployment in Windows Mobile, 106

Manufacturer capabilities in SymbianOS, 209

Manufacturer protection domains, 176

MapCallerPtr API, 85

MapPtrProcess API, 85

mass storage in Android, 40

master devices in Bluetooth, 282

master keys in Bluetooth, 296

MDS (Mobile Data System) component, 122–123

memory

BlackBerry, 124–125

iPhone, 57

Windows Mobile, 84–85

Memory Cleaner daemon, 146–147

Memory window in Windows Mobile, 95

MFA (multifactor authentication), 8–9

MicroSD, 3

Microsoft Device Emulator, 91–94

Microsoft Intermediate Language (MSIL), 103

MIDlet-Certificate-X-Y attribute, 172

MIDlet-Jar-RSA-SHA1 attribute, 172

MIDLet signatures in BlackBerry, 140–141

MIDlet suite, 145, 176

MIDlet-Touch-Support option, 172

MIDP (Mobile Information Device Profile), 122

JME, 153, 155–156

MIDP 2.1, 156

MIDP 3.0, 156

permission errors, 141–142

MIDP2 RecordStores, 145

Miller, Charlie, 325

MMS (Multimedia Messaging Service), 50, 300–301

notifications, 313–316

overview, 304–307

SMS, 317–318, 325–326

MMSC (Multimedia Messaging Service Server), 314–315

Mobile Application Manager (CeAppMgr.exe), 106

Mobile Data System (MDS) component, 122–123

Mobile HTML. See Wireless Application Protocol (WAP) and Mobile HTML

Mobile Information Device Profile (MIDP), 122

JME, 153, 155–156

MIDP 2.1, 156

MIDP 3.0, 156

permission errors, 141–142

Mobile Safari application, 55

Mobile Tools for Eclipse plug-in, 157

Mobile2Market (M2M) program, 109

Model-View-Controller (MVC), 230

modes of Bluetooth operation, 283–284

module layers in Bluetooth, 285

Mojo framework, 228–229

Motorola MotoDev site, 158

Motorola RAZR JPG overflow, 326

MSIL (Microsoft Intermediate Language), 103

Mulliner, Collin, 325

multifactor authentication (MFA), 8–9

Multimedia Messaging Service (MMS), 50, 300–301

notifications, 313–316

overview, 304–307

SMS, 317–318, 325–326

Multimedia Messaging Service Server (MMSC), 314–315

multiple-user support, 4

multiplication functions in Windows Mobile, 102

MVC (Model-View-Controller), 230

N

name-squatting, 34

native code in Windows Mobile, 101

NDAs (nondisclosure agreements), 52

Near Field Communication (NFC) mechanism, 289

.NET Compact Framework (.NET CF), 103

NetBeans for JME, 157–159, 165

NetBeans Mobility Pack, 157–158

Netscape Plugin API (NPAPI), 228

network monitors, 165–167

networking

BlackBerry, 148–149

Bluetooth, 282–283

iPhone, 71–75

JME, 178

penetration testing tools, 381–384

WebOS, 250

Windows Mobile, 117–119

NFC (Near Field Communication) mechanism, 289

No eXecute bit (NX Bit), 359

Nokia, 183

non-bondable Bluetooth mode, 284

non-connectable Bluetooth mode, 284

non-discoverable Bluetooth mode, 284

non-SSL logins, 273

nondisclosure agreements (NDAs), 52

Normal-level processes in Windows Mobile, 88

Normal M2M tier, 109

Normal privileges in Windows Mobile, 104, 106–107

Normal protection level in Android, 25

notifications

iPhone, 75–76

MMS, 313–316

voicemail, 308

NPAPI (Netscape Plugin API), 228

NSInteger class, 58

NSLog class, 59

NSPasteBoard API, 50

NSStream class, 73–74

NSStreamSocketSecurityLevel class, 74

NSString class, 56–59

NSURLConnection function, 72–73

NSURLDownload function, 72

NSURLProtocol class, 72

Numeric Comparison association model, 289

NX Bit (No eXecute bit), 359

O

OAL (OEM Abstraction Layer), 81–82

obfuscation in JME, 164–165

Object Store, 83

Objective-C

buffer overflows, 357, 359

