Time
30 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
the everyone is Canada Hill Master Instructor Ovary Cy Berry. In this video, we're gonna talk about mobile security.
00:06
So just a quick pre assessment question here when you beat up an android device, the device is gonna go through a process that we call the secure boot chain. Is that true or false?
00:16
All right, so that one's actually false. Ah, the secure putain chain is a specific term that you'll hear with IOS devices. Just the way that apple has things set up. We'll talk about that a little bit.
00:27
So the U. S architecture itself This is a good image of that. And I grabbed that from tech Utopia. Uh, we've got our cocoa touch, which is our user interface or you II framework.
00:38
Um, and that's for developing software at So, for example, if you have played a game on your phone or, you know, use like YouTube or something like that on your phone as faras the app, that's what we're talking about there that's at that level. Media Service's. Most of you could probably guess that is gonna be things like the audio video, the graphics,
00:55
but also the airplay or, you know, over the air,
00:59
as some people call it
01:00
core service is these are going to be your foundational thing. So if you've got any type of background in I t related stuff, it all you'll you'll probably able to surmise that course surfaces would be things like the networking, the file access address, book, that sort of stuff. And then we've got our core operating system,
01:17
which provides the operating system functionality. So things like the power management,
01:21
the file systems, all those good things, and then we've got the actual physical hardware of her iPhone itself.
01:29
So the Iowa security architecture you could go to Apple and look it. There's there's literally, ah, whole bunch of stuff. But for the most part it boils down to these six different areas here. So that's your boot, which we kind of mention their secure boot process, the hardware security
01:46
code signing Sam boxing, encryption data protection and exploit mitigations. Now many of these kind of tie into each other that kind of wrapped up into one.
01:53
We'll talk about each one of those.
01:57
So the secure boot chain a CZ we mentioned. So what Apple does this have got the apple routes figured authority or C A. And basically every phase in this boot process is going to be signed by Apple saying yes, this is you know, this is part of the chain of trust. We trust this. We trust this. We trust this
02:15
and we're good to go right. And that that kind of protects you. Isn't as an Iowa's user or other Apple device user
02:23
that
02:23
we, you know, we can have a good, reasonable expectation that every single time we bring up our phone that we don't have any nefarious AB straining. That's not 100% security. But it's one of those things that differentiates Apple devices versus android devices or other manufacturer devices. Other operating systems out there
02:43
is that Apple Devices uses secure, secure boot chain.
02:46
They used the certificate authority, signing of the code and everything like that. So that way, hopefully we have a relatively secure boot process, and we can trust it as it boots up that we're not going to be having our data stolen
03:00
now again, there's many, many ways around that, but that's outside of the scope of this particular course.
03:07
So our IOS hardware security we're using a yes, 256 bit encryption or the advanced encryption standard for those that don't know what that stands for. And then what? That's basically included on every single eye device on Dhe. Then they also have two things called the group ideas. Well, it's a unique I d values.
03:24
Uh, so the group I d. Key is basically used to prevent modification to the firmware files themselves.
03:30
Eso outside of the user's private data data under the unique ideas are created actually, during the manufacturing process, their unique to every single different device.
03:40
Now, one thing ah attacker might attempt to do is use what's called J tag eso joint test Action group is what that stands for on basically the hardware mechanism that that's used for debugging s. So you're essentially connecting and better devices on, you know, to to ah, embedded devices on the circuit board
04:00
on in the whole *** the whole context there of trying to debug it and get information from it.
04:06
However, the D I g in the u idea, essentially allowing us to, uh,
04:13
I don't want to prevent, but, you know, for lack of better words, prevent against that top of attack just basically means that the keys are not recoverable. Now again, as technology evolves, there's always somebody that proves that type of stuff wrong. When we say, Oh, you can't recover this
04:28
somebody figures out a way to do so, So just keep that in mind that right now
04:32
that's the whole design process of the Iowa's architecture. However, that does not prevent someone from right now being able to do that. There's probably somebody out there that can they can probably recover using J tag and then also, you know what? That's not the case, Somebody in the future being able to recover through that method as well.
04:51
So I was sand boxing. This is pretty self explanatory. If you're familiar with this term, stand boxing at all. If you're not familiar with Dad, just think of it in this context. Here, let's say you've gone to like a testing center for maybe college or or something like that. We've got a proctor test, or even at your workplace, right? You're in a cubicle,
05:09
you know. You got somebody else in the cubicle next door and then somebody else, another cubicle or whatever.
05:14
I know that some companies still using cubicles. Other companies not But the whole concept here is that in my cubicle or my sandbox, I'm allowed to do certain things. And, you know, in your cubicle right next door, your sandbox, you're allowed to do certain things. And the overarching thing there is that whatever I'm doing doesn't affect you, right?
05:32
We can play with that a little bit. Most part that's the whole goal of sandboxes is if I'm an application with salmon application and I execute, you don't want whatever I'm doing over there to allow me to get privilege escalation and then go into your sandbox and do whatever I want in your in your cubicle. Your sandbox. Right.
05:51
So that's the whole concept there of a sandbox. We want to isolate the applications.
05:55
So that way, if you actually you know, if you accidentally or purposely downloaded malicious tap on your phone,
06:01
it's gonna run in the sandbox and hopefully won't affect any other applications at all. Just be isolated to that particular application. You deleted your you reboot your phone and everything's well in the world. But the reality is a lot of gaps will ask for, you know camera access or access to your contacts or access to, you know, whatever it is. And
06:19
if they've got access to those things and you download a malicious app, it's going to still have access to those things
06:25
to just keep that in mind.
06:29
Next, we're gonna talk about the android architecture.
06:32
So with the android architecture, this is actually a great graphic by the way to talk about it. So we got things like the linens, Colonel, we've got our Hal layer right above that. With that, we've got the android run Time s o the art
06:46
on. And then we've got our native see in c++ libraries. We stack on top of that are actual AP framework. And then our system maps, right? So the things like
06:54
calendar or camera email, you know, the things that us users actually interact with.
07:01
So just a quick post assessment question here.
07:03
Sarah's presenting to the company's executive team on the android framework,
07:09
so she understands it all. The following our components
07:13
off the enduring architecture, except which one of these. And this is a pretty easy question.
07:19
If you guess Coco touched that last option there. Answer. D You are correct. So if you remember Coco Touches actually from Apple the way I kind of remember the apple stuff is I always think of it this kind of fancy here, right? So I think of, like, cocoa touch like it sounds like some, you know, cool restaurant like high end restaurant. Or,
07:38
you know, like maybe some cool kind of like, you know, spot or massage type of place.
07:42
So that's kind of how I remember those types of things. You remember it your own way. But just know that the correct answer in this case is Coco Touch, because that's IOS.

Up Next

Mobile Security Fundamentals

In Mobile Security Fundamentals, Ken Underhill discusses IOS security architecture and goes into depth about code signing, sandbox, and exploit mitigations. In addition to recognizing & scanning vulnerabilities, secure boot chain is explained through tools such as Wondershare & Kingo.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor