2.7 – Mobile Device Security - Mobile Device Security

Questions and Answers

What is the primary security benefit of using full disk encryption on a mobile device?

• It prevents unauthorized access to data if the device is physically compromised. (correct)
• It speeds up the device's performance by optimizing storage.
• It remotely tracks the device's location using GPS.
• It automatically backs up data to the cloud.

Why is updating mobile devices with the latest patches important for security?

• Patches include security fixes that protect against new vulnerabilities. (correct)
• Patches reduce the amount of data mobile devices use.
• Updates provide faster device performance and new features only.
• Updates allow older devices to connect to newer networks.

How does the closed environment of Apple's iOS contribute to its security?

• It allows users to install apps from any source without restrictions.
• It centralizes control, making it harder for malware to be installed. (correct)
• It makes it easier for attackers to find and exploit vulnerabilities.
• It automatically runs all apps in full administrative mode.

What is a potential risk associated with the open nature of the Android operating system?

Users can inadvertently install malware from unofficial sources. (D)

What is the primary purpose of a Mobile Device Manager (MDM) in an enterprise environment?

To enforce security policies and manage access to corporate resources. (B)

How does automatic data backup enhance the security and usability of mobile devices?

It allows for the immediate restoration of data on a new or reset device. (A)

Why is it generally uncommon to find a pre-installed firewall on mobile devices?

Mobile apps rarely require inbound network connections. (C)

What security measure is typically implemented on mobile devices after multiple failed login attempts?

The device may lock itself and/or erase data. (C)

What is the purpose of a locator application on a mobile device?

To locate the device if it is lost or stolen. (B)

What security challenge is introduced when employees use their own devices (BYOD) for work purposes?

Balancing personal privacy with corporate data security becomes complex. (C)

Which of the following is a common method for unlocking a mobile device screen?

Facial recognition (C)

What is the significance of application sandboxing on mobile devices?

It isolates applications to prevent them from accessing unauthorized data or resources. (A)

Why might an organization choose to implement policies that restrict camera usage on mobile devices within the office?

To prevent unauthorized photography or video recording of sensitive information. (D)

What is a potential security risk associated with IoT devices?

They may have vulnerabilities that can be exploited to access the network. (C)

What is a common security practice for mitigating risks associated with IoT devices on a network?

Segmenting IoT devices onto a separate network segment with limited access. (B)

How can a system administrator ensure data security when an employee leaves an organization and has corporate data on their personal mobile device?

By setting up a partition that separates company data, allowing for its removal without affecting personal data. (C)

What is the purpose of requiring screen locks and PINs on mobile devices, as enforced by a system administrator?

To prevent unauthorized access to the device and its data. (B)

Which of these options is a preventative measure against malware on mobile devices?

Installing applications from official app stores only. (B)

What action can be taken if a mobile device is lost and cannot be retrieved?

Remotely erase the device to protect sensitive data. (C)

What is the potential impact of failing to secure IoT devices on a network?

Compromised devices can be used as entry points for broader network attacks. (D)

If an Android phone locks itself and prompts for Google credentials after multiple failed attempts, what is the likely outcome if the correct credentials are not provided?

The phone will be reset to factory settings, erasing all data. (B)

What is the primary advantage of using a fingerprint scanner over a PIN or password for mobile device authentication?

Fingerprint scanners provide a unique biometric identifier that is harder to replicate. (C)

Which of the following is NOT a typical feature of a mobile device locator application?

Remotely brewing a cup of coffee. (B)

What is the purpose of segmenting IoT devices onto their own isolated network?

To prevent a compromised IoT device from affecting other systems on the network. (D)

Why are antivirus solutions important for mobile devices despite the sandboxing environment?

Sandboxing reduces the attack surface, antivirus solutions adds a layer of defense and threat detection. (C)

Flashcards

Mobile Device Screen Lock

A security measure on mobile devices that restricts unauthorized access, using methods like facial recognition, PINs, fingerprints, or swipe patterns.

