Explore chapters and articles related to this topic
Attacking Smartphone Security and Privacy
Published in Georgios Kambourakis, Asaf Shabtai, Constantinos Kolias, Dimitrios Damopoulos, Intrusion Detection and Prevention for Mobile Ecosystems, 2017
Vincent F. Taylor, Ivan Martinovic
Smartphones can also be attacked using their built-in ports. Of all the physical ports on a device, the standard USB port is most commonly used. The attack to be launched at a device over USB depends on the USB mode that the device is in. Common USB modes include mass storage, media device, tethering, fastboot, and ADB. Devices running iOS were shown to be vulnerable to arbitrary app installation over USB [49]. Android devices that have USB debugging enabled have the ADB daemon running on the device. The ADB daemon allows the running of commands with special system privileges. Using ADB, an attacker can bypass some of the security features of the operating system. It is important to note, however, that the majority of Android devices will not have ADB enabled by default (since it is a feature mostly used by developers) and later (≥4.2.2) Android devices have key-based authentication of desktops. However, vulnerabilities found in Android 4.2.2–4.4.2 allowed attackers to bypass ADB authentication [63]. An interesting avenue for attacking a locked ADB-enabled device is to obtain access to a desktop that is already permitted to connect to the device, and using ADB to execute commands on the device via a terminal on that desktop. It is expected that only few devices will be vulnerable to attacks using ADB; however, the attractiveness of this approach is increased when considering the power gained from attacking a device that is ADB-accessible.
Pathways to Cybersecurity Awareness and Protection Behaviors in South Korea
Published in Journal of Computer Information Systems, 2023
Claire Seungeun Lee, Dongsim Kim
Cybersecurity behavior is defined in this survey as the extent of action taken to protect Wireless LAN (WLAN) and mobile devices. Respondents answered yes (1) or no (0) to four statements regarding WLAN: (1) Do not use unidentified wireless LAN (Wi-Fi) by a provider; (2) Avoid using sensitive services with Wi-Fi without password (Internet banking, payment service, etc.); (3) Do not set the function to automatically connect to the Wi-Fi; and (4) Setting a password when using tethering/personal hotspot via 3 G/4 G with your own smartphone. Examples of protection behavior for WLAN in this section of the questionnaire include providers not using WLAN nor secure services with password-protected WLAN.