iPhone, 51–54, 56–61

objects in Windows Mobile, 86–88

OEM Abstraction Layer (OAL), 81–82

OEM edition of SymbianOS, 186

on-device debugging, 190

onServiceConnected method, 35

onTransact method, 40–41

OOB (out-of-band) association model, 289–290

opcodes in Java, 162

Open function in Windows Mobile, 87

Open Handset Alliance, 16

open platforms, 16

open redirects, 270–271

Open Signed Offline category, 205

Open Signed Online category, 205

Open Web Application Security Project (OWASP), 260

OpenC language, 199–200

openDatabase method, 249

openFileInput method, 38

openFileOutput method, 38

operating systems security, 4

Operator protection domains, 176

Optional headers in Windows Mobile, 98

optional JSRs, 153, 175

optional packages in JME, 156–157

OS architecture for BlackBerry, 124–125

OS services layer for SymbianOS, 184

OS X and iPhone, 51

OS X Terminal, 54

OTA. See Over-The-Air (OTA)

otool, 52–53, 55

otx tool, 55

out-of-band (OOB) association model, 289–290

Over-The-Air (OTA)

BlackBerry browser installation, 132–133

MIDP, 175

settings attacks, 318–321

SMS deployment, 106

overflows

BlackBerry, 131

enterprise security, 357–360

iPhone, 57–58

JME, 168

Motorola RAZR JPG, 326

Symbian C++, 195

Windows Mobile, 101–103

OWASP (Open Web Application Security Project), 260

P

P2P (Peer to Peer) networks, 74–75

Package Play tool, 44, 373–374

package UIDs (pUIDs), 202

packaging

Android, 36

BlackBerry, 132–134

iPhone, 62

JME, 170–175

SymbianOS, 200–206

WebOS, 246–247

Windows Mobile, 104–106

pairability/bondability modes, 284

pairing Bluetooth, 288–290

Palm Bus, 228–229

Palm Devices, 247

Palm Inspector, 235–236

Palm Pre, 226

PAN Profile, 287

parameterized queries

SQLite, 67

WebOS, 249

Parcelable interface, 40

Passkey Entry association model, 290

passthrough networking, 117

Password Keeper application, 143

passwords

BlackBerry, 142–143, 146–147

iPhones, 68

and keyboards, 3, 254–255

root, 3

signatures, 173–174

SQL Server, 116

storing, 11

pasteboards, 76

patching issues, 6

PBAP (Phone Book Access Profile), 287

Pbstealer worm, 367

PC-based deployment in Windows Mobile, 106

PCRE (Perl Compatible Regular Expression) library, 325

PDA-style phones, 254

PDUs (protocol data units), 303, 324, 327–329

PE (Portable Executable) format, 97–99

Peach fuzzing framework, 387

Peer to Peer (P2P) networks, 74–75

PendingIntent class, 37–38

penetration testing, 372

attack tools and utilities, 372–376

browser extensions, 377–381

fuzzing frameworks, 387

general utilities, 388–389

networking tools, 381–384

web application tools, 384–386

Perl Compatible Regular Expression (PCRE) library, 325

permissions, 11

Android, 22–27

BlackBerry, 134–143

files, 356–357

iPhone, 64–66

JME, 161–162, 175–179

SymbianOS, 207–210

WebOS, 247–250

Windows Mobile, 106–114

persistence

pasteboard, 76

SymbianOS data, 217–222

persistent object handles in BlackBerry, 124

PersistentObject interface, 143

PersistentStore class, 145

personal identification numbers. See PINs (personal identification numbers)

personal information manager (PIM) data, 134

PGP (Pretty Good Privacy), 351

phishing

overview, 7

WAP and Mobile HTML, 272

Phone Book Access Profile (PBAP), 287

physical security, 2–3

piconets, 282–283

PIDs (process identifiers), 41

PIM (personal information manager) data, 134

PINs (personal identification numbers)

BlackBerry, 123, 138

Bluetooth, 296

enterprises, 345

Numeric Comparison association model, 289

WAP and Mobile HTML, 255–257

Windows Mobile, 111–112, 116

P.I.P.S. layer, 199–200

Platform Builder, 91

plug-ins in WebOS, 228

policies

enterprise security, 348–350

Windows Mobile, 110–114

polling servers, 122

Portable Executable (PE) format, 97–99

pre-verification in JME, 170

preferences in Android, 38–39

Pretty Good Privacy (PGP), 351

preverify.exe tool, 126

private pasteboards, 76

Privileged M2M tier, 109

privileges in Windows Mobile, 88, 104, 106–107

process identifiers (PIDs), 41

processes

SymbianOS capabilities, 209–210

Windows CE, 85–86

Professional edition of SymbianOS, 186

profilers in JME, 166–168

profiles

BlackBerry, 127–128

Bluetooth, 286–287

JME, 153–157

programmatic data injection, 240–241

programmatic file system access, 144–145

programming practices, secure, 10

ProGuard obfuscator, 164, 170

ProPolice protector, 359

protection levels in Android, 25

protocol attacks, 308–324

protocol data unit (PDUs), 303, 324, 327–329

prototype templates, 243

public keys

BlackBerry, 137–138, 145–146

Windows Mobile, 107–108

pUIDs (package UIDs), 202

push technology

BlackBerry, 122

iPhone notifications, 75–76

Wap, 310–313

pushScene method, 246

pySimReader tool, 376

Python S60 library, 188

PythonCE language, 103–104

Q

query method, 37

R

radio operation and frequency in Bluetooth, 281–282

random access memory (RAM) in Windows Mobile, 83–84

random keys in SymbianOS, 220–221

random number generators

Bluetooth, 296

iPhone, 70–71

ransomware, 368

RArray class, 194

RAZR JPG overflow, 326

RBB (RIM BlackBerry Apps API), 135

RChunk class, 217

RCR (RIM Cryptographic Runtime), 135, 139

.rdata section in PE files, 99

READ_CONTACTS permission, 23–24

read-only memory (ROM)

SymbianOS, 185

Windows Mobile, 83–84

readStrongBinder method, 42

reboots in Windows Mobile, 83

RECEIVE_SMS permission, 33

receiving Broadcast Intents, 32–33

Record Management Store (RMS), 179

record stores in JME, 179

Redbrowser worm, 365

redirects, HTTP, 270–271

reflection

BlackBerry, 124

intent, 37–38

registry for Windows Mobile, 114–115

relative virtual addresses (RVAs), 97

Remote File Viewer (RFV), 95–96

Remote Heap Walker (RHW), 96

remote procedure call (RPC) interface, 228

Remote Registry Editor (RRE), 96

Remote Spy, 96

Remote Tools package, 95

remote wipe, 346

removable media protections, 147

removable storage, 185–186

requestUpdates method, 336

Research In Motion (RIM), 122

Restricted capabilities in SymbianOS, 208

reverse engineering

iPhone, 55–56

JME, 162–167

Remote Spy, 96

SymbianOS, 190–191

Windows Mobile, 97, 99–100

revokeUriPermission method, 36

revoking applications, 110

RFV (Remote File Viewer), 95–96

RHandleBase class, 217

RHW (Remote Heap Walker), 96

RIM (Research In Motion), 122

RIM BlackBerry Apps API (RBB), 135

RIM Controlled APIs, 134–140

RIM Cryptographic Runtime (RCR), 135, 139

RIM Runtime API (RRT), 135

RIM Signature tool, 126, 139

RIM simulator, 126–127

RIMlets, 122

RMS (Record Management Store), 179

RNG (random number generator) strength, 296

ROM (read-only memory)

SymbianOS, 185

Windows Mobile, 83–84

RPC (remote procedure call) interface, 228

RPointerArray class, 194

RPositioner class, 338

RPositionServer class, 338

RRE (Remote Registry Editor), 96

RRT (RIM Runtime API), 135

RSessionBase class, 212

RSqlDatabase class, 219–220

RSqlSecurityPolicy class, 219

.rsrc section in PE files, 99

run time verification, 137

running applications in Windows Mobile, 110–111

RuntimeStore class, 145

RVAs (relative virtual addresses), 97

S

S60 framework, 183

Safari browser, 325

safe browsing environments, 4

Samsung Mobile Innovator, 157

sandboxing

application, 352–354

iPhone, 65

Sanity-check pasteboard, 76

satellite signals for GPS geolocation, 333–334

Scapy tool, 384

scatternets, 282

scenes in WebOS, 230–231, 245–246

SChannel (Secure Channel), 119

SCM (Service Configuration Manager), 86

script injection, 237–238

SDKs. See software development kits (SDKs)

