DEV Community

Cover image for Role of Mobile Forensics in dealing with Mobile Threats.
Prasan Singh
Prasan Singh

Posted on

Role of Mobile Forensics in dealing with Mobile Threats.

Mobile devices such as smartphones and tablets have become an integral part of modern first world life. There are literally billions of active mobile devices. Each device typically contains a large amount of sensitive data about the user, as well as individuals and organizations with which the user interacts. They also act as endpoints that are typically authenticated and authorized to access a wide variety of secured systems. And most mobile devices are connected to the public internet a significant amount of the time. Mobile devices are small mobile computing devices. Each is comprised of a combination of hardware and software. Each is potentially susceptible to compromise by many different means. Various threats associated with mobile devices are listed below:

  1. Data Leakage.
  2. Mobile apps are often the cause of unintentional data leakage.
  3. Unsecured Wi-Fi.
  4. Network Spoofing.
  5. Phishing Phishing and social engineering attacks.
  6. Broken Cryptography.
  7. Improper Session Handling.
  8. Poor cyber hygiene, including weak passwords and improper or no use of multifactor authentication (MFA)
  9. Poor technical controls, such as improper session handling, out-of-date devices and operating systems, and cryptographic controls

Perhaps the most difficult threat to defend against is the user. Users can be turned into unwilling accomplices of an adversary through many types of social engineering, or they can simply make a mistake in configuring or using the device. Either way, the technical security controls can often be defeated by the user being induced to do the wrong thing through error, trickery, coercion, or ill intent. Once this occurs, the systems to which they have access, such as their employer, can be at risk, as well as their own sensitive data.

Screenshot (397)

Mobile devices can be attacked via web browser, email clients, instant messaging systems, and through compromised or malicious apps. Once compromised, an adversary may compromise the confidentiality, integrity, or availability of the data on the device, or may use the device as a way to do the same on systems to which the mobile device is connected

A compromised mobile device may also be used as a resource by an adversary. They may, for example, use it to send spam email or unsolicited text messages. They might use it to mine cryptocurrency. Or they might use it to artificially increase the number of clicks on advertising to fraudulently gains ad revenue.
ipconfig-help

A mobile device that is lost may contain data that has not been properly backed up elsewhere, resulting in loss of that data. This may result in economic loss as well as non-monetary consequences. If that data is subject to unauthorized access by an adversary, there may be additional consequences ranging from economic to legal to reputational.

As noted in the text Forensic science: An introduction (Saferstein, 2016), and presented on YouTube (Hinkson, 2019), digital forensic investigation of a mobile device can provide evidence that can be used to determine the temporal order of events as well as a causal chain of cause and effect. By gathering evidence, we can help determine the facts, and may be able to determine who is responsible as well as how and why the crime occurred. By gathering the evidence, we can help in determining the facts of innocence or guilt of a suspect, and/or by performing post-compromise analysis, we may be able to determine how an adversary compromised the security of a device and help improve security controls in the future.

Hack This Fall 2.0

Hack This Fall is an Online Hackathon powered by MLH. It is taking place shortly, you can join this Hackathon by the following link: https://hackthisfall.devpost.com/ and Use code HTFHE030 while registering for it. Don't let an awesome opportunity go!
Alt Text

Discussion (0)