Attack Vectors of a Smart Phone
Video Summary:
Today I thought I would go over a quick list of the ways in which a phone can become compromised. There are a number of ways that this can happen (many of which are highly specific and not likely for the average user), and this is far from an exhaustive list, but to summarize things:
Social Engineering: This is when somebody tricks a user into installing malicious code on their device (probably hidden within an app, email, or the like).
Exploits: This is when somebody exploits a vulnerability within the OS or an app to install malicious software or perform other malicious activities. This is most likely occurring within the web browser, but has occurred within a number of various services (such as messaging apps).
Updates: It is possible that a malicious update is pushed to a phone, and though the phone would assume the update is legitimate, the update would actually contain malicious code. This could be performed by: spoofing cryptographic signatures, by illegitimate access to the update service, by a malicious actor miss-using legitimate access to the update service, and through a fake phone tower.
Hardware: In addition to software, it is possible that there is a vulnerability within hardware that can compromise a device. This can be through accidental vulnerabilities or maliciously design back doors.
Physical Manipulation: If somebody can get ahold of a device, in addition to the above vulnerabilities, anything that is not encrypted can be read regardless of whether there is a password on the device or not. Additionally, there is always the risk of physical surveillance and the like.
$5 Wrench Attack: When all else fails, the five dollar wrench attack is always there.
If you are interested, you can watch the video version below for a bit more in depth overview.
Similar Videos:
Hardware Wallet Breakdown
PC Breakdown
Additionally, I am experimenting with uploading to 3Speak as well. You can click the link below to watch on 3Speak as well:
Watch This Video on 3Speak