SDL (secure development life cycle), 369

SDP (Service Discovery Protocol), 286

seatbelts in iPhone, 65

SecItemAdd function, 68–69

SecItemCopyMatching function, 68

SecItemUpdate function, 68

SecRandomCopyBytes API, 70

sections in Windows Mobile, 98

Secure Channel (SChannel), 119

secure data storage, 3

secure development life cycle (SDL) processes, 369

SECURE flag, 274

Secure IDs, 210–212

secure programming practices, 10

Secure Simple Pairing, 288–290

Secure Sockets Layer (SSL), 6–7, 10

Blackberry, 148

e-mail, 351

iPhone, 70

WAP and Mobile HTML, 257–259

Windows Mobile, 119

secure URLs, 13–14

Security Configuration Manager PowerToy, 113

Security Configuration Manager tool, 105

security levels in Windows Mobile, 118

security models in Android, 21–22

security modes in Bluetooth, 293–294

security policies in Windows Mobile, 110–114

Security Support Provider (SSP), 119

Security Support Provider Interface (SSPI)

functions, 119

security testing

BlackBerry, 125–134

iPhone, 56–62

JME, 157–175

SymbianOS, 186–191

WebOS, 231–236

Windows Mobile, 90–106

Security Warrior, 97

SecurityException class, 26, 177

sendBroadcast method, 32

sending Broadcast Intents, 33

SendReceive method, 212

sensitive information storage, 11

Serial Port Profile, 286–287

Service Configuration Manager (SCM), 86

Service Discovery Protocol (SDP), 286

Service Indication (SI), 310–311

Service Loading (SL), 310–313

service providers, geolocation risks to, 341

service requests in WebOS, 246

service security levels in Bluetooth, 292

services

Android, 21, 34–35

WebOS, 228

Windows Mobile, 86

session fixation, 272–273

sessionIDs in iPhone, 74–75

setAllowsAnyHTTPSCertificate function, 72

setComponent method, 31, 38

SetKMode function, 88–89

setPermissions method, 39

SetProcPermissions API, 85

SetSessionToPath method, 218

_setup.xml file, 104–106

shared handles, 217

shared Keychain storage, 69

shared master keys, 296

shared sessions, 216–217

ShareProtected method, 219

Short Message Service (SMS), 300

application-level attacks, 324–326

battery-draining attacks, 316–317

conclusion, 329–330

MMS notification, 313–316

Multimedia Messaging Service, 304–307

OTA settings attacks, 318–321

overview, 301–304

PDUs, 327–329

protocol attacks, 308–324

silent billing attacks, 318

short message service center (SMSC), 301

SI (Service Indication), 310–311

Signature Tool, 138–139

SignatureOrSystem protection level, 25

signatures

Android, 25

applications, 354–356

BlackBerry, 137–138, 140–141

code, 12

JME, 172–174

SymbianOS, 203–206

Windows Mobile, 105, 107–110

silent billing attacks, SMS, 318

simulators for BlackBerry, 126–127

SIS files, 202–204

Skulls worm, 367

Skyhook Wireless, 333–334

SL (Service Loading), 310–313

slot-based memory architecture, 84

Smartphones, 182–183

SMIL (Synchronized Multimedia Integration Language), 326

SMS. See Short Message Service (SMS)

SMS.Python.Flocker worm, 366

SMSC (short message service center), 301

software development kits (SDKs)

Android, 17

iPhone, 52

SymbianOS, 187–188

Windows Mobile, 90–91

Sony Ericsson Developer World site, 158

sprintf function, 101

spyware, 6

SQL injection

Android, 37

WAP and Mobile HTML, 264–266

SQLCipher, 68

SQLite database, 67–68

SRAM for BlackBerry, 124–125

SSL. See Secure Sockets Layer (SSL)

SSP (Security Support Provider), 119

SSPI (Security Support Provider Interface)

