6 KiB
SEC-8: Mobile Device Security
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.8 Mobile device security
What You Need To Know
Mobile devices are easy to lose, easy to steal, and often already signed in to email, files, password resets, cloud storage, and work apps.
The exam wants you to know how to protect:
- The device
- The data on the device
- The user account connected to the device
- The company network if the phone is used for work
Memory Trick
Use L-E-A-S-H:
- Lock the screen
- Encrypt the device
- Apply updates and app controls
- Secure with MDM/BYOD policy
- Have backup, location, and remote wipe ready
Shortcut:
- Lost phone = lock, locate, backup, wipe if needed.
Screen Locks
Common unlock methods:
- PIN
- Password
- Pattern
- Fingerprint
- Face recognition
- Swipe
Exam priority:
- A plain swipe is weak because it does not really authenticate the user.
- PIN, password, fingerprint, and face unlock are stronger choices.
- Biometrics are convenient, but the device still needs a PIN/password fallback.
Failed login controls:
- Devices can delay login attempts after repeated failures.
- Some environments can erase or wipe the device after too many failed attempts.
- This protects stolen devices from repeated guessing attempts.
Encryption
Full device encryption protects stored data if the device is lost or stolen.
What to remember:
- Modern iOS devices use strong built-in encryption when a passcode is configured.
- Modern Android devices commonly support file-based or full-device encryption.
- Encryption is strongest when paired with a real lock method, not swipe-only access.
Exam clue:
- If the question says the phone was stolen and contains sensitive data, think encryption and remote wipe.
MDM and Configuration Profiles
Mobile Device Management, or MDM, lets an organization centrally manage phones and tablets.
Common MDM actions:
- Require a passcode
- Require encryption
- Push Wi-Fi, VPN, or email settings
- Install or restrict apps
- Block camera, copy/paste, or cloud sync in some environments
- Enforce OS update requirements
- Locate, lock, or wipe a managed device
Common tools and terms:
- Microsoft Intune
- Apple Configurator
- Apple configuration profiles
- Android Enterprise
BYOD means Bring Your Own Device.
BYOD policy questions usually care about:
- Who owns the device
- What company data is allowed
- Whether the company can wipe only work data or the entire device
- Minimum OS version
- Screen lock requirements
- What happens when employment ends
Updates and Patching
Mobile updates include:
- Operating system updates
- Security patches
- App updates
Why they matter:
- Updates fix vulnerabilities.
- App updates can fix security bugs in messaging, browsers, email, banking, and work apps.
Exam clue:
- If the question says a device is missing critical security fixes, update the OS or app.
Anti-Malware
iOS:
- More closed app ecosystem.
- Apps are more isolated.
- Traditional antivirus is less common.
Android:
- More open ecosystem.
- Third-party app sources increase risk.
- Anti-malware tools are more common, especially in business environments.
Best protection:
- Use official app stores.
- Keep the OS updated.
- Avoid sideloading unknown apps.
- Use MDM controls when the device handles company data.
Content Filtering
Content filtering limits access to unsafe or inappropriate content.
Examples:
- Web filtering
- App restrictions
- Parental controls
- Enterprise browsing controls
Exam clue:
- If the goal is to block categories of websites or unsafe browsing, think content filtering.
Locator, Remote Lock, Remote Wipe, and Backup
Locator services:
- Help find a lost device.
- Examples: Find My on iPhone, Find My Device on Android.
Remote lock:
- Locks the phone so someone else cannot use it.
Remote message or sound:
- Helps recover a misplaced phone.
Remote wipe:
- Erases data when the device is unlikely to be recovered.
- Use carefully because it removes data from the device.
Remote backup:
- Stores device data in cloud backup.
- Makes replacement and recovery easier.
Exam order for a lost phone:
- Locate or lock if recovery is likely.
- Confirm backup status if possible.
- Wipe if data risk is high or recovery is unlikely.
Mobile Firewalls
Mobile firewall apps are less common than desktop firewalls.
On mobile devices, network control is often handled by:
- MDM
- VPN apps
- Per-app network rules
- Enterprise security suites
Exam clue:
- If the question says only approved apps should access company data or network resources, think MDM, VPN, or app access control.
Commands To Enter
This objective is mostly settings-based, so there are not many normal command-line tools for a locked-down phone. Use these commands only to open account/device-security pages from a computer browser.
Windows:
start https://account.microsoft.com/devices
What it does:
- Opens the Microsoft devices page for the signed-in account in your default browser.
- Use it only to inspect registered devices.
start https://myaccount.google.com/security
What it does:
- Opens the Google account security page.
- Use it to inspect signed-in devices, security alerts, and recovery options.
macOS:
open https://appleid.apple.com
What it does:
- Opens the Apple ID account page in the default browser.
- Use it to review trusted devices and account security settings.
Linux:
xdg-open https://myaccount.google.com/security
What it does:
- Opens the Google account security page in the default browser.
- Use it to inspect account security if the command is available on your Linux system.
Do not erase, wipe, unenroll, reset, or remove a device from an account during this section.
Quick Checks
You should be able to answer:
- What protects mobile data at rest?
- What is weak about swipe-only unlock?
- What does MDM enforce?
- Why does BYOD need a policy?
- When would remote wipe be appropriate?
- Why are OS and app updates security controls?
- Why is Android anti-malware more common than iOS anti-malware?