From 6583c88f56dc3794bfc1690f7fcc5431f3ce7d8e Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Mon, 25 Jul 2022 09:02:26 -0400 Subject: [PATCH 01/16] added reference for APP-3 --- _includes/references.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_includes/references.md b/_includes/references.md index 1fbafac..f1c54ce 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -558,3 +558,4 @@ [^307]: Security Research Labs, _New SIM attacks de-mystified, protection tools now available_, blog; https://srlabs.de/bites/sim_attacks_demystified/ [accessed 12/03/2019] [^308]: Wikipedia, _Side-channel attack_; https://en.wikipedia.org/wiki/Side-channel_attack [accessed 12/09/2019] +[^309]: S. Fahl, "Web & Mobile Security Knowledge Area", The Cyber Security Body of Knowledge, white paper; Jul. 2021, https://www.cybok.org/media/downloads/Web_Mobile_Security_v1.0.1.pdf [accessed 7/25/22] From 888645d811b5f6ec94fd5ad33a367effdb3d089c Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Mon, 25 Jul 2022 09:02:59 -0400 Subject: [PATCH 02/16] added space before reference 309 --- _includes/references.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_includes/references.md b/_includes/references.md index f1c54ce..ef00a0f 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -558,4 +558,5 @@ [^307]: Security Research Labs, _New SIM attacks de-mystified, protection tools now available_, blog; https://srlabs.de/bites/sim_attacks_demystified/ [accessed 12/03/2019] [^308]: Wikipedia, _Side-channel attack_; https://en.wikipedia.org/wiki/Side-channel_attack [accessed 12/09/2019] + [^309]: S. Fahl, "Web & Mobile Security Knowledge Area", The Cyber Security Body of Knowledge, white paper; Jul. 2021, https://www.cybok.org/media/downloads/Web_Mobile_Security_v1.0.1.pdf [accessed 7/25/22] From c71f898b577339502f773dce80230fa88da0fe1e Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Tue, 26 Jul 2022 09:03:07 -0400 Subject: [PATCH 03/16] Updated link for APP-14 [^70] --- _includes/references.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/_includes/references.md b/_includes/references.md index ef00a0f..8cf6f7d 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -129,7 +129,7 @@ [^69]: "[Vulnerability Identifier]: LOOK-11-001, blog, 1 Feb. 2011; https://blog.lookout.com/look-11-001/ [accessed 8/25/2016]" -[^70]: A. Donenfeld, Stumping the Mobile Chipset, presented at DEFCON 24, 7 Aug. 2016; https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf [accessed 8/25/2016] +[^70]: A. Donenfeld, Stumping the Mobile Chipset, presented at DEFCON 24, 7 Aug. 2016; https://kipdf.com/stumping-the-mobile-chipset_5afc4b768ead0ed8128b4574.html [accessed 7/26/2022] [^71]: A. Brandt, "Android Towelroot Exploit Used to Deliver Dogspectus Ransomware", blog, 25 Apr. 2016; www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware [accessed 8/25/2016] @@ -558,5 +558,3 @@ [^307]: Security Research Labs, _New SIM attacks de-mystified, protection tools now available_, blog; https://srlabs.de/bites/sim_attacks_demystified/ [accessed 12/03/2019] [^308]: Wikipedia, _Side-channel attack_; https://en.wikipedia.org/wiki/Side-channel_attack [accessed 12/09/2019] - -[^309]: S. Fahl, "Web & Mobile Security Knowledge Area", The Cyber Security Body of Knowledge, white paper; Jul. 2021, https://www.cybok.org/media/downloads/Web_Mobile_Security_v1.0.1.pdf [accessed 7/25/22] From e41e1dfdfc9796eda8319c16e3b6f647c626d41e Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Tue, 26 Jul 2022 09:49:06 -0400 Subject: [PATCH 04/16] Updated working link in [^71], for APP-5 --- _includes/references.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/references.md b/_includes/references.md index 8cf6f7d..3e08f39 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -131,7 +131,7 @@ [^70]: A. Donenfeld, Stumping the Mobile Chipset, presented at DEFCON 24, 7 Aug. 2016; https://kipdf.com/stumping-the-mobile-chipset_5afc4b768ead0ed8128b4574.html [accessed 7/26/2022] -[^71]: A. Brandt, "Android Towelroot Exploit Used to Deliver Dogspectus Ransomware", blog, 25 Apr. 2016; www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware [accessed 8/25/2016] +[^71]: A. Brandt, Towelroot and Leaked Hacking Team Exploits Used to Deliver “Dogspectus” Ransomware to Android Devices, blog, 26 Apr. 2016; https://www.outlookseries.com/A0977/Security/3695_Towelroot_Leaked_Hacking_Team_Exploits_Dogspectus_Ransomware_Android_Devices.htm [accessed 7/26/2022] [^72]: JailbreakMe; https://jailbreakme.qoid.us [accessed 8/25/2016] From 89b6a7c7a6e235dbc2f9bf7a092844f788c654d1 Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Thu, 28 Jul 2022 09:02:11 -0400 Subject: [PATCH 05/16] #319: PAY-5 [^250] link changed --- _includes/references.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/references.md b/_includes/references.md index 3e08f39..30116df 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -469,7 +469,7 @@ [^243]: S. Skorobogatov, "The bumpy road towards iPhone 5c NAND mirroring," University of Cambridge Computer Laboratory, Cambridge, MA, 2016 -[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; http://simalliance.org/wp-content/uploads/2015/03/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 10/24/2016] +[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; https://www.fintechfutures.com/files/2014/04/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 7/27/2022] [^251]: Host Card Emulation (HCE) 101, white paper MNFCC-14002, Smart Card Alliance Mobile & NFC Council, 2014; http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf [accessed 10/24/2016] From a08d6cc625843efdc1a07812a59c007ee2faa384 Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Thu, 28 Jul 2022 09:03:46 -0400 Subject: [PATCH 06/16] #320: PHY-3 [^146] link changed --- _includes/references.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/references.md b/_includes/references.md index 30116df..e7dbbd6 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -279,7 +279,7 @@ [^145]: M. Brignall, "Sim-Swap Fraud Claims Another Mobile Banking Victim", The Guardian, 16 Apr. 2016; www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters [accessed 8/25/2016] -[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; http://get.skycure.com/hubfs/Reports/BYOD_and_Mobile_Security_Report_2016.pdf [accessed 8/25/2016] +[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; https://docs.broadcom.com/doc/byod-and-mobile-security-en [accessed 7/28/22] [^147]: V. Blue, "Researchers Show How to Hack an iPhone in 60 Seconds", ZDNet, 31 July 2013; www.zdnet.com/article/researchers-reveal-how-to-hack-an-iphone-in-60-seconds/ [accessed 8/25/2016] From 25da262a042eb227b70154f11bf23966f0bda05f Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Thu, 28 Jul 2022 09:13:16 -0400 Subject: [PATCH 07/16] #321: PHY-2 and STA-42 [^143] [^144] link changed --- _includes/references.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_includes/references.md b/_includes/references.md index e7dbbd6..62adb2f 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -273,9 +273,9 @@ [^142]: J.F. Miller, "Supply Chain Attack Framework and Attack Patterns", tech. report, MITRE, Dec. 2013; www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf -[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365. +[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf [accessed 7/28/2022] -[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://media.blackhat.com/bh-dc-11/Stavrou-Wang/BlackHat_DC_2011_Stavrou_Zhaohui_USB_exploits-Slides.pdf [accessed 8/25/2016] +[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf [accessed 7/28/2022] [^145]: M. Brignall, "Sim-Swap Fraud Claims Another Mobile Banking Victim", The Guardian, 16 Apr. 2016; www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters [accessed 8/25/2016] From f9876620eea038b309c66b96ab29baebefa2556e Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Thu, 28 Jul 2022 09:15:49 -0400 Subject: [PATCH 08/16] #322: ECO-0 [^193] link changed --- _includes/references.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/references.md b/_includes/references.md index 62adb2f..97bf430 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -367,7 +367,7 @@ [^192]: C. Xiao, "BackStab: Mobile Backup Data Under Attack from Malware", paloalto, 7 Dec. 2015; http://researchcenter.paloaltonetworks.com/2015/12/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 8/29/2016] -[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html [accessed 8/29/2016] +[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://unit42.paloaltonetworks.com/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 7/28/2022] [^194]: Elcomsoft Phone Breaker; https://www.elcomsoft.com/eppb.html [accessed 8/29/2016] From c00942b26bdb4965beeb3bd5a1ff4c0b9a3abb69 Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Thu, 28 Jul 2022 09:17:20 -0400 Subject: [PATCH 09/16] #323: STA-40 [^S-Konstantaras-1] link changed --- _includes/references.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/references.md b/_includes/references.md index 97bf430..3402cea 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -483,7 +483,7 @@ [^247]: D. Pauli, "Every LTE call, text, can be intercepted, blacked out, hacker finds", The Register, 23 Oct 2016; http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ [accessed 10/26/2016] -[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://staff.science.uva.nl/j.j.vanderham/cases/wifi-sd-cards.pdf [accessed 10/24/2016] +[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://cupdf.com/document/exploiting-vulnerabilities-of-wi-fi-sd-cards-os3nl-vulnerabilities-of-wi-fi-sd.html?page=1 [accessed 7/28/2022] [^Bunnie-1]: bunnie:studios, "On Hacking MicroSD Cards", blog, Dec. 2013; https://www.bunniestudios.com/blog/?p=3554 [accessed 10/24/2016] From 90987d005e12e19ea97387f5689dc85c7ffdd76e Mon Sep 17 00:00:00 2001 From: samz-cs Date: Thu, 28 Jul 2022 09:51:42 -0400 Subject: [PATCH 10/16] reverting commits that were meant for 316 --- _includes/references.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/_includes/references.md b/_includes/references.md index 3402cea..3e08f39 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -273,13 +273,13 @@ [^142]: J.F. Miller, "Supply Chain Attack Framework and Attack Patterns", tech. report, MITRE, Dec. 2013; www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf -[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf [accessed 7/28/2022] +[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365. -[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf [accessed 7/28/2022] +[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://media.blackhat.com/bh-dc-11/Stavrou-Wang/BlackHat_DC_2011_Stavrou_Zhaohui_USB_exploits-Slides.pdf [accessed 8/25/2016] [^145]: M. Brignall, "Sim-Swap Fraud Claims Another Mobile Banking Victim", The Guardian, 16 Apr. 2016; www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters [accessed 8/25/2016] -[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; https://docs.broadcom.com/doc/byod-and-mobile-security-en [accessed 7/28/22] +[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; http://get.skycure.com/hubfs/Reports/BYOD_and_Mobile_Security_Report_2016.pdf [accessed 8/25/2016] [^147]: V. Blue, "Researchers Show How to Hack an iPhone in 60 Seconds", ZDNet, 31 July 2013; www.zdnet.com/article/researchers-reveal-how-to-hack-an-iphone-in-60-seconds/ [accessed 8/25/2016] @@ -367,7 +367,7 @@ [^192]: C. Xiao, "BackStab: Mobile Backup Data Under Attack from Malware", paloalto, 7 Dec. 2015; http://researchcenter.paloaltonetworks.com/2015/12/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 8/29/2016] -[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://unit42.paloaltonetworks.com/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 7/28/2022] +[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html [accessed 8/29/2016] [^194]: Elcomsoft Phone Breaker; https://www.elcomsoft.com/eppb.html [accessed 8/29/2016] @@ -469,7 +469,7 @@ [^243]: S. Skorobogatov, "The bumpy road towards iPhone 5c NAND mirroring," University of Cambridge Computer Laboratory, Cambridge, MA, 2016 -[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; https://www.fintechfutures.com/files/2014/04/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 7/27/2022] +[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; http://simalliance.org/wp-content/uploads/2015/03/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 10/24/2016] [^251]: Host Card Emulation (HCE) 101, white paper MNFCC-14002, Smart Card Alliance Mobile & NFC Council, 2014; http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf [accessed 10/24/2016] @@ -483,7 +483,7 @@ [^247]: D. Pauli, "Every LTE call, text, can be intercepted, blacked out, hacker finds", The Register, 23 Oct 2016; http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ [accessed 10/26/2016] -[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://cupdf.com/document/exploiting-vulnerabilities-of-wi-fi-sd-cards-os3nl-vulnerabilities-of-wi-fi-sd.html?page=1 [accessed 7/28/2022] +[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://staff.science.uva.nl/j.j.vanderham/cases/wifi-sd-cards.pdf [accessed 10/24/2016] [^Bunnie-1]: bunnie:studios, "On Hacking MicroSD Cards", blog, Dec. 2013; https://www.bunniestudios.com/blog/?p=3554 [accessed 10/24/2016] From 83a23ac4d881d28746385846905321ed794bec1a Mon Sep 17 00:00:00 2001 From: samz-cs Date: Thu, 28 Jul 2022 10:16:58 -0400 Subject: [PATCH 11/16] undo --- _includes/references.