functions, 119

stack

Bluetooth, 285–286

iPhone, 65

Stack Cookie protection, 102–103

StackMap, 170

StageAssistant, 244

stages in WebOS, 230–231

standards

Bluetooth, 278–279

JME, 152–153

standby time in SMS, 316

startActivity method, 31–32

static analysis tools, 61–62

sticky broadcasts, 33–34

stolen Windows Mobile devices, 116

storage

Android, 40

BlackBerry, 143–148

enterprise security, 347–348

iPhone, 66–71

issues, 3

SymbianOS, 185–186, 217–222

WebOS, 247–250

Windows Mobile, 83, 114–117

strcat function, 57, 101

strcpy function, 57, 61, 101

stream ciphers, 296

stringByAppendingFormat function, 59–60

stringWithFormat function, 59

strncat function, 101

strncpy function, 101

strong authentication, 3

StrSafe.h file, 101

structured storage

BlackBerry, 145

SymbianOS, 219–220

Windows Mobile, 116

subtraction functions in Windows Mobile, 102

Sulley fuzzing framework, 387

Sun Mobile Development Network, 157

SWInstall process, 206

Symbian C++, 191–192

arrays, 194

descriptors, 192–194

integer overflows, 195

leaves and traps, 195–199

Symbian Foundation, 183

Symbian Signed process, 204–205

SymbianOS, 182

application packaging, 200–206

code security, 191–200

conclusion, 223–224

debugging, 190

development and security testing, 186–191

emulators, 188–190

Executable Image Format, 200–202

geolocation, 337–338

introduction, 182–186

malware, 367

OpenC, 199–200

permissions and user controls, 207–210

persistent data storage, 217–222

SDKs, 187–188

shared handles, 217

shared sessions, 216–217

signatures, 203–206

symbolic names in JME, 164

Synchronized Multimedia Integration Language (SMIL), 326

system calls in Windows Mobile, 89–90

System capabilities in SymbianOS, 207

system developers for Android, 17

SysTRK device agent, 190

T

T-Mobile, 51

talk time in SMS, 316

TamperData browser extension, 379

tcpdump tool, 382–384

TDesC class, 192–193

template injection, 242–243

terminal programs, 327

.text section, PE files, 99

texting. See Short Message Service (SMS)

theft

geolocation risks, 340

iPhone, 66

Windows Mobile devices, 116

threads

SymbianOS, 210

Windows Mobile, 86

threats

Bluetooth, 294–295

models, 13

scenarios, 367–368

thunks, 89

TLS (Transport Layer Security), 10

BlackBerry, 148

e-mail, 351

WAP and Mobile HTML, 257–259

tower triangulation geolocation method, 332–333

TPosition class, 338

TPositionInfo class, 338

transact method, 40–42

TransferToClient method, 219

Transport Layer Security (TLS), 10

BlackBerry, 148

e-mail, 351

WAP and Mobile HTML, 257–259

TRAP macro, 195–196

TRAPD macro, 195–196

traps in Symbian C++, 195–199

Trojan.Redbrowser.A worm, 365

Trojans, 6, 367–368

trust levels in Bluetooth, 291

TrustedBSD framework, 65

TSecurityPolicy class, 212

U

Ubuntu virtual machines, 18

UDHs (User Data Headers), 303–304

UDP packets, 317

UI System Manager, 227

UIDs (user identifiers)

Android, 19, 21, 41

SymbianOS, 202

UIPasteboard class, 76

UIPasteboardNameFind pasteboard, 76

UIPasteboardNameGeneral pasteboard, 76

Ultra-Wideband (UWB), 281

unauthorized applications with Cydia, 51

_UNICODE macro, 192

Unidentified Third Party protection domain, 176

Uniform Resource Identifiers (URIs), 36

unsigned code for iPhone, 51, 64

update injection, 240–241

update method

Android, 37

WebOS, 241

updateQuery method, 35

updating

issues, 6

process, 12

URIs (Uniform Resource Identifiers), 36

URL Loading API, 72–73

URLs, 13–14

User Agent Switcher browser extension, 377

User Application Layer, 83

user applications for SymbianOS, 184–185

user capabilities for SymbianOS, 207

user controls

BlackBerry, 134–143

iPhone, 64–66

JME, 175–179

SymbianOS, 207–210

WebOS, 247–250

Windows Mobile, 106–114

User Data Headers (UDHs), 303–304

user identifiers (UIDs)

Android, 19, 21, 41

SymbianOS, 202

USER key in Windows Mobile, 117

user mode in Windows Mobile, 88–90

UWB (Ultra-Wideband), 281

V

V8 JavaScript engine, 227–228

validation

input, 10

SymbianOS, 206

VBinDiff tool, 388–389

Vendor IDs in SymbianOS, 210–212

vendors, malware mitigation by, 369

verifier devices for Bluetooth, 291

VeriSign certificates, 140

VFAT file system, 218

viewing PE Files, 99

views in WebOS, 230–231

Virtual Memory Manager (VMM), 85

VirtualAlloc function, 189

viruses, 6. See malware Visual Studio

and Microsoft SDKs, 90–91

Windows Mobile, 94–95, 100

VMM (Virtual Memory Manager), 85

voicemail notifications, 308

vulnerabilities

Bluetooth, 295–297

WebOS, 238–240

W

WAE (Wireless Application Environment), 306

WAP. See Wireless Application Protocol (WAP) and Mobile HTML

WAP Binary XML (WBXML) binary format converting XML to, 329

SMS, 311

WAP gateway (WAP gap), 259

wap_provisioning format, 104

WAP Push, 310–313

warm reboots in Windows Mobile, 83

WASC (Web Application Security Consortium), 260

Watch window in Windows Mobile, 95

Watson, Robert, 65

WBXML (WAP Binary XML) binary format converting XML to, 329

SMS, 311

wbxml2xml.exe tool, 329

WDP (Wireless Datagram Protocol), 306

Web Application Security Consortium (WASC), 260

web application tools for penetration testing, 384–386

Web Developer extension, 380

Web Loader for BlackBerry, 134

WebKit, 248

WebOS, 226

application packaging, 246–247

architecture, 227–229

code security, 237–247

conclusion, 250

debugging and disassembly, 234–236

development and security testing, 231–236

direct evaluation vulnerabilities, 238–240

emulators, 233–234

introduction, 226–227

local data injection, 243–246

networking, 250

permissions and user controls, 247–250

programmatic data injection, 240–241

script injection, 237–238

stages and scenes, assistants and views, 230–231

template injection, 242–243

WebScarab network proxy, 384–386

Wi-Fi support, 323

widgets, 231

WinCE malware, 366

Windows CE platform, 80–81, 84–86

Windows Mobile, 80

application packaging and distribution, 104–106

application sandboxing, 354

Authenticode, signatures, and certificates, 107–110

buffer overflow, 358

code security, 100–104

coding environments and SDKs, 90–91

conclusion, 119–120

debugging, 94–96

development and security testing, 90–106

device emulators, 91–94

device security policies, 113–114

disassembly, 97–100

files, 114–115

geolocation, 337

introduction, 80–83

kernel architecture, 83–90

local data storage, 114–117

locking devices, 111–112

networking, 117–119

permissions and user controls, 106–115

policies, 110–114, 349

Windows Mobile MMS, 325–326

Windows Mobile SDK, 110

WINE emulator, 125

WinSock, 118

wipe, remote, 346

Wireless Application Environment (WAE), 306

Wireless Application Protocol (WAP) and Mobile HTML, 252

application attacks, 260–273

authentication, 254–257

basics, 253–254

browser weaknesses, 273–275

conclusion, 275

cross-site request forgery, 266–269

cross-site scripting, 260–263

encryption, 257–259

HTTP redirects, 270–271

limitations, 275

non-SSL logins, 273

phishing, 272

session fixation, 272–273

SMS, 306–307

SQL injection, 264–266

WAP 1.0, 258–259

WAP 2.0, 259

Wireless Datagram Protocol (WDP), 306

Wireless Markup Language (WML), 252–253, 258, 306

Wireless Session Protocol (WSP), 306

Wireless Transport Layer Security (WTLS)

BlackBerry, 148–149

WAP and Mobile HTML, 258

Wireshark tool, 381–382

WML (Wireless Markup Language), 252–253, 258, 306

wmlbrowser, 265, 377

worms, 6, 365–368

writeStrongBinder method, 42

WSP (Wireless Session Protocol), 306

WTLS (Wireless Transport Layer Security)

BlackBerry, 148–149

WAP and Mobile HTML, 258

X

Xcode, 52, 61–62

XiP (eXecute-in-Place) DLLs, 84–85

XML

converting to WBXML, 329

manifest files, 133

Windows Mobile, 104–105

xml2wbxml.exe tool, 329

XmlHTTPRequest class, 250

XMPP (Extensible Messaging and Presence Protocol) service, 250

XSS (cross-site scripting)

WAP and Mobile HTML, 260–263

WebOS, 237

Y

Yarrow Pseudo-Random Number Generator, 70

Yxes.A worm, 366–367

Z

Zbikowski, Mark, 97

Zero Day Initiative (ZDI), 326

ZigBee technology, 280

Zygote system, 41

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.73.142