284
Hacking Exposed: Mobile Security Secrets & Solutions
▼ Q QR codes, 237 queries, 150, 225
▼ R RACH (Random Access Channel), 29 radio networks, 22, 23 radio traffic, 26, 37 radios, 7 RageAgainstTheCage exploit, 122 Random Access Channel (RACH), 29 ransomware, 140 R-APDU (response), 239, 240 Redbrowser, 120 redirection URIs, 158–161 redirects, 163 Redsn0w app, 54–57 reflection-based attacks, 228–229 relay attacks, 249–253 remote jailbreak, 57–59 Remote Lock feature, 209 remote shell, 89 Remote Wipe feature, 209 replay attacks, 165, 250, 254–255 resource owner, 156 resource owner password credentials grant type, 160 resource server, 156 reverse engineering Android apps, 203–204 iOS apps, 204–207 RFID tags, 86 Rhino JavaScript Bridges, 184–187 Rhode & Schwartz (R&S), 37 “rickrolling,” 145 risk model, 4–17, 7 risks. See also threats app, 11–17 BYOD phenomenon, 17 external data storage, 110–112 fragmentation, 12–14 identifying, 212–213 improper spec implementation, 16 insecure code, 17
jailbroken phones, 215 mobile disk management, 17 on-device storage, 15–16, 223–226 physical, 9–10 sensitive data leakage, 14–15, 109–118 service, 10–11 weak authentication, 16 rogue base station attacks, 35–39 rogue femtocell attacks, 39–43 rogue mobile devices, 34–35 Roland, Michael, 250 rollback journals, 109 root exploits, 89–91, 179 Rosenberg, Dan, 15, 117 R&S (Rhode & Schwartz), 37 RTP streams, 43 Rubin, Joshua, 243 runtime environment integrity, 220
▼ S SACCH (Slow Associated Control Channel), 31 Safari browser, 63, 65, 74 salt, 246 SAML (Security Assertion Markup Language), 163–169 SAML assertion, 164 SAML threat model, 164–165 Samsung, 216 Samsung devices, 14, 91, 172 Samsung Exynos kernel exploit, 244 sandboxing Android, 14–15 iOS platform, 51, 52, 63–64 Mozilla Rhino and, 186 SANS Top 25 bug list, 149 SAXParser class, 154 Schwenk, Jörg, 166 scope, 162 screen cache, 231 screenshots, 231 script kiddies, 213, 214. See also hackers SD cards considerations, 86, 117 data leakage, 110, 111