iOS Hardening Configuration Guide - DSD
iOS Hardening Configuration Guide - DSD
iOS Hardening Configuration Guide - DSD
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chappter<br />
Onne<br />
Introoductioon<br />
to Mobile M DDevice<br />
e Secur rity Arcchitecture<br />
Mobile devices faace<br />
the sam me securitty<br />
challenges<br />
as traditional<br />
deskktop<br />
comp puters,<br />
but theeir<br />
mobility means the ey are alsoo<br />
exposed to a set of risks quitee<br />
different to t<br />
those oof<br />
a compuuter<br />
in a fix xed locationn.<br />
This chapter<br />
providdes<br />
the plan nning stepss<br />
and archite ecture cons siderations nnecessary<br />
to t set<br />
up a seecure<br />
enviroonment<br />
for mobile m devicces.<br />
Much of o the conte ent in this chhapter<br />
is pla atform<br />
agnostic,<br />
but somee<br />
detail is written w to speecific<br />
featur res available e in <strong>iOS</strong> 4. Not all of th hese<br />
options discussed will be exer rcised in all environme ents. Agenc cies need too<br />
take into account a<br />
their owwn<br />
environmment<br />
and co onsider theirr<br />
acceptable e level of re esidual risk.<br />
Assummptions<br />
This chapter<br />
makees<br />
some bas sic assumpttions<br />
as to the t pervasiv ve threat ennvironment:<br />
�<br />
�<br />
�<br />
�<br />
�<br />
1 Althoug<br />
at some po<br />
all radiated<br />
all convent<br />
channel 1 oint, there will w be no neetwork<br />
connection<br />
present;<br />
communication<br />
from tthe<br />
device has h the pote ential to be monitored;<br />
ional locatio on, voice annd<br />
SMS/MM MS commun nications aree<br />
on an inse ecure<br />
;<br />
certain infraastructure<br />
supporting s mmobile<br />
devic ces can be trusted; andd<br />
carrier infraastructure<br />
cannot<br />
alwayys<br />
be truste ed as secure<br />
in all counntries.<br />
gh GSM for eexample<br />
is encrypted e on some carrie er networks, it is not encry rypted on all, and<br />
some off<br />
the GSM enncryption<br />
algorithms<br />
suchh<br />
as A5/1 on 2G networks<br />
are vulneraable<br />
to attack k with<br />
rainbow tables. Withh<br />
moderate re esources, it is<br />
also feasib ble to execute<br />
a MITM atttack<br />
against GSM<br />
voice annd<br />
have the MMITM<br />
tell clie ent devices too<br />
drop any GSM G encryption.<br />
6 | Defence S ignals<br />
Directo<br />
rate