Contents
Acknowledgments
Introduction
Part I Mobile Platforms
Chapter 1 Top Mobile Issues and Development Strategies
Top Issues Facing Mobile Devices
Physical Security
Secure Data Storage (on Disk)
Strong Authentication with Poor Keyboards
Multiple-User Support with Security
Safe Browsing Environment
Secure Operating Systems
Application Isolation
Information Disclosure
Virus, Worms, Trojans, Spyware, and Malware
Difficult Patching/Update Process
Strict Use and Enforcement of SSL
Phishing
Cross-Site Request Forgery (CSRF)
Location Privacy/Security
Insecure Device Drivers
Multifactor Authentication
Tips for Secure Mobile Application Development
Leverage TLS/SSL
Follow Secure Programming Practices
Validate Input
Leverage the Permissions Model Used by the OS
Use the Least Privilege Model for System Access
Store Sensitive Information Properly
Sign the Application’s Code
Figure Out a Secure and Strong Update Process
Understand the Mobile Browser’s Security Strengths and Limitations
Zero Out the Nonthreats
Use Secure/Intuitive Mobile URLs
Conclusion
Chapter 2 Android Security
Development and Debugging on Android
Android’s Securable IPC Mechanisms
Activities
Broadcasts
Services
ContentProviders
Binder
Android’s Security Model
Android Permissions Review
Creating New Manifest Permissions
Intents
Intent Review
IntentFilters
Activities
Broadcasts
Receiving Broadcast Intents
Safely Sending Broadcast Intents
Sticky Broadcasts
Services
ContentProviders
Avoiding SQL Injection
Intent Reflection
Files and Preferences
Mass Storage
Binder Interfaces
Security by Caller Permission or Identity Checking
Binder Reference Security
Android Security Tools
Manifest Explorer
Package Play
Intent Sniffer
Intent Fuzzer
Conclusion
Chapter 3 The Apple iPhone
History
The iPhone and OS X
Breaking Out, Breaking In
iPhone SDK
Future
Development
Decompilation and Disassembly
Preventing Reverse-Engineering
Security Testing
Buffer Overflows
Integer Overflows
Format String Attacks
Double-Frees
Static Analysis
Application Format
Build and Packaging
Distribution: The Apple Store
Code Signing
Executing Unsigned Code
Permissions and User Controls
Sandboxing
Exploit Mitigation
Permissions
Local Data Storage: Files, Permissions, and Encryption
SQLite Storage
iPhone Keychain Storage
Shared Keychain Storage
Adding Certificates to the Certificate Store
Acquiring Entropy
Networking
The URL Loading API
NSStreams
Peer to Peer (P2P)
Push Notifications, Copy/Paste, and Other IPC
Push Notifications
UIPasteboard
Conclusion
Chapter 4 Windows Mobile Security
Introduction to the Platform
Relation to Windows CE
Device Architecture
Device Storage
Kernel Architecture
Memory Layout
Windows CE Processes
Services
Objects
Kernel Mode and User Mode
Development and Security Testing
Coding Environments and SDKs
Emulator
Debugging
Disassembly
Code Security
Application Packaging and Distribution
Permissions and User Controls
Privileged and Normal Mode
Authenticode, Signatures, and Certificates
Public Key Cryptography
Running Applications
Locking Devices
Managing Device Security Policy
Local Data Storage
Files and Permissions
Stolen Device Protections
Structured Storage
Encrypted and Device Secured Storage
Networking
Connection Manager
WinSock
IrDA
Bluetooth
HTTP and SSL
Conclusion
Chapter 5 BlackBerry Security
Introduction to Platform
BlackBerry Enterprise Server (BES)
BlackBerry Internet Service (BIS)
Device and OS Architecture
Development and Security Testing
Coding Environment
Simulator
Debugging
Disassembly
Code Security
Application Packaging and Distribution
Permissions and User Controls
RIM Controlled APIs
Carrier and MIDLet Signatures
Handling Permission Errors in MIDP Applications
Locking Devices
Managing Application Permissions
Local Data Storage
Files and Permissions
Programmatic File System Access
Structured Storage
Encrypted and Device Secured Storage
Networking
Device Firewall
SSL and WTLS
Conclusion
Chapter 6 Java Mobile Edition Security
Standards Development
Configurations, Profiles, and JSRs
Configurations
Profiles
Optional Packages
Development and Security Testing
Configuring a Development Environment and Installing New Platforms
Emulator
Emulator and Data Execution Protection
Reverse Engineering and Debugging
Hiding Cryptographic Secrets
Code Security
Application Packaging and Distribution
Permissions and User Controls
Data Access
Conclusion
Chapter 7 SymbianOS Security
Introduction to the Platform
Device Architecture
Device Storage
Development and Security Testing
Development Environment
Software Development Kits
Emulator
Debugging
IDA Pro
Code Security
Symbian C++
P.I.P.S and OpenC
Application Packaging
Executable Image Format
Installation Packages
Signatures
Symbian Signed
Installation
Permissions and User Controls
Capabilities Overview
Executable Image Capabilities
Process Capabilities
Capabilities Between Processes
Interprocess Communication
Client/Server Sessions
Shared Sessions
Shared Handles
Persistent Data Storage
File Storage
Structured Storage
Encrypted Storage
Conclusion
Chapter 8 WebOS Security
Introduction to the Platform
WebOS System Architecture
Model-View-Controller
Stages and Scenes, Assistants and Views
Development and Security Testing
Developer Mode
Accessing Linux
Emulator
Debugging and Disassembly
Code Security
Script Injection
Direct Evaluation
Programmatic Data Injection
Avoiding innerHTML and update() Injections
Template Injection
Local Data Injection
Application Packaging
Permissions and User Controls
Storage
Networking
Conclusion
Part II Mobile Services
Chapter 9 WAP and Mobile HTML Security
WAP and Mobile HTML Basics
Authentication on WAP/Mobile HTML Sites
Encryption
WAP 1.0
SSL and WAP 2.0
Application Attacks on Mobile HTML Sites
Cross-Site Scripting
SQL Injection
Cross-Site Request Forgery
HTTP Redirects
Phishing
Session Fixation
Non-SSL Login
WAP and Mobile Browser Weaknesses
Lack of HTTPOnly Flag Support
Lack of SECURE Flag Support
Handling Browser Cache
WAP Limitations
Conclusion
Chapter 10 Bluetooth Security
Overview of the Technology
History and Standards
Common Uses
Alternatives
Future
Bluetooth Technical Architecture
Radio Operation and Frequency
Bluetooth Network Topology
Device Identification
Modes of Operation
Bluetooth Stack
Bluetooth Profiles
Bluetooth Security Features
Pairing
Traditional Security Services in Bluetooth
Security “Non-Features”
Threats to Bluetooth Devices and Networks
Bluetooth Vulnerabilities
Bluetooth Versions Prior to v1.2
Bluetooth Versions Prior to v2.1
All Versions
Recommendations
Chapter 11 SMS Security
Overview of Short Message Service
Overview of Multimedia Messaging Service
Wireless Application Protocol (WAP)
Protocol Attacks
Abusing Legitimate Functionality
Attacking Protocol Implementations
Application Attacks
iPhone Safari
Windows Mobile MMS
Motorola RAZR JPG Overflow
Walkthroughs
Sending PDUs
Converting XML to WBXML
Conclusion
Chapter 12 Mobile Geolocation
Geolocation Methods
Tower Triangulation
GPS
802.11
Geolocation Implementation
Android
iPhone
Windows Mobile
Geolocation Implementation
Symbian
BlackBerry
Risks of Geolocation Services
Risks to the End User
Risks to Service Providers
Geolocation Best Practices
Chapter 13 Enterprise Security on the Mobile OS
Device Security Options
PIN
Remote Wipe
Secure Local Storage
Apple iPhone and Keychain
Security Policy Enforcement
Encryption
Full Disk Encryption
E-mail Encryption
File Encryption
Application Sandboxing, Signing, and Permissions
Application Sandboxing
Application Signing
Permissions
Buffer Overflow Protection
Windows Mobile
iPhone
Android
BlackBerry
Security Feature Summary
Conclusion
Part III Appendixes
Appendix A Mobile Malware
A Tour of Important Past Malware
Cabir
Commwarrior
Beselo.B
Trojan.Redbrowser.A
WinCE/Brador.a
WinCE/Infojack
SMS.Python.Flocker
Yxes.A
Others
Threat Scenarios
Fake Firmware
Classic Trojans
Worms
Ransomware
Mitigating Mobile Malware Mayhem
For End Users
For Developers and Platform Vendors
Appendix B Mobile Security Penetration Testing Tools
Mobile Platform Attack Tools and Utilities
Manifest Explorer
Package Play
Intent Sniffer
Intent Fuzzer
pySimReader
Browser Extensions
WMLBrowser
User Agent Switcher
FoxyProxy
TamperData
Live HTTP Headers
Web Developer
Firebug
Networking Tools
Wireshark
Tcpdump
Scapy
Web Application Tools
WebScarab
Gizmo
Fuzzing Frameworks
Peach
Sulley
General Utilities
Hachoir
VBinDiff
Index