Mobile Device Locator Application

A feature that uses GPS to locate a lost or misplaced mobile device, often allowing remote actions like playing a sound, displaying a message, or erasing data.

Mobile Device OS Updates

The process of ensuring that your phone and tablet operating systems have the latest security patches and enhancements.

Mobile Device Full Disk Encryption

The encryption of all data on a mobile device to prevent unauthorized access, integrated into iOS and Android.

Automatic Mobile Device Backup

Automatic and continuous backup of data on a mobile device to the cloud, using wireless and mobile networks.

Application Sandboxing

A way to run applications in a restricted environment, limiting their access to data and resources on a mobile device.

Mobile Antivirus/Anti-Malware

Software used to detect and remove malicious software from mobile devices.

Mobile Device Firewall

Typically not included by default, but may be available in app stores, primarily on Android.

Mobile Device Manager (MDM)

A system used to enforce security policies on mobile devices, especially in enterprise environments.

Bring Your Own Device (BYOD)

An environment where employees use their personal devices for work purposes, posing security challenges.

Internet of Things (IoT)

Sensors, heating/cooling systems, lighting and other home automation features connected to a network.

Study Notes

• Mobile devices often use screen locks to prevent unauthorized access to information.
• Screen lock options can include facial recognition, PINs, fingerprint scanning, and swipe patterns.
• Failed access attempts trigger security measures like data wiping or device lockout.
• iOS devices erase after 10 failed attempts, while Android devices lock and prompt for Google credentials, potentially wiping data if incorrect credentials are provided.
• Locator applications use built-in GPS to help find lost devices, with options to play a sound, get directions, display a message, or remotely erase the device.

Mobile Device Updates and Encryption

• Keep mobile devices updated with the latest security patches and OS enhancements.
• Most mobile devices have automatic updates enabled by default.
• Full disk encryption protects data on mobile devices.
• iOS uses passcode-based encryption, while Android has integrated full device encryption, often enabled by default.
• Backing up mobile device data is crucial due to the ease of damage or loss.
• Mobile operating systems often provide automatic data backups to the cloud via wireless and mobile networks.
• Lost or damaged devices can be replaced, and data can be restored from the cloud backup.

Security Threats and Protections

• Attackers target mobile devices for personal data through malware and vulnerabilities.
• iOS's closed environment makes it harder for malware to be installed.
• Android's open nature allows app installations from various sources, increasing the risk of Trojan Horses.
• Applications run in sandboxes, limiting their access to device data and resources.
• Antivirus and anti-malware options are available for both iOS and Android.
• Mobile devices primarily initiate outbound data flows, reducing the default need for a firewall.
• Firewalls are not standard on mobile devices, but some are available, mainly for Android, with limited widespread use.

Enterprise Mobile Security

• Mobile Device Managers (MDMs) control data access within enterprise environments.
• MDMs manage both company-owned and employee-owned (BYOD) devices through security policies.
• MDMs address challenges of securing devices with both personal and corporate data.
• MDM policies manage app types, data storage locations, and resource availability based on location.
• System administrators may restrict features like cameras based on location (e.g., disabling in the office).
• Data separation via partitioning allows administrators to remove company data while preserving personal data upon employee departure.
• Policies can enforce screen locks and PIN requirements for device access.

Internet of Things (IoT) Security

• IoT devices connect more devices to networks at home and work.
• IoT examples include smart sensors for heating/cooling, networked lighting, and home automation features like doorbells and garage door controls.
• Wearable devices and sensors in building systems also fall under IoT.
• IoT devices from various manufacturers may have different functionalities and potential vulnerabilities.
• Segmenting IoT devices onto a separate network segment with restricted access can enhance security and limit the impact of potential breaches.
• Companies specializing in IoT devices may lack IT security expertise, necessitating security measures like network segmentation.