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/_includes/references.md b/_includes/references.md index 3e08f39..3402cea 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -273,13 +273,13 @@ [^142]: J.F. Miller, "Supply Chain Attack Framework and Attack Patterns", tech. report, MITRE, Dec. 2013; www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf -[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365. +[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf [accessed 7/28/2022] -[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://media.blackhat.com/bh-dc-11/Stavrou-Wang/BlackHat_DC_2011_Stavrou_Zhaohui_USB_exploits-Slides.pdf [accessed 8/25/2016] +[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf [accessed 7/28/2022] [^145]: M. Brignall, "Sim-Swap Fraud Claims Another Mobile Banking Victim", The Guardian, 16 Apr. 2016; www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters [accessed 8/25/2016] -[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; http://get.skycure.com/hubfs/Reports/BYOD_and_Mobile_Security_Report_2016.pdf [accessed 8/25/2016] +[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; https://docs.broadcom.com/doc/byod-and-mobile-security-en [accessed 7/28/22] [^147]: V. Blue, "Researchers Show How to Hack an iPhone in 60 Seconds", ZDNet, 31 July 2013; www.zdnet.com/article/researchers-reveal-how-to-hack-an-iphone-in-60-seconds/ [accessed 8/25/2016] @@ -367,7 +367,7 @@ [^192]: C. Xiao, "BackStab: Mobile Backup Data Under Attack from Malware", paloalto, 7 Dec. 2015; http://researchcenter.paloaltonetworks.com/2015/12/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 8/29/2016] -[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html [accessed 8/29/2016] +[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://unit42.paloaltonetworks.com/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 7/28/2022] [^194]: Elcomsoft Phone Breaker; https://www.elcomsoft.com/eppb.html [accessed 8/29/2016] @@ -469,7 +469,7 @@ [^243]: S. Skorobogatov, "The bumpy road towards iPhone 5c NAND mirroring," University of Cambridge Computer Laboratory, Cambridge, MA, 2016 -[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; http://simalliance.org/wp-content/uploads/2015/03/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 10/24/2016] +[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; https://www.fintechfutures.com/files/2014/04/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 7/27/2022] [^251]: Host Card Emulation (HCE) 101, white paper MNFCC-14002, Smart Card Alliance Mobile & NFC Council, 2014; http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf [accessed 10/24/2016] @@ -483,7 +483,7 @@ [^247]: D. Pauli, "Every LTE call, text, can be intercepted, blacked out, hacker finds", The Register, 23 Oct 2016; http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ [accessed 10/26/2016] -[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://staff.science.uva.nl/j.j.vanderham/cases/wifi-sd-cards.pdf [accessed 10/24/2016] +[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://cupdf.com/document/exploiting-vulnerabilities-of-wi-fi-sd-cards-os3nl-vulnerabilities-of-wi-fi-sd.html?page=1 [accessed 7/28/2022] [^Bunnie-1]: bunnie:studios, "On Hacking MicroSD Cards", blog, Dec. 2013; https://www.bunniestudios.com/blog/?p=3554 [accessed 10/24/2016] From f6a6272c92b1f167098dc9efa6320a77c676b8d1 Mon Sep 17 00:00:00 2001 From: samz-cs Date: Mon, 1 Aug 2022 08:53:05 -0400 Subject: [PATCH 12/16] revert to og nist-pages --- _includes/references.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/_includes/references.md b/_includes/references.md index 3402cea..1fbafac 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -129,9 +129,9 @@ [^69]: "[Vulnerability Identifier]: LOOK-11-001, blog, 1 Feb. 2011; https://blog.lookout.com/look-11-001/ [accessed 8/25/2016]" -[^70]: A. Donenfeld, Stumping the Mobile Chipset, presented at DEFCON 24, 7 Aug. 2016; https://kipdf.com/stumping-the-mobile-chipset_5afc4b768ead0ed8128b4574.html [accessed 7/26/2022] +[^70]: A. Donenfeld, Stumping the Mobile Chipset, presented at DEFCON 24, 7 Aug. 2016; https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf [accessed 8/25/2016] -[^71]: A. Brandt, Towelroot and Leaked Hacking Team Exploits Used to Deliver “Dogspectus” Ransomware to Android Devices, blog, 26 Apr. 2016; https://www.outlookseries.com/A0977/Security/3695_Towelroot_Leaked_Hacking_Team_Exploits_Dogspectus_Ransomware_Android_Devices.htm [accessed 7/26/2022] +[^71]: A. Brandt, "Android Towelroot Exploit Used to Deliver Dogspectus Ransomware", blog, 25 Apr. 2016; www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware [accessed 8/25/2016] [^72]: JailbreakMe; https://jailbreakme.qoid.us [accessed 8/25/2016] @@ -273,13 +273,13 @@ [^142]: J.F. Miller, "Supply Chain Attack Framework and Attack Patterns", tech. report, MITRE, Dec. 2013; www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf -[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf [accessed 7/28/2022] +[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365. -[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf [accessed 7/28/2022] +[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://media.blackhat.com/bh-dc-11/Stavrou-Wang/BlackHat_DC_2011_Stavrou_Zhaohui_USB_exploits-Slides.pdf [accessed 8/25/2016] [^145]: M. Brignall, "Sim-Swap Fraud Claims Another Mobile Banking Victim", The Guardian, 16 Apr. 2016; www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters [accessed 8/25/2016] -[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; https://docs.broadcom.com/doc/byod-and-mobile-security-en [accessed 7/28/22] +[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; http://get.skycure.com/hubfs/Reports/BYOD_and_Mobile_Security_Report_2016.pdf [accessed 8/25/2016] [^147]: V. Blue, "Researchers Show How to Hack an iPhone in 60 Seconds", ZDNet, 31 July 2013; www.zdnet.com/article/researchers-reveal-how-to-hack-an-iphone-in-60-seconds/ [accessed 8/25/2016] @@ -367,7 +367,7 @@ [^192]: C. Xiao, "BackStab: Mobile Backup Data Under Attack from Malware", paloalto, 7 Dec. 2015; http://researchcenter.paloaltonetworks.com/2015/12/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 8/29/2016] -[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://unit42.paloaltonetworks.com/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 7/28/2022] +[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html [accessed 8/29/2016] [^194]: Elcomsoft Phone Breaker; https://www.elcomsoft.com/eppb.html [accessed 8/29/2016] @@ -469,7 +469,7 @@ [^243]: S. Skorobogatov, "The bumpy road towards iPhone 5c NAND mirroring," University of Cambridge Computer Laboratory, Cambridge, MA, 2016 -[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; https://www.fintechfutures.com/files/2014/04/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 7/27/2022] +[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; http://simalliance.org/wp-content/uploads/2015/03/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 10/24/2016] [^251]: Host Card Emulation (HCE) 101, white paper MNFCC-14002, Smart Card Alliance Mobile & NFC Council, 2014; http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf [accessed 10/24/2016] @@ -483,7 +483,7 @@ [^247]: D. Pauli, "Every LTE call, text, can be intercepted, blacked out, hacker finds", The Register, 23 Oct 2016; http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ [accessed 10/26/2016] -[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://cupdf.com/document/exploiting-vulnerabilities-of-wi-fi-sd-cards-os3nl-vulnerabilities-of-wi-fi-sd.html?page=1 [accessed 7/28/2022] +[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://staff.science.uva.nl/j.j.vanderham/cases/wifi-sd-cards.pdf [accessed 10/24/2016] [^Bunnie-1]: bunnie:studios, "On Hacking MicroSD Cards", blog, Dec. 2013; https://www.bunniestudios.com/blog/?p=3554 [accessed 10/24/2016] From 3c06a62fbb35d6b46b8d973bc72f1894d91301e1 Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Tue, 2 Aug 2022 09:30:58 -0400 Subject: [PATCH 13/16] changed ^75 source --- _application-threats/APP-7.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_application-threats/APP-7.md b/_application-threats/APP-7.md index d29b9ca..d87d162 100644 --- a/_application-threats/APP-7.md +++ b/_application-threats/APP-7.md @@ -6,7 +6,7 @@ Threat: Data or Funcionality Exposed to Untrusted Apps ThreatDescription: Android apps can be designed to share data with other apps through a variety of mechanisms such as broadcast receivers, services, intents, and content providers. Some of these mechanisms permit the app developer to grant broader permissions to untrusted apps than intended. As a result, a malicious app may gain unauthorized access to sensitive functionality or data. The malicious app may further take advantage of the weak permission to exploit other vulnerabilities in the receiving app by sending it crafted input. ThreatOrigin: ExploitExample: - - eBay for Android Content Provider Injection Vulnerability [^75] + - 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System [^75] - Smishing Vulnerability in Multiple Android Platforms [^76] - Android SMS Spoofer [^77] - Content provider permission bypass allows malicious application to access data [^78] From b1b67f71143b226ae8a93c3755f4b07ea6425fc5 Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Tue, 2 Aug 2022 09:32:42 -0400 Subject: [PATCH 14/16] undo ^75 change --- _application-threats/APP-7.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_application-threats/APP-7.md b/_application-threats/APP-7.md index d87d162..d29b9ca 100644 --- a/_application-threats/APP-7.md +++ b/_application-threats/APP-7.md @@ -6,7 +6,7 @@ Threat: Data or Funcionality Exposed to Untrusted Apps ThreatDescription: Android apps can be designed to share data with other apps through a variety of mechanisms such as broadcast receivers, services, intents, and content providers. Some of these mechanisms permit the app developer to grant broader permissions to untrusted apps than intended. As a result, a malicious app may gain unauthorized access to sensitive functionality or data. The malicious app may further take advantage of the weak permission to exploit other vulnerabilities in the receiving app by sending it crafted input. ThreatOrigin: ExploitExample: - - 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System [^75] + - eBay for Android Content Provider Injection Vulnerability [^75] - Smishing Vulnerability in Multiple Android Platforms [^76] - Android SMS Spoofer [^77] - Content provider permission bypass allows malicious application to access data [^78] From d81789e83b59098787018793929277cabc1b9f31 Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Mon, 8 Aug 2022 10:52:19 -0400 Subject: [PATCH 15/16] added hyperlinks --- _includes/references.md | 564 ++++++++++++++++++++-------------------- 1 file changed, 284 insertions(+), 280 deletions(-) diff --git a/_includes/references.md b/_includes/references.md index 1fbafac..6fcc425 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -1,560 +1,564 @@ -[^1]: N.O. Tippenhauer et al., "On the requirements for successful GPS spoofing attacks", in Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 75-86; www.cs.ox.ac.uk/files/6489/gps.pdf [accessed 8/23/2016] +[^1]: N.O. Tippenhauer et al., "On the requirements for successful GPS spoofing attacks", in Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 75-86; link [accessed 8/23/2016] -[^2]: T.E. Humpreys et al. "Assessing the spoofing threat: Development of a portable GPS civilian spoofer." in Proceedings of the 21st International Technical Meeting of the Satellite Division of The Institute of Navigation, 2008, pp. 2314-2325; https://gps.mae.cornell.edu/humphreys_etal_iongnss2008.pdf [accessed 8/23/2016] +[^2]: T.E. Humpreys et al. "Assessing the spoofing threat: Development of a portable GPS civilian spoofer." in Proceedings of the 21st International Technical Meeting of the Satellite Division of The Institute of Navigation, 2008, pp. 2314-2325; link [accessed 8/23/2016] -[^3]: S. Andrivet, The Security of MDM systems, presented at Hack In Paris, 20 June 2013; https://hackinparis.com/data/slides/2013/MDM-HIP_2013.pdf [accessed 8/23/2016] +[^3]: S. Andrivet, The Security of MDM systems, presented at Hack In Paris, 20 June 2013; link [accessed 8/23/2016] -[^4]: S. Breen, Mobile Device Mismanagement, presented at Blackhat, Aug. 2014; www.blackhat.com/docs/us-14/materials/us-14-Breen-Mobile-Device-Mismanagement.pdf [accessed 8/23/2016] +[^4]: S. Breen, Mobile Device Mismanagement, presented at Blackhat, Aug. 2014; link [accessed 8/23/2016] -[^5]: N.S. Evans, A. Benameur, and Y. Shen, "All Your Root Checks Are Belong to Us: The Sad State of Root Detection", in Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access, 2015, pp. 81-88; http://dx.doi.org/10.1145/2810362.2810364 [accessed 8/23/2016] +[^5]: N.S. Evans, A. Benameur, and Y. Shen, "All Your Root Checks Are Belong to Us: The Sad State of Root Detection", in Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access, 2015, pp. 81-88; link [accessed 8/23/2016] -[^6]: D. Kravets, "Worker fired for disabling GPS app that track her 24 hours a day [Updated]", Ars Technica, 11 May 2015; http://arstechnica.com/tech-policy/2015/05/worker-fired-for-disabling-gps-app-that-tracked-her-24-hours-a-day/ [accessed 8/23/2016] +[^6]: D. Kravets, "Worker fired for disabling GPS app that track her 24 hours a day [Updated]", Ars Technica, 11 May 2015; link [accessed 8/23/2016] -[^7]: D. Denslow, "Personal Data Security and the "BYOD" Problem: Who is Truly at Risk?", blog, 19 Nov. 2014; http://jolt.richmond.edu/index.php/blog-personal-data-security-and-the-byod-problem-who-is-truly-at-risk/ [accessed 8/24/2016] +[^7]: D. Denslow, "Personal Data Security and the "BYOD" Problem: Who is Truly at Risk?", blog, 19 Nov. 2014; link [accessed 8/24/2016] -[^8]: S. Raghuram, "Man in the Cloud: Threat, Impact, Resolution and the Bigger Picture", blog, 2015; www.skyhighnetworks.com/cloud-security-blog/man-in-the-cloud-threat-impact-resolution-and-the-bigger-picture/ [accessed 8/23/2016] +[^8]: S. Raghuram, "Man in the Cloud: Threat, Impact, Resolution and the Bigger Picture", blog, 2015; link [accessed 8/23/2016] -[^9]: Mobile Top 10 2016, Mar. 2016; www.owasp.org/index.php/Mobile_Top_10_2016-Top_10 [accessed 8/23/2016] +[^9]: Mobile Top 10 2016, Mar. 2016; link [accessed 8/23/2016] -[^11]: L. Francis et al., "Practical NFC peer-to-peer relay attack using mobile phones", in Proceedings of the 6th International Conference on Radio Frequency Identification: Security and Privacy Issues, 2010, pp. 35-49; https://eprint.iacr.org/2010/228.pdf [accessed 8/24/2016] +[^11]: L. Francis et al., "Practical NFC peer-to-peer relay attack using mobile phones", in Proceedings of the 6th International Conference on Radio Frequency Identification: Security and Privacy Issues, 2010, pp. 35-49; link [accessed 8/24/2016] -[^12]: O. Cox, "Demystifying Point of Sale Malware and Attacks", blog, 25 Nov. 2015; www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks [accessed 8/24/2016] +[^12]: O. Cox, "Demystifying Point of Sale Malware and Attacks", blog, 25 Nov. 2015; link [accessed 8/24/2016] -[^13]: Home Depot Hit By Same Malware as Target, 14 Sept. 2014; http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/ [accessed 8/24/2016] +[^13]: Home Depot Hit By Same Malware as Target, 14 Sept. 2014; link [accessed 8/24/2016] -[^14]: M. Geuss, "The weak link in Apple Pay's strong chain is bank verification. Who's to blame?", Ars Technica, 3 Mar. 2015; http://arstechnica.com/apple/2015/03/the-weak-link-in-apple-pays-strong-chain-is-bank-verification-whos-to-blame/ [accessed 8/24/2016] +[^14]: M. Geuss, "The weak link in Apple Pay's strong chain is bank verification. Who's to blame?", Ars Technica, 3 Mar. 2015; link [accessed 8/24/2016] -[^15]: M. Georgiev et al., "The most dangerous code in the world: validating SSL certificates in non-browser software", in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 38-49; http://dx.doi.org/10.1145/2382196.2382204 [accessed 8/24/2016] +[^15]: M. Georgiev et al., "The most dangerous code in the world: validating SSL certificates in non-browser software", in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 38-49; link [accessed 8/24/2016] -[^16]: M. Souppaya and K. Scarfone, Guidelines for Securing Wireless Local Area Networks (WLANs), SP 800-163, National Institute of Standards and Technology, 2016; http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf [accessed 8/24/2016] +[^16]: M. Souppaya and K. Scarfone, Guidelines for Securing Wireless Local Area Networks (WLANs), SP 800-163, National Institute of Standards and Technology, 2016; link [accessed 8/24/2016] -[^17]: K. Zetter, "Darkhotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests", Wired, 10 Nov. 2014; www.wired.com/2014/11/darkhotel-malware/ [accessed 8/24/2016] +[^17]: K. Zetter, "Darkhotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests", Wired, 10 Nov. 2014; link [accessed 8/24/2016] -[^18]: CAPEC-613: WiFi SSID Tracking (Version 2.8), MITRE, 7 Dec. 2015; http://capec.mitre.org/data/definitions/613.html [accessed 8/24/2016] +[^18]: CAPEC-613: WiFi SSID Tracking (Version 2.8), MITRE, 7 Dec. 2015; link [accessed 8/24/2016] -[^19]: A. Stubblefield, J. Ioannidis and A.D. Rubin, Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, tech. report TD-4ZCPZZ, AT&T Labs, 2001; www.isoc.org/isoc/conferences/ndss/02/papers/stubbl.pdf [accessed 8/24/2016] +[^19]: A. Stubblefield, J. Ioannidis and A.D. Rubin, Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, tech. report TD-4ZCPZZ, AT&T Labs, 2001; link [accessed 8/24/2016] -[^20]: D. Richardson, "Using spoofed Wi-Fi to attack mobile devices", blog, 21 Apr. 2016; https://blog.lookout.com/blog/2016/04/21/spoofed-wi-fi-60-minutes/ [accessed 8/24/2016] +[^20]: D. Richardson, "Using spoofed Wi-Fi to attack mobile devices", blog, 21 Apr. 2016; link [accessed 8/24/2016] -[^21]: G. Fleishman, "FCC fines Marriott $600,000 for jamming hotel Wi-Fi", blog, 3 Oct. 2014; http://boingboing.net/2014/10/03/fcc-fines-marriott-for-jamming.html [accessed 8/24/2016] +[^21]: G. Fleishman, "FCC fines Marriott $600,000 for jamming hotel Wi-Fi", blog, 3 Oct. 2014; link [accessed 8/24/2016] -[^22]: B. Weis, IEEE 802 Privacy Threat Analysis, Cisco Systems, 2016; www.ieee802.org/1/files/public/docs2016/802E-weis-privacy-threat-analysis-0718-v01.pdf [accessed 8/24/2016] +[^22]: B. Weis, IEEE 802 Privacy Threat Analysis, Cisco Systems, 2016; link [accessed 8/24/2016] -[^23]: B. Fung, "How stores use your phone's WiFi to track your shopping habits", The Washington Post, 19 Oct. 2013; www.washingtonpost.com/blogs/the-switch/wp/2013/10/19/how-stores-use-your-phones-wifi-to-track-your-shopping-habits [accessed 8/24/2016] +[^23]: B. Fung, "How stores use your phone's WiFi to track your shopping habits", The Washington Post, 19 Oct. 2013; link [accessed 8/24/2016] -[^24]: S. Clifford and Q. Hardy, "Attention, Shoppers: Store Is Tracking Your Cell", The New York Times, 14 July 2013; www.nytimes.com/2013/07/15/business/attention-shopper-stores-are-tracking-your-cell.html [accessed 8/24/2016] +[^24]: S. Clifford and Q. Hardy, "Attention, Shoppers: Store Is Tracking Your Cell", The New York Times, 14 July 2013; link [accessed 8/24/2016] -[^25]: S. Mlot, "FTC Goes After Firm for Tracking Shoppers' Cell Phones", PCMag, 24 Apr. 2015; www.pcmag.com/article2/0,2817,2482985,00.asp [accessed 8/24/2016] +[^25]: S. Mlot, "FTC Goes After Firm for Tracking Shoppers' Cell Phones", PCMag, 24 Apr. 2015; link [accessed 8/24/2016] -[^26]: How Retailers Use Smartphones To Track Shoppers In The Store, All Things Considered, National Public Radio, 16 June 2014, transcript; www.npr.org/2014/06/16/322597862/how-retailers-use-smartphones-to-track-shoppers-in-the-store [accessed 8/24/2016] +[^26]: How Retailers Use Smartphones To Track Shoppers In The Store, All Things Considered, National Public Radio, 16 June 2014, transcript; link [accessed 8/24/2016] -[^27]: GPS, Wi-Fi, and Cell Phone Jammers Frequently Asked Questions (FAQs), Federal Communications Commission; https://transition.fcc.gov/eb/jammerenforcement/jamfaq.pdf [accessed 8/24/2016] +[^27]: GPS, Wi-Fi, and Cell Phone Jammers Frequently Asked Questions (FAQs), Federal Communications Commission; link [accessed 7/27/22] -[^28]: J. Padgette, K. Scarfone and L. Chen, Guide to Bluetooth Security, SP 800-121 rev. 1, National Institute of Standards and Technology, 2012; http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf [accessed 8/24/2016] +[^28]: J. Padgette, K. Scarfone and L. Chen, Guide to Bluetooth Security, SP 800-121 rev. 1, National Institute of Standards and Technology, 2012; link [accessed 8/24/2016] -[^29]: C. Mulliner and M. Herfurt, "Blueprinting", 2013; http://trifinite.org/trifinite_stuff_blueprinting.html [accessed 8/24/2016] +[^29]: C. Mulliner and M. Herfurt, "Blueprinting", 2013; link [accessed 8/24/2016] -[^30]: L. Carettoni, C. Merloni and S. Zanero, "Studying Bluetooth Malware Propagation: The BlueBag Project", Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 17-25, 2007; http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4140986 [accessed 8/24/2016] +[^30]: L. Carettoni, C. Merloni and S. Zanero, "Studying Bluetooth Malware Propagation: The BlueBag Project", Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 17-25, 2007; link [accessed 8/24/2016] -[^31]: Z. Wang et al., "Implementation and Analysis of a Practical NFC Relay Attack Example", in Proceedings of the 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication, and Control, 2012, pp 143-146. +[^31]: Z. Wang et al., "Implementation and Analysis of a Practical NFC Relay Attack Example", in Proceedings of the 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication, and Control, 2012, pp 143-146, link [accessed 8/1/2022]. -[^32]: M. Maass et al., Demo: NFCGate - An NFC Relay Application for Android [Extended Abstract], presented at 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 26 June 2015; https://github.com/nfcgate/nfcgate [accessed 8/24/2016] +[^32]: M. Maass et al., Demo: NFCGate - An NFC Relay Application for Android [Extended Abstract], presented at 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 26 June 2015; link [accessed 8/24/2016] -[^33]: G. Vaughan, NFC Threat Landscape, OWASP Toronto chapter meeting, 31 Mar. 2013; www.owasp.org/images/3/38/NFC_Threat_Landscape_OWASP_Toronto_March_2013.pdf [accessed 8/24/2016] +[^33]: G. Vaughan, NFC Threat Landscape, OWASP Toronto chapter meeting, 31 Mar. 2013; link [accessed 8/24/2016] -[^34]: C. Miller, Exploring the NFC Attack Surface, presented at Blackhat, 5 July 2012; https://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf [accessed 8/24/2016] +[^34]: P. Paganini, Near field communication (NFC) technology, vulnerabilities and principal attack schema, blog, 13 June 2013; link [accessed 7/27/2022] -[^35]: Android 6.0 Changes, https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-hardware-id [accessed on 8/24/2016] +[^35]: Android 6.0 Changes, link [accessed on 8/24/2016] -[^36]: D. Stites and K. Skinner, User Privacy on iOS and OS X, presented at Apple Worldwide Developer Conference, June 2014; http://devstreaming.apple.com/videos/wwdc/2014/715xx4loqo5can9/715/715_user_privacy_in_ios_and_os_x.pdf [accessed 8/24/2016] +[^36]: M. Beasley, More details on how iOS 8’s MAC address randomization feature works (and when it doesn’t), blog, 26 Sep. 2014; link [accessed 7/27/22] -[^37]: Specification of the Bluetooth System version 1.0 B, Bluetooth Special Interest Group, 1999; http://grouper.ieee.org/groups/802/15/Bluetooth/profile_10_b.pdf [accessed 8/24/2016] +[^37]: Specification of the Bluetooth System version 1.0 B, Bluetooth Special Interest Group, 1999; link [accessed 8/24/2016] -[^38]: Security, Bluetooth Smart (Low Energy), 2016; https://developer.bluetooth.org/TechnologyOverview/Pages/LE-Security.aspx [accessed 8/24/2016] +[^38]: Security, Bluetooth Smart (Low Energy), 2016; link [accessed 8/24/2016] -[^39]: S. Cobb, "QR Codes and NFC Chips: Preview-and-authorize should be default", blog, 23 Apr. 2012; www.welivesecurity.com/2012/04/23/qr-codes-and-nfc-chips-preview-and-authorize-should-be-default/ [accessed 8/24/2016] +[^39]: S. Cobb, "QR Codes and NFC Chips: Preview-and-authorize should be default", blog, 23 Apr. 2012; link [accessed 8/24/2016] -[^40]: S. Lawson, "Ten Ways Your Smartphone Knows Where you Are", PCWorld, 6 Apr. 2012; www.pcworld.com/article/253354/ten_ways_your_smartphone_knows_where_you_are.html [accessed 8/25/2016] +[^40]: S. Lawson, "Ten Ways Your Smartphone Knows Where you Are", PCWorld, 6 Apr. 2012; link [accessed 8/25/2016] -[^41]: J.S. Warner and R.G. Johnston, GPS Spoofing Countermeasures, tech. report LAUR-03-6163, Los Alamos National Laboratory, 2003; http://lewisperdue.com/DieByWire/GPS-Vulnerability-LosAlamos.pdf [accessed 8/25/2016] +[^41]: J.S. Warner and R.G. Johnston, GPS Spoofing Countermeasures, tech. report LAUR-03-6163, Los Alamos National Laboratory, 2003; link [accessed 8/25/2016] -[^42]: Malware Targeting Point of Sale Systems, US-CERT alert TA14-002A, US-CERT, 5 Feb. 2014; www.us-cert.gov/ncas/alerts/TA14-002A [accessed 8/25/2016] +[^42]: Malware Targeting Point of Sale Systems, US-CERT alert TA14-002A, US-CERT, 5 Feb. 2014; link [accessed 8/25/2016] -[^43]: C. Xiao, "YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs," blog, 25 Oct. 2015; http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/ +[^43]: C. Xiao, "YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs," blog, 25 Oct. 2015; link -[^44]: T. Claburn, "iOS SideStepper Vulnerability Undermines MDM Services: Check Point," InformationWeek ,31 Mar. 2016; www.informationweek.com/mobile/mobile-devices/ios-sidestepper-vulnerability-undermines-mdm-services-check-point/d/d-id/1324920 +[^44]: T. Claburn, "iOS SideStepper Vulnerability Undermines MDM Services: Check Point," InformationWeek ,31 Mar. 2016; link -[^45]: L. Tung, "Apple iPhone, iPad iOS 9 security flaw lets malicious apps sneak onto enterprise devices," ZDNet, 1 Apr. 2016; www.zdnet.com/article/apple-iphone-ipad-ios-9-security-flaw-lets-malicious-apps-sneak-onto-enterprise-devices/ +[^45]: L. Tung, "Apple iPhone, iPad iOS 9 security flaw lets malicious apps sneak onto enterprise devices," ZDNet, 1 Apr. 2016; link -[^46]: B. Lau et al. , MACTANS: Injecting Malware Into iOS Devices Via Malicious Chargers, presented at BlackHat, 3-4 Aug. 2013. https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf [accessed 8/23/16]. +[^46]: B. Lau et al. , MACTANS: Injecting Malware Into iOS Devices Via Malicious Chargers, presented at BlackHat, 3-4 Aug. 2013. link [accessed 7/27/22]. -[^47]: M. Mendoza, "Xiaomi Locks Mi Devices' Bootloaders On Fears Of Malware And Security Risks: Up To 21 Days To Unlock," Tech Times, 20 Jan. 2016; www.techtimes.com/articles/125681/20160120/xiaomi-locks-mi-devices-bootloaders-on-fears-of-malware-and-security-risks-up-to21-days-to-unlock.htm [accessed 8/26/2016] +[^47]: M. Mendoza, "Xiaomi Locks Mi Devices' Bootloaders On Fears Of Malware And Security Risks: Up To 21 Days To Unlock," Tech Times, 20 Jan. 2016; link [accessed 8/26/2016] -[^48]: D. Pauli, "Samsung S6 calls open to man-in-the-middle base station snooping," The Register, 12 Nov. 2015; www.theregister.co.uk/2015/11/12/mobile_pwn2own1/ +[^48]: D. Pauli, "Samsung S6 calls open to man-in-the-middle base station snooping," The Register, 12 Nov. 2015; link -[^49]: D. Goodin, "Software flaw puts mobile phones and networks at risk of complete takeover," Ars Technica, 19 July 2016; http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/ +[^49]: D. Goodin, "Software flaw puts mobile phones and networks at risk of complete takeover," Ars Technica, 19 July 2016; link -[^50]: R. Weinmann, Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks, presented at 6th USENIX Workshop on Offensive Technologies, 6-7 Aug. 2012; www.usenix.org/system/files/conference/woot12/woot12-final24.pdf [accessed 8/23/16]. +[^50]: R. Weinmann, Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks, presented at 6th USENIX Workshop on Offensive Technologies, 6-7 Aug. 2012; link [accessed 8/23/16]. -[^51]: G. Williams, "4 Surprising Ways Your Identity Can Be Stolen," U.S. News & World Report, 9 June 2015; http://money.usnews.com/money/personal-finance/articles/2015/06/09/4-surprising-ways-your-identity-can-be-stolen +[^51]: G. Williams, "4 Surprising Ways Your Identity Can Be Stolen," U.S. News & World Report, 9 June 2015; link -[^52]: AT&T SIM-Card Switch Scam, New York Department of State; www.dos.ny.gov/consumerprotection/scams/att-sim.html [accessed 8/23/16]. +[^52]: AT&T SIM-Card Switch Scam, New York Department of State; link [accessed 8/23/16]. -[^53]: R. Chirgwin, "This is what a root debug backdoor in a Linux kernel looks like," The Register, 9 May. 2016; www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_nasty_root_backdoor/ [accessed 8/26/2016] +[^53]: R. Chirgwin, "This is what a root debug backdoor in a Linux kernel looks like," The Register, 9 May. 2016; link [accessed 8/26/2016] -[^54]: iOS Security: iOS 9.3 or later, white paper, Apple, 2016. www.apple.com/business/docs/iOS_Security_Guide.pdf [accessed 8/24/16]. +[^54]: iOS Security: iOS 9.3 or later, white paper, Apple, 2016. link [accessed 8/24/16]. -[^55]: R. Welton, "Remote Code Execution as System User on Samsung Phones", blog, 16 June 2015; www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/ [accessed 8/25/2016] +[^55]: R. Welton, "Remote Code Execution as System User on Samsung Phones", blog, 16 June 2015; link [accessed 8/25/2016] -[^56]: J. V. Dyke, "Insecurity Cameras and Mobile Apps: Surveillance or Exposure?", blog, 6 Jan. 2016; www.nowsecure.com/blog/2016/01/06/insecurity-cameras-and-mobile-apps-surveillance-or-exposure/ [accessed 8/25/2016] +[^56]: J. V. Dyke, "Insecurity Cameras and Mobile Apps: Surveillance or Exposure?", blog, 6 Jan. 2016; link [accessed 8/25/2016] -[^57]: J. Oberheide and Z. Lanier, "Team Joch vs. Android", presented at ShmooCon 2011, 28-30 Jan. 2011, slide 54; https://jon.oberheide.org/files/shmoo11-teamjoch.pdf [accessed 8/25/2016] +[^57]: J. Oberheide and Z. Lanier, "Team Joch vs. Android", presented at ShmooCon 2011, 28-30 Jan. 2011, slide 54; link [accessed 8/25/2016] -[^61]: L. Neely, Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices, SANS Institute, 2016; www.sans.org/reading-room/whitepapers/analyst/mobile-threat-protection-holistic-approach-securing-mobile-data-devices-36715 [accessed 8/25/2016] +[^61]: L. Neely, Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices, SANS Institute, 2016; link 8/25/2016] -[^62]: S. Fahl et al., "Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security", in Proceedings of the 2012 ACM conference on Computer and Communications Security, 2012, pp. 50-61; http://dl.acm.org/citation.cfm?id=2382205 [accessed 8/25/2016] +[^62]: S. Fahl et al., "Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security", in Proceedings of the 2012 ACM conference on Computer and Communications Security, 2012, pp. 50-61; link [accessed 8/25/2016] -[^63]: D. Sounthiraraj et al., "SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps", in Proceedings of the 2014 Network and Distributed System Security Symposium, 2014; www.internetsociety.org/sites/default/files/10_3_1.pdf [accessed 8/25/2016] +[^63]: D. Sounthiraraj et al., "SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps", in Proceedings of the 2014 Network and Distributed System Security Symposium, 2014; link [accessed 8/25/2016] -[^64]: A. Mettler et al., "SSL Vulnerabilities: Who Listens When Android Applications Talk?", 20 Aug. 2014; www.fireeye.com/blog/threat-research/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html [accessed 8/25/2016] +[^64]: A. Mettler et al., "SSL Vulnerabilities: Who Listens When Android Applications Talk?", 20 Aug. 2014; link [accessed 8/25/2016] -[^65]: J. Montelibano and W. Dormann, How We Discovered Thousands of Vulnerable Android Apps in 1 Day, presented at RSA Conference USA 2015, 19 Apr. 2015; www.rsaconference.com/writable/presentations/file_upload/hta-t08-how-we-discovered-thousands-of-vulnerable-android-apps-in-1-day_final.pdf [accessed 8/25/2016] +[^65]: J. Montelibano and W. Dormann, How We Discovered Thousands of Vulnerable Android Apps in 1 Day, presented at RSA Conference USA 2015, 19 Apr. 2015; link [accessed 8/25/2016] -[^66]: Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information, Federal Trade Commission, 28 Mar. 2014; www.ftc.gov/news-events/press-releases/2014/03/fandango-credit-karma-settle-ftc-charges-they-deceived-consumers [accessed 8/25/2016] +[^66]: Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information, Federal Trade Commission, 28 Mar. 2014; link [accessed 8/25/2016] -[^67]: J. Case, "Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More", blog, 14 Apr. 2011; www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/# [accessed 8/25/2016] +[^67]: J. Case, "Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More", blog, 14 Apr. 2011; link [accessed 8/25/2016] -[^68]: J. V. Dyke, "World Writable Code Is Bad, MMMMKAY", blog, 10 Aug. 2015; www.nowsecure.com/blog/2015/08/10/world-writable-code-is-bad-mmmmkay/ [accessed 8/25/2016] +[^68]: J. V. Dyke, "World Writable Code Is Bad, MMMMKAY", blog, 10 Aug. 2015; link [accessed 8/25/2016] -[^69]: "[Vulnerability Identifier]: LOOK-11-001, blog, 1 Feb. 2011; https://blog.lookout.com/look-11-001/ [accessed 8/25/2016]" +[^69]: "[Vulnerability Identifier]: LOOK-11-001, blog, 1 Feb. 2011; link [accessed 8/25/2016]" -[^70]: A. Donenfeld, Stumping the Mobile Chipset, presented at DEFCON 24, 7 Aug. 2016; https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf [accessed 8/25/2016] +[^70]: A. Donenfeld, Stumping the Mobile Chipset, presented at DEFCON 24, 7 Aug. 2016; link CON 24/DEF CON 24 presentations/DEFCON-24-Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf [accessed 8/25/2016] -[^71]: A. Brandt, "Android Towelroot Exploit Used to Deliver Dogspectus Ransomware", blog, 25 Apr. 2016; www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware [accessed 8/25/2016] +[^71]: A. Brandt, "Android Towelroot Exploit Used to Deliver Dogspectus Ransomware", blog, 25 Apr. 2016; link [accessed 8/25/2016] -[^72]: JailbreakMe; https://jailbreakme.qoid.us [accessed 8/25/2016] +[^72]: JailbreakMe; link [accessed 8/25/2016] -[^73]: R. Welton, "A Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications", blog, 15 June 2015; www.nowsecure.com/blog/2015/06/15/a-pattern-for-remote-code-execution-using-arbitrary-file-writes-and-multidex-applications/ [accessed 8/25/2016] +[^73]: R. Welton, "A Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications", blog, 15 June 2015; link [accessed 8/25/2016] -[^74]: M. Grace et al., "Unsafe Exposure Analysis of Mobile In-App Advertisements", in Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks,2012, pp. 101-112; http://dl.acm.org/citation.cfm?id=2185464 [accessed 8/25/2016] +[^74]: M. Grace et al., "Unsafe Exposure Analysis of Mobile In-App Advertisements", in Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks,2012, pp. 101-112; link [accessed 8/25/2016] -[^75]: S. Guerrero, "eBay for Android Content Provider Injection Vulnerability", blog, 4 Oct. 2013. +[^75]: J. Rearon et al., "50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System", Federal Trade Commission, link [accessed 8/1/2022] -[^76]: X. Jiang, "Smishing Vulnerability in Multiple Android Platforms (including Gingerbread, Ice Cream Sandwich, and Jelly Bean)", 28 Nov. 2012; www.csc.ncsu.edu/faculty/jiang/smishing.html [accessed 8/25/2016] +[^76]: X. Jiang, "Smishing Vulnerability in Multiple Android Platforms (including Gingerbread, Ice Cream Sandwich, and Jelly Bean)", 28 Nov. 2012; link [accessed 8/25/2016] -[^77]: T. Cannon, "Android SMS Spoofer", GitHub repository, 14 Dec. 2012; https://github.com/thomascannon/android-sms-spoof [accessed 8/25/2016] +[^77]: T. Cannon, "Android SMS Spoofer", GitHub repository, 14 Dec. 2012; link [accessed 8/25/2016] -[^78]: K. Okuyama, "Content provider permission bypass allows malicious application to access data", Mozilla Foundation Security Advisory 2016-41, Mozilla Foundation, 26 Apr. 2016; www.mozilla.org/en-US/security/advisories/mfsa2016-41/ [accessed 8/25/2016] +[^78]: K. Okuyama, "Content provider permission bypass allows malicious application to access data", Mozilla Foundation Security Advisory 2016-41, Mozilla Foundation, 26 Apr. 2016; link [accessed 8/25/2016] -[^79]: "WebView addJavaScriptInterface Remote Code Execution", 24 Sept. 2013; https://labs.mwrinfosecurity.com/blog/webview-addjavascriptinterface-remote-code-execution/ [accessed 8/25/2016] +[^79]: "WebView addJavaScriptInterface Remote Code Execution", 24 Sept. 2013; link [accessed 8/25/2016] -[^80]: F. Long, "DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)", 8 Apr. 2015; www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=129859614 [accessed 8/25/2016] +[^80]: F. Long, "DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)", 8 Apr. 2015; link [accessed 8/25/2016] -[^81]: T. Sutcliffe, "Remote code execution on Android devices", blog, 31 July 2014; https://labs.bromium.com/2014/07/31/remote-code-execution-on-android-devices/ [accessed 8/25/2016] +[^81]: T. Sutcliffe, "Remote code execution on Android devices", blog, 31 July 2014; link [accessed 8/25/2016] -[^82]: D. Andzakovic, FortiClient Multiple Vulnerabilities, vulnerability disclosure, 29 Jan. 2015; www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf [accessed 8/25/2016] +[^82]: D. Andzakovic, FortiClient Multiple Vulnerabilities, vulnerability disclosure, 29 Jan. 2015; link [accessed 8/25/2016] -[^83]: The Google Android Security Team's Classifications for Potentially Harmful Applications, Apr. 2016; https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf [accessed 8/25/2016] +[^83]: The Google Android Security Team's Classifications for Potentially Harmful Applications, Apr. 2016; link [accessed 8/25/2016] -[^84]: W. Zhou et al., "Slembunk: An Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps", blog, 17 Dec. 2015; www.fireeye.com/blog/threat-research/2015/12/slembunk_an_evolvin.html [accessed 8/25/2016] +[^84]: W. Zhou et al., "Slembunk: An Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps", blog, 17 Dec. 2015; link [accessed 8/25/2016] -[^85]: Y. Zhou and X. Jiang, "Dissecting Android Malware: Characterization and Evolution", in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109; http://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016] +[^85]: Y. Zhou and X. Jiang, "Dissecting Android Malware: Characterization and Evolution", in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109; link [accessed 8/25/2016] -[^86]: C. Zheng and Z. Xu, "New Android Malware Family Evades Antivirus Detection by Using Popular Ad Libraries", blog, 7 July 2015; http://researchcenter.paloaltonetworks.com/2015/07/new-android-malware-family-evades-antivirus-detection-by-using-popular-ad-libraries/ [accessed 8/25/2016] +[^86]: C. Zheng and Z. Xu, "New Android Malware Family Evades Antivirus Detection by Using Popular Ad Libraries", blog, 7 July 2015; link [accessed 8/25/2016] -[^87]: Unauthorized App Discovered, in Incident Response for Android and iOS, www.nowsecure.com/resources/mobile-incident-response/en/case-studies/unauthorized-app-discovered.html [accessed 8/25/2016] +[^87]: Unauthorized App Discovered, in Incident Response for Android and iOS, link [accessed 8/25/2016] -[^88]: M. Kelly, "Cloned banking app stealing usernames sneaks into Google Play", blog, 24 June 2014; https://blog.lookout.com/blog/2014/06/24/bankmirage/ [accessed 8/25/2016] +[^88]: M. Kelly, "Cloned banking app stealing usernames sneaks into Google Play", blog, 24 June 2014; link [accessed 8/25/2016] -[^89]: D. Richardson, "Change to sideloading apps in iOS 9 is a security win", blog, 10 Sept. 2015; https://blog.lookout.com/blog/2015/09/10/ios-9-sideloading/ [accessed 8/25/2016] +[^89]: D. Richardson, "Change to sideloading apps in iOS 9 is a security win", blog, 10 Sept. 2015; link [accessed 8/25/2016] -[^90]: Mobile Security: Threats and Countermeasures, white paper, MobileIron; www.mobileiron.com/sites/default/files/security/Mobile-Security-Threats-and-Countermeasures-WP-MKT-6361-V1.pdf [accessed 8/25/2016] +[^90]: Mobile Security: Threats and Countermeasures, white paper, MobileIron; link [accessed 8/25/2016] -[^91]: D. Richardson, "Jailbreaking not a requirement for infecting iPhones with Hacking Team spyware", blog, 10 July 2015; https://blog.lookout.com/blog/2015/07/10/hacking-team/ [accessed 8/25/2016] +[^91]: D. Richardson, "Jailbreaking not a requirement for infecting iPhones with Hacking Team spyware", blog, 10 July 2015; link [accessed 8/25/2016] -[^92]: L. Sun, et al., "Pawn Storm Update: iOS Espionage App Found", blog, 4 Feb. 2015; http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/ [accessed 8/25/2016] +[^92]: L. Sun, et al., "Pawn Storm Update: iOS Espionage App Found", blog, 4 Feb. 2015; link [accessed 8/25/2016] -[^93]: C. Xiao, "WireLurker: A New Era in OS X and iOS Malware", blog, 5 Nov. 2014; http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/ [accessed 8/25/2016] +[^93]: C. Xiao, "WireLurker: A New Era in OS X and iOS Malware", blog, 5 Nov. 2014; link [accessed 8/25/2016] -[^94]: C. Page, "MKero: Android malware secretly subscribes victims to premium SMS services", The Inquirer, 9 Sept. 2015; www.theinquirer.net/inquirer/news/2425201/mkero-android-malware-secretly-subscribes-victims-to-premium-sms-services [accessed 8/25/2016] +[^94]: C. Page, "MKero: Android malware secretly subscribes victims to premium SMS services", The Inquirer, 9 Sept. 2015; link [accessed 8/25/2016] -[^95]: T. Espiner, "Chinese Android botnet 'netting millions', says Symantec", ZDNet, 10 Feb. 2012; www.zdnet.com/article/chinese-android-botnet-netting-millions-says-symantec/ [accessed 8/25/2016] +[^95]: T. Espiner, "Chinese Android botnet 'netting millions', says Symantec", ZDNet, 10 Feb. 2012; link [accessed 8/25/2016] -[^96]: C. Zheng, et al., "New Android Trojan XBot Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom", blog, 18 Feb. 2016; http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/ [accessed 8/25/2016] +[^96]: C. Zheng, et al., "New Android Trojan XBot Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom", blog, 18 Feb. 2016; link [accessed 8/25/2016] -[^97]: R. K. Konoth, V. van der Veen, and Herbert Bos, "How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication", Proceedings of the 20th Conference on Financial Cryptography and Data Security, 2016; http://fc16.ifca.ai/preproceedings/24_Konoth.pdf [accessed 8/25/2016] +[^97]: R. K. Konoth, V. van der Veen, and Herbert Bos, "How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication", Proceedings of the 20th Conference on Financial Cryptography and Data Security, 2016; link [accessed 8/25/2016] -[^98]: Android Security 2015 Year In Review, Google, 2016; https://source.android.com/security/reports/Google_Android_Security_2015_Report_Final.pdf [accessed 8/25/2016] +[^98]: Android Security 2015 Year In Review, Google, 2016; link [accessed 8/25/2016] -[^99]: D. Goodin, "Malware designed to take over cameras and record audio enters Google Play", Ars Technica, 7 Mar. 2014; http://arstechnica.com/security/2014/03/malware-designed-to-take-over-cameras-and-record-audio-enters-google-play/ [accessed 8/25/2016] +[^99]: D. Goodin, "Malware designed to take over cameras and record audio enters Google Play", Ars Technica, 7 Mar. 2014; link [accessed 8/25/2016] -[^100]: J. Oberheide, Android Hax, presented at Summercon, 10 June 2010; https://jon.oberheide.org/files/summercon10-androidhax-jonoberheide.pdf [accessed 8/25/2016] +[^100]: J. Oberheide, Android Hax, presented at Summercon, 10 June 2010; link [accessed 8/25/2016] -[^101]: P. Ducklin, "How to clean up the Duh iPhone worm", Naked Security, Sophos, 24 Nov. 2009; https://nakedsecurity.sophos.com/2009/11/24/clean-up-iPhone-worm/ [accessed 8/25/2016] +[^101]: P. Ducklin, "How to clean up the Duh iPhone worm", Naked Security, Sophos, 24 Nov. 2009; link [accessed 8/25/2016] -[^102]: C. Dehghanpoor, "Brain Test re-emerges: 13 apps found in Google Play", blog, 6 Jan. 2016; https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/ [accessed 8/25/2016] +[^102]: C. Dehghanpoor, "Brain Test re-emerges: 13 apps found in Google Play", blog, 6 Jan. 2016; link [accessed 8/25/2016] -[^103]: V. Chebyshev and R. Unuchek, "Mobile Malware Evolution: 2013", blog, 24 Feb. 2014; https://securelist.com/analysis/kaspersky-security-bulletin/58335/mobile-malware-evolution-2013/ [accessed 8/25/2016] +[^103]: V. Chebyshev and R. Unuchek, "Mobile Malware Evolution: 2013", blog, 24 Feb. 2014; link [accessed 8/25/2016] -[^104]: A. Coletta et al., "DroydSeuss: A Mobile Banking Trojan Tracker - A Short Paper", in Proceedings of Financial Cryptography and Data Security 2016, 2016; http://fc16.ifca.ai/preproceedings/14_Coletta.pdf [accessed 8/25/2016] +[^104]: A. Coletta et al., "DroydSeuss: A Mobile Banking Trojan Tracker - A Short Paper", in Proceedings of Financial Cryptography and Data Security 2016, 2016; link [accessed 8/25/2016] -[^105]: A.P. Felt and D. Wagner, Phishing on Mobile Devices, presented at Web 2.0 Security & Privacy 2011, 26 May 2011; http://w2spconf.com/2011/papers/felt-mobilephishing.pdf [accessed 8/25/2016] +[^105]: A.P. Felt and D. Wagner, Phishing on Mobile Devices, presented at Web 2.0 Security & Privacy 2011, 26 May 2011; link [accessed 7/27/2022] -[^106]: R. Hassell, Exploiting Androids for Fun and Profit, presented at Hack In The Box Security Conference 2011, 12-13 Oct. 2011; http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1 - Riley Hassell - Exploiting Androids for Fun and Profit.pdf [accessed 8/25/2016] +[^106]: R. Hassell, Exploiting Androids for Fun and Profit, presented at Hack In The Box Security Conference 2011, 12-13 Oct. 2011; link [accessed 8/25/2016] -[^107]: W. Zhou et al., "The Latest Android Overlay Malware Spreading via SMS Phishing in Europe", blog, 28 June 2016; www.fireeye.com/blog/threat-research/2016/06/latest-android-overlay-malware-spreading-in-europe.html [accessed 8/25/2016] +[^107]: W. Zhou et al., "The Latest Android Overlay Malware Spreading via SMS Phishing in Europe", blog, 28 June 2016; link [accessed 8/25/2016] -[^108]: J. Clover, "Password-Stealing Instagram App 'InstaAgent' Reappears in App Store Under New Name", MacRumors, 22 Mar. 2016; www.macrumors.com/2016/03/22/password-stealing-instaagent-app-reappears/ [accessed 8/25/2016] +[^108]: J. Clover, "Password-Stealing Instagram App 'InstaAgent' Reappears in App Store Under New Name", MacRumors, 22 Mar. 2016; link [accessed 8/25/2016] -[^109]: T. Fox-Brewster, "Hackers Sneak Malware Into Apple App Store 'To Steal iCloud Passwords'", Forbes, 18 Sept. 2015; www.forbes.com/sites/thomasbrewster/2015/09/18/xcodeghost-malware-wants-your-icloud/ [accessed 8/25/2016] +[^109]: T. Fox-Brewster, "Hackers Sneak Malware Into Apple App Store 'To Steal iCloud Passwords'", Forbes, 18 Sept. 2015; link [accessed 8/25/2016] -[^110]: Internet Security Threat Report vol. 21, Symantec, 2016. +[^110]: Internet Security Threat Report vol. 21, Symantec, 2016; link [accessed 8/1/2022] -[^111]: T. Wang et al., "Jekyll on iOS: When Benign Apps Become Evil", in Proceedings of the 22nd USENIX Security Symposium, 2013; www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_wang_2.pdf [accessed 8/25/2016] +[^111]: T. Wang et al., "Jekyll on iOS: When Benign Apps Become Evil", in Proceedings of the 22nd USENIX Security Symposium, 2013; link [accessed 8/25/2016] -[^112]: D. Storm, "Mobile RAT attack makes Android the ultimate spy tool", Computerworld, 1 Mar. 2012; www.computerworld.com/article/2472441/cybercrime-hacking/mobile-rat-attack-makes-android-the-ultimate-spy-tool.html [accessed 8/25/2016] +[^112]: D. Storm, "Mobile RAT attack makes Android the ultimate spy tool", Computerworld, 1 Mar. 2012; link [accessed 8/25/2016] -[^113]: L. Fair, "Device Squad: The story behind the FTC's first case against a mobile device maker", blog, 22 Feb. 2013; www.ftc.gov/news-events/blogs/business-blog/2013/02/device-squad-story-behind-ftcs-first-case-against-mobile [accessed 8/25/2016] +[^113]: L. Fair, "Device Squad: The story behind the FTC's first case against a mobile device maker", blog, 22 Feb. 2013; link [accessed 8/25/2016] -[^114]: Check Point Security Team, "Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned", blog, 6 Aug. 2015; http://blog.checkpoint.com/2015/08/06/certifigate/ [accessed 8/25/2016] +[^114]: Check Point Security Team, "Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned", blog, 6 Aug. 2015; link [accessed 8/25/2016] -[^115]: "Samsung Keyboard Security Risk Disclosed", 16 June 2015; www.nowsecure.com/keyboard-vulnerability/ [accessed 8/25/2016] +[^115]: "Samsung Keyboard Security Risk Disclosed", 16 June 2015; link [accessed 8/25/2016] -[^116]: CBS App & Mobility Website, Wandera Threat Advisory No. 192, Wandera, 23 Mar. 2016; www.wandera.com/resources/dl/TA_CBS.pdf [accessed 8/24/2016] +[^116]: K. Arya, How malware steals autofill data from browsers, ITProPortal, 23 Apr. 2018; link [accessed 8/1/2022] -[^117]: The Fork, Wandera Threat Advisory No. 154, Wandera, 14 Jan. 2016; www.wandera.com/resources/dl/TA_The_Fork.pdf [accessed 8/24/2016] +[^117]: The Fork, Wandera Threat Advisory No. 154, Wandera, 14 Jan. 2016; link [accessed 8/24/2016] -[^118]: Star Q8, Wandera Threat Advisory No. 152, Wandera, 10 Jan. 2016; www.wandera.com/resources/dl/TA_StarQ8.pdf [accessed 8/24/2016] +[^118]: Star Q8, Wandera Threat Advisory No. 152, Wandera, 10 Jan. 2016; link [accessed 8/24/2016] -[^119]: Corriere Della Sera App, Wandera Threat Advisory No. 74, Wandera, 29 Aug. 2015; www.wandera.com/resources/dl/TA_CorriereDellaSeraApp.pdf (accessed 24 Aug 2016) +[^119]: Corriere Della Sera App, Wandera Threat Advisory No. 74, Wandera, 29 Aug. 2015; link (accessed 24 Aug 2016) -[^120]: La Tribune, Wandera Threat Advisory No. 84, Wandera, 2 Oct. 2015; www.wandera.com/resources/dl/TA_LaTribune.pdf [accessed 8/24/2016] +[^120]: Z.Maldonado, Jailbreak Vulnerability & Mobile Security Updates, Polytechnic University of Puerto Rico, 2018; link [accessed 7/27/22] -[^121]: Card Crypt, Wandera Threat Advisory No. 142, Wandera, 9 Dec. 2015; www.wandera.com/resources/dl/TA_CardCrypt.pdf [accessed 8/24/2016] +[^121]: Card Crypt, Wandera Threat Advisory No. 142, Wandera, 9 Dec. 2015; link [accessed 8/24/2016] -[^122]: E. Schuman, "Starbucks Caught Storing Mobile Passwords in Clear Text", Computerworld, 15 Jan. 2014; www.computerworld.com/article/2487743/security0/evan-schuman--starbucks-caught-storing-mobile-passwords-in-clear-text.html [accessed 8/25/2016] +[^122]: E. Schuman, "Starbucks Caught Storing Mobile Passwords in Clear Text", Computerworld, 15 Jan. 2014; link [accessed 8/25/2016] -[^124]: A. Aviv et al., "Smudge Attacks on Smartphone Touch Screens", in Proceedings of the 4th USENIX Conference on Offensive technologies, 2010; www.usenix.org/legacy/event/woot10/tech/full_papers/Aviv.pdf [accessed 8/24/2016]. +[^124]: A. Aviv et al., "Smudge Attacks on Smartphone Touch Screens", in Proceedings of the 4th USENIX Conference on Offensive technologies, 2010; link [accessed 8/24/2016]. -[^125]: P. Ducklin, "Black Box" Brouhaha Breaks Out Over Brute Forcing of iPhone Pin Lock", Naked Security, Sophos, 17 Mar. 2015; https://nakedsecurity.sophos.com/2015/03/17/black-box-brouhaha-breaks-out-over-brute-forcing-of-iphone-pin-lock/ [accessed 8/25/2016] +[^125]: P. Ducklin, "Black Box" Brouhaha Breaks Out Over Brute Forcing of iPhone Pin Lock", Naked Security, Sophos, 17 Mar. 2015; link [accessed 8/25/2016] -[^126]: T. Simonite, "Black Hat: Google Glass Can Steal Your Passcodes", MIT Technology Review, 7 Aug. 2014; www.technologyreview.com/s/529896/black-hat-google-glass-can-steal-your-passcodes/ [accessed 8/25/2016] +[^126]: T. Simonite, "Black Hat: Google Glass Can Steal Your Passcodes", MIT Technology Review, 7 Aug. 2014; link [accessed 8/25/2016] -[^127]: L. Tung, "iOS 9 LockScreen Bypass Exposes Photos and Contacts", ZDNet, 24 Sept. 2015; www.zdnet.com/article/ios-9-lockscreen-bypass-exposes-photos-and-contacts/ [accessed 8/25/2016] +[^127]: L. Tung, "iOS 9 LockScreen Bypass Exposes Photos and Contacts", ZDNet, 24 Sept. 2015; link [accessed 8/25/2016] -[^128]: S. Hill, "Your Smartphone Isn't As Safe As You'd Think, Techradar, 29 Nov. 2013; www.techradar.com/us/news/phone-and-communications/mobile-phones/your-smartphone-pin-isn-t-as-safe-as-you-d-think-1203510 [accessed 8/25/2016] +[^128]: S. Hill, "Your Smartphone Isn't As Safe As You'd Think, Techradar, 29 Nov. 2013; link [accessed 8/25/2016] -[^129]: D. Goodin, "How hackers can access iPhone contacts and photos without a password", Ars Technica, 25 Sept. 2015; http://arstechnica.com/security/2015/09/how-hackers-can-access-iphone-contacts-and-photos-without-a-password/ [accessed 8/25/2016] +[^129]: D. Goodin, "How hackers can access iPhone contacts and photos without a password", Ars Technica, 25 Sept. 2015; link [accessed 8/25/2016] -[^130]: D. Goodin, "Serious OS X and iOS Flaws Let Hackers Steal Keychain, 1Password Contents", Ars Technica, 17 June 2015; http://arstechnica.com/security/2015/06/serious-os-x-and-ios-flaws-let-hackers-steal-keychain-1password-contents/ [accessed 8/25/2016] +[^130]: D. Goodin, "Serious OS X and iOS Flaws Let Hackers Steal Keychain, 1Password Contents", Ars Technica, 17 June 2015; link [accessed 8/25/2016] -[^131]: J. Lemonnier, "Which is the most secure Android Smart Lock?", 4 June 2016; http://now.avg.com/which-is-the-most-secure-android-smart-lock/ [accessed 8/25/2016] +[^131]: J. Lemonnier, "Which is the most secure Android Smart Lock?", 4 June 2016; link [accessed 8/25/2016] -[^132]: J. Trader, "Liveness Detection to Fight Biometric Spoofing", blog, 22 July 2014; http://blog.m2sys.com/scanning-and-efficiency/liveness-detection-fight-biometric-spoofing/ [accessed 8/25/2016] +[^132]: J. Trader, "Liveness Detection to Fight Biometric Spoofing", blog, 22 July 2014; link [accessed 8/25/2016] -[^133]: M. Rogers "Why I hacked TouchID (again) and still think it's awesome", blog, 23 Sept. 2016; https://blog.lookout.com/blog/2014/09/23/iphone-6-touchid-hack; [accessed 8/25/2016] +[^133]: M. Rogers "Why I hacked TouchID (again) and still think it's awesome", blog, 23 Sept. 2016; link [accessed 8/25/2016] -[^134]: D. Richardson, "Using Spoofed Wi-Fi to Attack Mobile Devices", blog, 21 Apr. 2016; https://blog.lookout.com/blog/2016/04/21/spoofed-wi-fi-60-minutes/ [accessed 8/25/2016] +[^134]: D. Richardson, "Using Spoofed Wi-Fi to Attack Mobile Devices", blog, 21 Apr. 2016; link [accessed 8/25/2016] -[^135]: SRLabs, "iPhone 5S Touch ID susceptible to fingerprint spoofs", YouTube video, 25 Sept. 2013; www.youtube.com/watch?v=h1n_tS9zxMc [accessed 8/25/2016] +[^135]: SRLabs, "iPhone 5S Touch ID susceptible to fingerprint spoofs", YouTube video, 25 Sept. 2013; link [accessed 8/25/2016] -[^136]: "Man-in-the-Middle Attack", 31 Aug. 2015; www.owasp.org/index.php/Man-in-the-middle_attack [accessed 8/25/2016] +[^136]: "Man-in-the-Middle Attack", 31 Aug. 2015; link [accessed 8/25/2016] -[^137]: Mobile Top 10 2016, Mar. 2016; www.owasp.org/index.php/ Mobile_Top_10_2016-Top_10 - M1 [accessed 8/25/2016] +[^137]: Mobile Top 10 2016, Mar. 2016; link Mobile_Top_10_2016-Top_10 - M1 [accessed 8/25/2016] -[^138]: R. Graves, Phishing Defenses for Webmail Providers, white paper, SANS Institute, 2013; www.sans.org/reading-room/whitepapers/email/phishing-detecton-remediation-34082 [accessed 8/258/2016] +[^138]: R. Graves, Phishing Defenses for Webmail Providers, white paper, SANS Institute, 2013; link [accessed 8/258/2016] -[^139]: C. Boyd, "'Your Account PayPal Has Been Limited' Phishing Scam", blog, 8 May 2015; https://blog.malwarebytes.com/cybercrime/2015/05/your-account-paypal-has-been-limited-phishing-scam/ [accessed 8/25/2016] +[^139]: C. Boyd, "'Your Account PayPal Has Been Limited' Phishing Scam", blog, 8 May 2015; link [accessed 8/25/2016] -[^140]: A. Wulf, "Stealing Passwords is Easy in Native Mobile Apps Despite OAuth", blog, 12 Jan. 2011; http://welcome.totheinter.net/2011/01/12/stealing-passwords-is-easy-in-native-mobile-apps-despite-oauth/ [accessed 8/25/2016] +[^140]: A. Wulf, "Stealing Passwords is Easy in Native Mobile Apps Despite OAuth", blog, 12 Jan. 2011; link [accessed 8/25/2016] -[^141]: W. Denniss and J. Bradley, "OAuth 2.0 for Native Apps", IETF Internet Draft, work in progress, July 2016. +[^141]: W. Denniss and J. Bradley, "OAuth 2.0 for Native Apps", IETF Internet Draft, work in progress, July 2016; link [accessed 8/1/2022] -[^142]: J.F. Miller, "Supply Chain Attack Framework and Attack Patterns", tech. report, MITRE, Dec. 2013; www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf +[^142]: J.F. Miller, "Supply Chain Attack Framework and Attack Patterns", tech. report, MITRE, Dec. 2013; link -[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365. +[^143]: Z. Wang and A. Stavrou, "Exploiting Smart-Phone USB Connectivity for Fun and Profit", in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365; link [accessed 8/1/2022] -[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; https://media.blackhat.com/bh-dc-11/Stavrou-Wang/BlackHat_DC_2011_Stavrou_Zhaohui_USB_exploits-Slides.pdf [accessed 8/25/2016] +[^144]: A. Stavrou, Z. Wang, Exploiting Smart-Phone USB Connectivity For Fun And Profit, presented at Blackhat, 4 Aug. 2011; link [accessed 8/25/2016] -[^145]: M. Brignall, "Sim-Swap Fraud Claims Another Mobile Banking Victim", The Guardian, 16 Apr. 2016; www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters [accessed 8/25/2016] +[^145]: M. Brignall, "Sim-Swap Fraud Claims Another Mobile Banking Victim", The Guardian, 16 Apr. 2016; link [accessed 8/25/2016] -[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; http://get.skycure.com/hubfs/Reports/BYOD_and_Mobile_Security_Report_2016.pdf [accessed 8/25/2016] +[^146]: BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; link [accessed 8/25/2016] -[^147]: V. Blue, "Researchers Show How to Hack an iPhone in 60 Seconds", ZDNet, 31 July 2013; www.zdnet.com/article/researchers-reveal-how-to-hack-an-iphone-in-60-seconds/ [accessed 8/25/2016] +[^147]: V. Blue, "Researchers Show How to Hack an iPhone in 60 Seconds", ZDNet, 31 July 2013; link [accessed 8/25/2016] -[^149]: A. O'Donnell, "How to Protect Yourself From Malicious QR Codes", blog, http://netsecurity.about.com/od/securityadvisorie1/a/How-To-Protect-Yourself-From-Malicious-QR-Codes.htm [accessed 8/25/16] +[^149]: A. O'Donnell, "How to Protect Yourself From Malicious QR Codes", blog, link [accessed 8/25/16] -[^150]: G. Gruman, "Keep out hijackers: Secure your app store dev account," InfoWorld, 5 Dec. 2014; www.infoworld.com/article/2854963/mobile-development/how-to-keep-your-app-store-dev-account-from-being-hijacked.html +[^150]: G. Gruman, "Keep out hijackers: Secure your app store dev account," InfoWorld, 5 Dec. 2014; link -[^151]: D. Fisher, "Researchers Find Methods for Bypassing Google's Bouncer Android Security," blog, 4 June 2012; https://threatpost.com/researchers-find-methods-bypassing-googles-bouncer-android-security-060412/76643/ +[^151]: D. Fisher, "Researchers Find Methods for Bypassing Google's Bouncer Android Security," blog, 4 June 2012; link -[^152]: C. Welch, "Major security hole allows Apple passwords to be reset with only email address, date of birth (update)," The Verge, 22 Mar. 2013; www.theverge.com/2013/3/22/4136242/major-security-hole-allows-apple-id-passwords-reset-with-email-date-of-birth +[^152]: C. Welch, "Major security hole allows Apple passwords to be reset with only email address, date of birth (update)," The Verge, 22 Mar. 2013; link -[^153]: D. Harkness et al., "Google Play Store seems blocked now from China. How can I update my Quora app?", forum thread, 6 Dec. 2014, www.quora.com/Google-Play-Store-seems-blocked-now-from-China-How-can-I-update-my-Quora-app [accessed 8/25/16] +[^153]: D. Harkness et al., "Google Play Store seems blocked now from China. How can I update my Quora app?", forum thread, 6 Dec. 2014, link [accessed 8/25/16] -[^154]: J. Cheng, "'Find and Call' app becomes first trojan to appear on iOS App Store," Ars Technica, 5 July 2012; http://arstechnica.com/apple/2012/07/find-and-call-app-becomes-first-trojan-to-appear-on-ios-app-store/ +[^154]: J. Cheng, "'Find and Call' app becomes first trojan to appear on iOS App Store," Ars Technica, 5 July 2012; link -[^155]: J. Miller and C. Oberheide, Dissecting the Android Bouncer, Summercon, June 2012. https://jon.oberheide.org/files/summercon12-bouncer.pdf [accessed 8/25/16] +[^155]: J. Miller and C. Oberheide, Dissecting the Android Bouncer, Summercon, June 2012. link [accessed 8/25/16] -[^156]: N.J. Percoco and S. Schulte, Adventures in BouncerLand, presented at BlackHat, 25 July 2012. https://media.blackhat.com/bh-us-12/Briefings/Percoco/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf [accessed 8/25/16] +[^156]: N.J. Percoco and S. Schulte, Adventures in BouncerLand, presented at BlackHat, 25 July 2012. link [accessed 7/27/22] -[^158]: Setup an FDroid App Repo, wiki entry, 3 May 2016, https://f-droid.org/wiki/page/Setup_an_FDroid_App_Repo [accessed 8/25/16] +[^158]: Setup an FDroid App Repo, wiki entry, 3 May 2016, link [accessed 8/25/16] -[^159]: Protect your developer account, Google, 2016, https://support.google.com/googleplay/android-developer/answer/2543765?hl=en [accessed 8/25/16] +[^159]: Protect your developer account, Google, 2016, link [accessed 8/25/16] -[^160]: Security and your Apple ID, Apple, 2016, https://support.apple.com/en-us/HT201303 [accessed 8/25/16] +[^160]: Security and your Apple ID, Apple, 2016, link [accessed 8/25/16] -[^161]: Maintaining Your Signing Identities and Certificates, Apple, 5 July 2016, https://developer.apple.com/library/prerelease/content/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html [accessed 8/25/16] +[^161]: Maintaining Your Signing Identities and Certificates, Apple, 5 July 2016, link [accessed 8/25/16] -[^162]: Secure Your Private Key, in User Guide, https://developer.android.com/studio/publish/app-signing.html#secure-key [accessed 8/25/16] +[^162]: Secure Your Private Key, in User Guide, link [accessed 8/25/16] -[^164]: D. Goodin, "New Attack Steals Secret Crypto Keys from Android and iOS Phones", Ars Technica, 3 Mar. 2016; http://arstechnica.com/security/2016/03/new-attack-steals-secret-crypto-keys-from-android-and-ios-phones/ [accessed 8/25/2016] +[^164]: D. Goodin, "New Attack Steals Secret Crypto Keys from Android and iOS Phones", Ars Technica, 3 Mar. 2016; link [accessed 8/25/2016] -[^165]: 3G Security; Security Threats and Requirements (Release 4), 3GPP TS 21.133 V4.0.0, 3rd Generation Partnership Project, 2003; www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/Old_Vsns/21133-400.pdf [Accessed 8/23/2016] +[^165]: 3G Security; Security Threats and Requirements (Release 4), 3GPP TS 21.133 V4.0.0, 3rd Generation Partnership Project, 2003; link [Accessed 8/23/2016] -[^166]: J. Cichonski, J.M. Franklin, and M. Bartock, NIST Special Publication 800-187: Guide to LTE Security, National Institute of Standards and Technology, 2017; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf [Accessed 3/29/2022] +[^166]: J. Cichonski, J.M. Franklin, and M. Bartock, NIST Special Publication 800-187: Guide to LTE Security, National Institute of Standards and Technology, 2017; link [Accessed 3/29/2022] -[^167]: R.P. Jover, LTE Security and Protocol Exploits, presented at ShmooCon, 3 Jan. 2016; www.ee.columbia.edu/~roger/ShmooCon_talk_final_01162016.pdf [accessed 8/23/2016] +[^167]: R.P. Jover, LTE Security and Protocol Exploits, presented at ShmooCon, 3 Jan. 2016; link [accessed 8/23/2016] -[^168]: J. Vijayan, "Researchers Exploit Cellular Tech Flaws to Intercept Phone Calls", ComputerWorld, 1 Aug. 2013; http://www.computerworld.com/article/2484538/cybercrime-hacking/researchers-exploit-cellular-tech-flaws-to-intercept-phone-calls.html [accessed 8/23/2016] +[^168]: J. Vijayan, "Researchers Exploit Cellular Tech Flaws to Intercept Phone Calls", ComputerWorld, 1 Aug. 2013; link [accessed 8/23/2016] -[^169]: J. Kakar et al. "Analysis and Mitigation of Interference to the LTE Physical Control Format Indicator Channel", in Proceedings of 2014 IEEE Military Communications Conference, 2014, pp. 228-234. +[^169]: J. Kakar et al. "Analysis and Mitigation of Interference to the LTE Physical Control Format Indicator Channel", in Proceedings of 2014 IEEE Military Communications Conference, 2014, pp. 228-234 link [accessed 8/1/2022] -[^170]: C.-Y. Li et al. "Insecurity of Voice Solution VoLTE in LTE Mobile Networks", In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015, pp. 316-327; http://dx.doi.org/10.1145/2810103.2813618 [accessed 8/23/2016] +[^170]: C.-Y. Li et al. "Insecurity of Voice Solution VoLTE in LTE Mobile Networks", In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015, pp. 316-327; link [accessed 8/23/2016] -[^171]: Safe Use of Mobile Devices and the Internet, CESG, 2016; https://web.archive.org/web/20160623094354/www.cesg.gov.uk/guidance/safe-use-mobile-devices-and-internet [accessed 8/23/2016] +[^171]: Safe Use of Mobile Devices and the Internet, CESG, 2016; link [accessed 8/23/2016] -[^172]: P. Langlois, SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones, presented at Blackhat EU, 29 Mar. 2007; www.blackhat.com/presentations/bh-europe-07/Langlois/Presentation/bh-eu-07-langlois-ppt-apr19.pdf [accessed 8/23/2016] +[^172]: P. Langlois, SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones, presented at Blackhat EU, 29 Mar. 2007; link [accessed 8/23/2016] -[^173]: K. Nohl, GSM Sniffing, 27th Chaos Communication Congress, Dec. 2010; https://events.ccc.de/congress/2010/Fahrplan/attachments/1783_101228.27C3.GSM-Sniffing.Nohl_Munaut.pdf [accessed 8/23/2016] +[^173]: K. Nohl, GSM Sniffing, 27th Chaos Communication Congress, Dec. 2010; link [accessed 8/23/2016] -[^174]: P. Langlois, Toward the HLR: Attacking the SS7 & SIGTRAN Applications, presented at H2HC, Dec. 2009; www.h2hc.org.br/repositorio/2009/files/Philippe.en.pdf [accessed 8/23/2016] +[^174]: P. Langlois, Toward the HLR: Attacking the SS7 & SIGTRAN Applications, presented at H2HC, Dec. 2009; link [accessed 8/23/2016] -[^175]: K. Nohl, Attacking Phone Privacy, presented at Blackhat, 29 July 2010; https://media.blackhat.com/bh-ad-10/Nohl/BlackHat-AD-2010-Nohl-Attacking-Phone-Privacy-wp.pdf [accessed 8/23/2016] +[^175]: K. Nohl, Attacking Phone Privacy, presented at Blackhat, 29 July 2010; link [accessed 8/23/2016] -[^176]: U. Meyer and S. Wetzel, "A Man-in-the-Middle Attack on UMTS", Proceedings of the 3rd ACM workshop on Wireless security, 2004, pp. 90-97; http://dx.doi.org/10.1145/1023646.1023662 [accessed 8/23/2016] +[^176]: U. Meyer and S. Wetzel, "A Man-in-the-Middle Attack on UMTS", Proceedings of the 3rd ACM workshop on Wireless security, 2004, pp. 90-97; link [accessed 8/23/2016] -[^177]: H. Schmidt and B. Butterly, Attacking BaseStations - an Odyssey through a Telco's Network, presented at DEFCON 24, 7 Aug. 2016; https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Hendrik-Schmidt-Brian-Butter-Attacking-BaseStations.pdf [accessed 8/23/2016] +[^177]: H. Schmidt and B. Butterly, Attacking BaseStations - an Odyssey through a Telco's Network, presented at DEFCON 24, 7 Aug. 2016; link CON 24/DEF CON 24 presentations/DEFCON-24-Hendrik-Schmidt-Brian-Butter-Attacking-BaseStations.pdf [accessed 8/23/2016] -[^178]: C. Feest, Protecting Mobile Networks from SS7 Attacks, white paper, Telesoft Technologies Inc., 2015; http://telesoft-technologies.com/document-library/milborne-ss7-firewall-ips/12-telesoft-whitepaper-protecting-mobile-networks-from-ss7-attacks/file [accessed 8/23/2016] +[^178]: C. Feest, Protecting Mobile Networks from SS7 Attacks, white paper, Telesoft Technologies Inc., 2015; link [accessed 8/23/2016] -[^179]: H. Hu and N. Wei, "A Study of GPS Jamming and Anti-Jamming", in Proceedings of Power Electronics and Intelligent Transportation System (PEITS), 2009 2nd International Conference on, 2009, pp. 388-391. +[^179]: H. Hu and N. Wei, "A Study of GPS Jamming and Anti-Jamming", in Proceedings of Power Electronics and Intelligent Transportation System (PEITS), 2009 2nd International Conference on, 2009, pp. 388-391; link [accessed 8/1/2022] -[^180]: D. DePerry and T. Ritter, I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell, presented at DEFCON 21, 2 Aug. 2013; www.defcon.org/images/defcon-21/dc-21-presentations/DePerry-Ritter/DEFCON-21-DePerry-Ritter-Femtocell-Updated.pdf [accessed 8/29/2016] +[^180]: D. DePerry and T. Ritter, I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell, presented at DEFCON 21, 2 Aug. 2013; link [accessed 8/29/2016] -[^181]: G.-H. Tu et al., "How Voice Call Technology Poses Security Threats in 4G LTE Networks", in Proceedings of 2015 IEEE Conference on Communications and Network Security (CNS), 2015. +[^181]: G.-H. Tu et al., "How Voice Call Technology Poses Security Threats in 4G LTE Networks", in Proceedings of 2015 IEEE Conference on Communications and Network Security (CNS), 2015; link [accessed 8/1/2022] -[^182]: Z. Lackey, Attacking SMS, presented at Blackhat, 30 July 2009; www.blackhat.com/presentations/bh-usa-09/LACKEY/BHUSA09-Lackey-AttackingSMS-SLIDES.pdf [accessed 8/29/2016] +[^182]: Z. Lackey, Attacking SMS, presented at Blackhat, 30 July 2009; link [accessed 8/29/2016] -[^183]: D. Goodin, "Beware of the Text Massage That Crashes iPhones", Ars Technica, 27 May 2015; http://arstechnica.com/security/2015/05/beware-of-the-text-message-that-crashes-iphones/ [accessed 8/29/2016] +[^183]: D. Goodin, "Beware of the Text Massage That Crashes iPhones", Ars Technica, 27 May 2015; link [accessed 8/29/2016] -[^184]: P. Traynor et al., "Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks", in IEEE/ACM Transaction on Networking 17.1, 2009; https://www.cise.ufl.edu/~traynor/papers/mobicom06.pdf [accessed 8/29/2016] +[^184]: P. Traynor et al., "Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks", in IEEE/ACM Transaction on Networking 17.1, 2009; link [accessed 8/29/2016] -[^185]: N.J. Croft and M.S. Olivier, "A Silent SMS Denial of Servie (DoS) Attack", in Information and Computer Security Architectures (ICSA) Research Group South Africa, 2007; http://mo.co.za/open/silentdos.pdf [accessed 8/29/2016] +[^185]: N.J. Croft and M.S. Olivier, "A Silent SMS Denial of Servie (DoS) Attack", in Information and Computer Security Architectures (ICSA) Research Group South Africa, 2007; link [accessed 8/29/2016] -[^186]: Z. Avraham, J. Drake, and N. Bassen, "Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media", blog, 1 Oct. 2015; https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/ [accessed 8/29/2016] +[^186]: Z. Avraham, J. Drake, and N. Bassen, "Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media", blog, 1 Oct. 2015; link [accessed 8/29/2016] -[^187]: M. Smith, "'Dirty USSD' Code Could Automatically Wipe Your Samsung TouchWize Device (Updated)", Engadget, 25 Oct. 2012; https://www.engadget.com/2012/09/25/dirty-ussd-code-samsung-hack-wipe/ [accessed 8/29/2016] +[^187]: M. Smith, "'Dirty USSD' Code Could Automatically Wipe Your Samsung TouchWize Device (Updated)", Engadget, 25 Oct. 2012; link [accessed 8/29/2016] -[^188]: "Remote USSD Code Execution on Android Devices", 29 Oct. 2012, https://www.nowsecure.com/blog/2012/09/25/remote-ussd-code-execution-on-android-devices/ [accessed 8/29/2016] +[^188]: "Remote USSD Code Execution on Android Devices", 29 Oct. 2012, link [accessed 8/29/2016] -[^189]: K. Nohn, Mobile Self-Defense, presented at 31st Chaos Communication Congress, 27 Dec. 2014; https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2493/original/Mobile_Self_Defense-Karsten_Nohl-31C3-v1.pdf [accessed 8/29/2016] +[^189]: K. Nohn, Mobile Self-Defense, presented at 31st Chaos Communication Congress, 27 Dec. 2014; link [accessed 8/29/2016] -[^190]: "New VMSA-2014-0014 - AirWatch by VMWare Product Update Addresses Information Disclosure Vulnerabilities", 10 Dec. 2014; http://seclists.org/fulldisclosure/2014/Dec/44 [accessed 8/29/2016] +[^190]: "New VMSA-2014-0014 - AirWatch by VMWare Product Update Addresses Information Disclosure Vulnerabilities", 10 Dec. 2014; link [accessed 8/29/2016] -[^191]: G. Lorenz et al., "Securing SS7 Telecommunications Networks", in Workshop on Information Assurance and Security vol. 2, 2001. +[^191]: G. Lorenz et al., "Securing SS7 Telecommunications Networks", in Workshop on Information Assurance and Security vol. 2, 2001; link [accessed 8/1/2022] -[^192]: C. Xiao, "BackStab: Mobile Backup Data Under Attack from Malware", paloalto, 7 Dec. 2015; http://researchcenter.paloaltonetworks.com/2015/12/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 8/29/2016] +[^192]: C. Xiao, "BackStab: Mobile Backup Data Under Attack from Malware", paloalto, 7 Dec. 2015; link [accessed 8/29/2016] -[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html [accessed 8/29/2016] +[^193]: BackStab: Mobile Backup Data Under Attack From Malware, 7 Dec. 2015; link [accessed 8/29/2016] -[^194]: Elcomsoft Phone Breaker; https://www.elcomsoft.com/eppb.html [accessed 8/29/2016] +[^194]: Elcomsoft Phone Breaker; link [accessed 8/29/2016] -[^195]: Q4 Mobile Security and Risk Review, white paper, MobileIron; https://www.mobileiron.com/sites/default/files/qsreports/files/security-report-Q415-v1.2-EN.pdf [accessed 8/25/2016] +[^195]: Q4 Mobile Security and Risk Review, white paper, MobileIron; link [accessed 8/25/2016] -[^196]: Security Guidance for Critical Areas of Mobile Computing, white paper, Cloud Security Alliance; https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Guidance_v1.pdf [accessed 8/29/2016] +[^196]: Security Guidance for Critical Areas of Mobile Computing, white paper, Cloud Security Alliance; link [accessed 8/29/2016] -[^197]: M. Honan, "How Apple Aan Amazon Security Flaws Led To My Epic Hacking", Wired, 6 Aug. 2012; http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/ [accessed 8/24/2016] +[^197]: M. Honan, "How Apple Aan Amazon Security Flaws Led To My Epic Hacking", Wired, 6 Aug. 2012; link [accessed 8/24/2016] -[^198]: B. Thompson, "UAE Blackberry update was spyware", 21 Jul. 2009, http://news.bbc.co.uk/2/hi/8161190.stm [accessed 8/29/2016] +[^198]: B. Thompson, "UAE Blackberry update was spyware", 21 Jul. 2009, link [accessed 8/29/2016] -[^199]: "The State of the Mobile Ecosystem, Appthority Unveils New Security Research at Black Hat", 4 Aug. 2015, https://www.appthority.com/company/news-and-events/press-releases/the-state-of-the-mobile-ecosystem-appthority-unveils-new-security-research-at-black-hat/ [accessed 8/29/2015] +[^199]: "The State of the Mobile Ecosystem", 5 Aug. 2015, link [accessed 7/27/2022] -[^200]: J. Oberheide, "How I Almost Won Pwn2Own via XSS", 07 Mar. 2011; https://jon.oberheide.org/blog/2011/03/07/how-i-almost-won-pwn2own-via-xss/ [accessed 8/25/2016] +[^200]: J. Oberheide, "How I Almost Won Pwn2Own via XSS", 07 Mar. 2011; link [accessed 8/25/2016] -[^201]: R. Konoth, V. van der Veen et al., "How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication", in Proceedings of the 20th Conference on Financial Cryptography and Data Security, 2016. +[^201]: R. Konoth, V. van der Veen et al., "How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication", in Proceedings of the 20th Conference on Financial Cryptography and Data Security, 2016; link [accessed 8/1/2022] -[^202]: J. Forristal, Android: One Root to Own Them All, presented at Blackhat, 2013; https://media.blackhat.com/us-13/US-13-Forristal-Android-One-Root-to-Own-Them-All-Slides.pdf [accessed 8/24/2016] +[^202]: J. Forristal, Android: One Root to Own Them All, presented at Blackhat, 2013; link [accessed 7/27/2022] -[^203]: J. Timmer, "UAE cellular carrier rolls out spyware as a 3G 'update'", Ars Technica, 23 Jul 2009; http://arstechnica.com/business/2009/07/mobile-carrier-rolls-out-spyware-as-a-3g-update/ [accessed 8/23/2016] +[^203]: J. Timmer, "UAE cellular carrier rolls out spyware as a 3G 'update'", Ars Technica, 23 Jul 2009; link [accessed 8/23/2016] -[^204]: Government Mobile and Wireless Security Baseline, CIO Council, 23 May 2013 +[^204]: Government Mobile and Wireless Security Baseline, CIO Council, 23 May 2013; link [accessed 8/1/2022] -[^205]: Y. Amit, "Malicious Profiles - The Sleeping Giant of iOS Security", Skycure Blog, 12 Mar. 2013; https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/ [accessed 8/23/2016] +[^205]: Y. Amit, "Malicious Profiles - The Sleeping Giant of iOS Security", Skycure Blog, 12 Mar. 2013; link [accessed 8/23/2016] -[^206]: "Android Security Bulletin June 2016", 8 Dec. 2016; http://source.android.com/security/bulletin/2016-06-01.html [accessed 8/29/2016] +[^206]: "Android Security Bulletin June 2016", 8 Dec. 2016; link [accessed 8/29/2016] -[^207]: R. Chirgwin, "This is what a root debug backdoor in a Linux kernel looks like," The Register, 9 May 2016; http://www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_nasty_root_backdoor/ +[^207]: R. Chirgwin, "This is what a root debug backdoor in a Linux kernel looks like," The Register, 9 May 2016; link -[^208]: S. Gallagher, "Chinese ARM vendor left developer backdoor in kernel for Android, other devices," Ars Technica, 11 May 2016; http://arstechnica.com/security/2016/05/chinese-arm-vendor-left-developer-backdoor-in-kernel-for-android-pi-devices/ +[^208]: S. Gallagher, "Chinese ARM vendor left developer backdoor in kernel for Android, other devices," Ars Technica, 11 May 2016; link -[^209]: laginimaineb, "Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption," blog, 30 Jun. 2016; https://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html +[^209]: laginimaineb, "Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption," blog, 30 Jun. 2016; link -[^210]: ARM Security Technology Building a Secure System using TrustZone Technology; http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/ch01s03s03.html [accessed 8/23/16] +[^210]: ARM Security Technology Building a Secure System using TrustZone Technology; link [accessed 8/23/16] -[^211]: K. Nohl, Rooting SIM cards, presented at BlackHat, 2013. https://media.blackhat.com/us-13/us-13-Nohl-Rooting-SIM-cards-Slides.pdf [accessed 8/23/16] +[^211]: K. Nohl, Rooting SIM cards, presented at BlackHat, 2013. link [accessed 7/27/22] -[^212]: H. Ko and R. Caytiles, "A Review of Smartcard Security Issues," Journal of Security Engineering, 8, no. 3 (2011): 6. https://docplayer.net/23347975-A-review-of-smartcard-security-issues.html [accessed 10/11/21] +[^212]: H. Ko and R. Caytiles, "A Review of Smartcard Security Issues," Journal of Security Engineering, 8, no. 3 (2011): 6. link [accessed 10/11/21] -[^213]: zLabs, "Zimperium Applauds Google's Rapid Response to Unpatched Kernel Exploit," Zimperium, 25 Mar. 2016; https://blog.zimperium.com/zimperium-applauds-googles-rapid-response-to-unpatched-kernel-exploit/ +[^213]: zLabs, "Zimperium Applauds Google's Rapid Response to Unpatched Kernel Exploit," Zimperium, 25 Mar. 2016; link -[^214]: W. Xu and Y. Fu, Own your Android! Yet Another Universal Root, presented at BlackHat, 2015. https://www.blackhat.com/docs/us-15/materials/us-15-Xu-Ah-Universal-Android-Rooting-Is-Back-wp.pdf [accessed 8/23/16] +[^214]: W. Xu and Y. Fu, Own your Android! Yet Another Universal Root, presented at BlackHat, 2015. link [accessed 8/23/16] -[^215]: TALOS Vulnerability Report; http://www.talosintelligence.com/reports/TALOS-2016-0186/ [accessed 8/23/16] +[^215]: TALOS Vulnerability Report; link [accessed 8/23/16] -[^216]: windknown, "iOS 8.4.1 Kernel Vulnerabilities in AppleHDQGasGaugeControl," Pangu, 08 Sept. 2015; http://blog.pangu.io/ios-8-4-1-kernel-vulns/ +[^216]: windknown, "iOS 8.4.1 Kernel Vulnerabilities in AppleHDQGasGaugeControl," Pangu, 08 Sept. 2015; link -[^217]: B. Lau et. al. , Injecting Malware into iOS Devices via Maliscious Chargers, presented at BlackHat, 2013. https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf [accessed 8/23/16] +[^217]: B. Lau et. al. , Injecting Malware into iOS Devices via Maliscious Chargers, presented at BlackHat, 2013. link [accessed 8/23/16] -[^218]: Threat Advisory Semi Jailbreak; https://www.wandera.com/resources/dl/TA_SemiJailbreak.pdf [accessed 8/23/16] +[^218]: Threat Advisory Semi Jailbreak; link [accessed 8/23/16] -[^219]: A. Chaykin, "Spoofing and intercepting SIM commands through STK framework," blog, 26 Aug. 2015; http://blog.0xb.in/2015/08/spoofing-and-intercepting-sim-commands.html +[^219]: A. Chaykin, "Spoofing and intercepting SIM commands through STK framework," blog, 26 Aug. 2015; link -[^220]: "Security Enhancements in Android 4.3"; https://source.android.com/security/enhancements/enhancements43.html [accessed 8/29/2016] +[^220]: "Security Enhancements in Android 4.3"; link [accessed 8/29/2016] -[^221]: "Security Enhancements in Android 6.0"; https://source.android.com/security/enhancements/enhancements60.html [accessed 8/29/2016] +[^221]: "Security Enhancements in Android 6.0"; link [accessed 8/29/2016] -[^222]: Trusty TEE; https://source.android.com/security/trusty/index.html#third-party_trusty_applications [accessed 8/29/2016] +[^222]: Trusty TEE; link [accessed 8/29/2016] -[^223]: B. Krebs, "Beware of Juice-Jacking", 11 Aug. 2011; http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/ [accessed 8/24/2016] +[^223]: B. Krebs, "Beware of Juice-Jacking", 11 Aug. 2011; link [accessed 8/24/2016] -[^224]: P. Paganini, "Hacking Samsung Galaxy via Modem interface exposed via USB", 13 Apr. 2016; http://securityaffairs.co/wordpress/46287/hacking/hacking-samsung-galaxy.html [accessed 8/24/2016] +[^224]: P. Paganini, "Hacking Samsung Galaxy via Modem interface exposed via USB", 13 Apr. 2016; link [accessed 8/24/2016] -[^225]: "Phone Theft in America: What really happens when your phone gets grabbed", blog, 7 May 2014; https://blog.lookout.com/blog/2014/05/07/phone-theft-in-america/ [accessed 8/25/2016] +[^225]: "Phone Theft in America: What really happens when your phone gets grabbed", blog, 7 May 2014; link [accessed 8/25/2016] -[^226]: C. Deitrick, Smartphone thefts drop as kill switch usage grows, Consumer Reports, 11 June 2015; http://www.consumerreports.org/cro/news/2015/06/smartphone-thefts-on-the-decline/index.htm [accessed 8/30/2016] +[^226]: C. Deitrick, Smartphone thefts drop as kill switch usage grows, Consumer Reports, 11 June 2015; link [accessed 8/30/2016] -[^227]: Security Tips, https://developer.android.com/training/articles/security-tips.html [accessed on 8/24/2016] +[^227]: Security Tips, link [accessed on 8/24/2016] -[^228]: GenericKeychain, https://developer.apple.com/library/ios/samplecode/GenericKeychain/Introduction/Intro.html#//apple_ref/doc/uid/DTS40007797 [accessed 8/25/16] +[^228]: GenericKeychain, link [accessed 8/25/16] -[^229]: D. Genkin et al., ECDSA Key Extraction from Mobile Devices Via Nonintrusive Physical Side Channels, tech. report 2016/230, Cryptology ePrint Archive, 2016; https://www.tau.ac.il/~tromer/mobilesc/mobilesc.pdf [accessed 8/31/2016] +[^229]: D. Genkin et al., ECDSA Key Extraction from Mobile Devices Via Nonintrusive Physical Side Channels, tech. report 2016/230, Cryptology ePrint Archive, 2016; link [accessed 8/31/2016] -[^230]: FAQ on Lost/Stolen Devices, in Your Wireless Life, July 2016; http://www.ctia.org/your-wireless-life/consumer-tips/how-to-deter-smartphone-thefts-and-protect-your-data/faq-on-lost-stolen-devices#anti-theft-commitment [accessed 8/31/2016] +[^230]: FAQ on Lost/Stolen Devices, in Your Wireless Life, July 2016; link [accessed 8/31/2016] -[^231]: "Eight Ways to Keep Your Smartphone Safe", in BullGuard Security Centre; www.bullguard.com/bullguard-security-center/mobile-security/mobile-protection-resources/8-ways-to-keep-your-smartphone-safe.aspx [accessed 8/31/2016] +[^231]: "Eight Ways to Keep Your Smartphone Safe", in BullGuard Security Centre; link [accessed 8/31/2016] -[^232]: G. Sims, "New Malware Tries to Infect Android Devices Via USB Cable", 27 Jan. 2014; www.androidauthority.com/new-malware-tries-infect-android-devices-via-usb-cable-339356/ [accessed 8/31/2016] +[^232]: G. Sims, "New Malware Tries to Infect Android Devices Via USB Cable", 27 Jan. 2014; link [accessed 8/31/2016] -[^233]: P. Warren, "Who's Got Your Old Phone's Data?", The Guardian, 23 Sept. 2008; www.theguardian.com/technology/2008/sep/25/news.mobilephones [accessed 8/31/2016] +[^233]: P. Warren, "Who's Got Your Old Phone's Data?", The Guardian, 23 Sept. 2008; link [accessed 8/31/2016] -[^234]: The Current State of Android Security, infographic, Duo Labs, Jan 2016; https://duo.com/assets/infographics/The State of Android Security 72.png [accessed 8/31/2016] +[^234]: The Current State of Android Security, infographic, Duo Labs, Jan 2016; link State of Android Security 72.png [accessed 8/31/2016] -[^235]: L. Jordaan and B. von Solms, "A Biometrics-Based Solution to Combat SIM Swap Fraud", in Open Research Problems in Network Security, pp. 70-87, 2011 +[^235]: L. Jordaan and B. von Solms, "A Biometrics-Based Solution to Combat SIM Swap Fraud", in Open Research Problems in Network Security, pp. 70-87, 2011; link [accessed 8/1/2022] -[^236]: Juniper Networks Third Annual Mobile Threats Report, white paper, Juniper Networks; http://www.juniper.net/us/en/local/pdf/additional-resources/jnpr-2012-mobile-threats-report.pdf [accessed 8/31/16] +[^236]: Juniper Networks Third Annual Mobile Threats Report, white paper, Juniper Networks; link [accessed 8/31/16] -[^237]: M. Rogers, "Dendroid malware can take over your camera, record audio, and sneak into Google Play", blog, 6 Mar. 2014;https://blog.lookout.com/blog/2014/03/06/dendroid/ [accessed 8/31/16] +[^237]: M. Rogers, "Dendroid malware can take over your camera, record audio, and sneak into Google Play", blog, 6 Mar. link [accessed 8/31/16] -[^238]: X. Zhang and W. Du, "Attacks on Android Clipboard", Detection of Intrusions and Malware and Vulnerability Assessment: 11th International Conference, 2014;http://www.cis.syr.edu/~wedu/Research/paper/clipboard_attack_dimva2014.pdf [accessed 8/31/16] +[^238]: X. Zhang and W. Du, "Attacks on Android Clipboard", Detection of Intrusions and Malware and Vulnerability Assessment: 11th International Conference, link [accessed 8/31/16] -[^239]: C. Xiao, "Update: XcodeGhost Attacker Can Phish Passwords and Open URLs Through Infected Apps", blog, 18 Sep. 2015;http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/ [accessed 8/31/16] +[^239]: C. Xiao, "Update: XcodeGhost Attacker Can Phish Passwords and Open URLs Through Infected Apps", blog, 18 Sep. link [accessed 8/31/16] -[^240]: S. Poeplau et al., "Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications", in Proceedings of the 2014 Network and Distributed System Security Symposium, 2014; http://www.internetsociety.org/doc/execute-analyzing-unsafe-and-malicious-dynamic-code-loading-android-applications [accessed 8/31/16] +[^240]: S. Poeplau et al., "Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications", in Proceedings of the 2014 Network and Distributed System Security Symposium, 2014; link [accessed 8/31/16] -[^241]: J. Xie et al., "Hot or Not? The Benefits and Risks of iOS Remote Hot Patching", blog, 27 Jan. 2016; https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html [accessed 8/31/16] +[^241]: J. Xie et al., "Hot or Not? The Benefits and Risks of iOS Remote Hot Patching", blog, 27 Jan. 2016; link [accessed 8/31/16] -[^242]: M. Thompson, "Method Swizzling", blog, 17 Feb. 2014; http://nshipster.com/method-swizzling/ [accessed 8/31/16] +[^242]: M. Thompson, "Method Swizzling", blog, 17 Feb. 2014; link [accessed 8/31/16] -[^243]: S. Skorobogatov, "The bumpy road towards iPhone 5c NAND mirroring," University of Cambridge Computer Laboratory, Cambridge, MA, 2016 +[^243]: S. Skorobogatov, "The bumpy road towards iPhone 5c NAND mirroring," University of Cambridge Computer Laboratory, Cambridge, MA, 2016; link [accessed 8/1/2022] -[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; http://simalliance.org/wp-content/uploads/2015/03/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf [accessed 10/24/2016] +[^250]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; link [accessed 10/24/2016] -[^251]: Host Card Emulation (HCE) 101, white paper MNFCC-14002, Smart Card Alliance Mobile & NFC Council, 2014; http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf [accessed 10/24/2016] +[^251]: Host Card Emulation (HCE) 101, white paper MNFCC-14002, Smart Card Alliance Mobile & NFC Council, 2014; link [accessed 10/24/2016] -[^252]: HCE Payment - How it works and best practices for banks, white paper, Mozido, 2016. +[^252]: HCE Payment - How it works and best practices for banks, white paper, Mozido, 2016; link [accessed 8/1/2022] -[^244]: "Keychain Services Programming Guide", Apple, 2016; https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html [accessed 10/14/2016] +[^244]: "Keychain Services Programming Guide", Apple, 2016; link [accessed 10/14/2016] -[^245]: "Android Keystore System", https://developer.android.com/training/articles/keystore.html [accessed 10/14/2016] +[^245]: "Android Keystore System", link [accessed 10/14/2016] -[^246]: E. Barker, Recommendation for Key Management: Part 1: General, NIST SP 800-574 pt. 1 rev. 4, National Institute of Standards and Technology, 2016; http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4 [accessed 10/17/2016] +[^246]: E. Barker, Recommendation for Key Management: Part 1: General, NIST SP 800-574 pt. 1 rev. 4, National Institute of Standards and Technology, 2016; link [accessed 10/17/2016] -[^247]: D. Pauli, "Every LTE call, text, can be intercepted, blacked out, hacker finds", The Register, 23 Oct 2016; http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ [accessed 10/26/2016] +[^247]: D. Pauli, "Every LTE call, text, can be intercepted, blacked out, hacker finds", The Register, 23 Oct 2016; link [accessed 10/26/2016] -[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; https://staff.science.uva.nl/j.j.vanderham/cases/wifi-sd-cards.pdf [accessed 10/24/2016] +[^S-Konstantaras-1]: S. Konstantaras and C. Dillon, _Exploiting Vulnerabilities of Wi-Fi SD cards_, project report, Universiteit van Amsterdam, 1 June 2014; link [accessed 10/24/2016] -[^Bunnie-1]: bunnie:studios, "On Hacking MicroSD Cards", blog, Dec. 2013; https://www.bunniestudios.com/blog/?p=3554 [accessed 10/24/2016] +[^Bunnie-1]: bunnie:studios, "On Hacking MicroSD Cards", blog, Dec. 2013; link [accessed 10/24/2016] -[^M-Zhang-1]: M. Zhang, "Android ransomware variant uses clickjacking to become device administrator", Symantec Official Blog, 27 Jan. 2016, www.symantec.com/connect/blogs/android-ransomware-variant-uses-clickjacking-become-device-administrator [accessed 11/29/2016] +[^M-Zhang-1]: M. Zhang, "Android ransomware variant uses clickjacking to become device administrator", Symantec Official Blog, 27 Jan. 2016, link [accessed 11/29/2016] -[^Y-Amit1]: Y. Amit, "\"Accessibility Clickjacking\" - The Next Evolution in Android Malware that Impacts More Than 500 Million Devices", Skycure Mobile Security Blog, 3 Mar. 2016, www.skycure.com/blog/accessibility-clickjacking/ [accessed 11/29/2016] +[^Y-Amit1]: Y. Amit, "\"Accessibility Clickjacking\" - The Next Evolution in Android Malware that Impacts More Than 500 Million Devices", Skycure Mobile Security Blog, 3 Mar. 2016, link [accessed 11/29/2016] -[^Symantec-1]: "Android.Lockdown.E", Symantec, 6 Aug. 2016, www.symantec.com/security_response/writeup.jsp?docid=2014-103005-2209-99 [accessed 11/29/2016] +[^Symantec-1]: "Android.Lockdown.E", Symantec, 6 Aug. 2016, link [accessed 11/29/2016] -[^251]: M. Vanhoef et al., "Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Netowrk Discovery Mechanisms.", in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016, pp. 413-424. +[^251]: M. Vanhoef et al., "Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Netowrk Discovery Mechanisms.", in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016, pp. 413-424; link [accessed 8/1/2022] -[^248]: M. Humphries, "Touchscreen keylogger created using accelerometer movement during typing", PCMag, 9 Dec. 2011; http://www.geek.com/mobile/touchscreen-keylogger-created-using-accelerometer-movement-during-typing-1420485/ [accessed 11/07/2016] +[^248]: M. Humphries, "Touchscreen keylogger created using accelerometer movement during typing", PCMag, 9 Dec. 2011; link [accessed 11/07/2016] -[^249]: E. Miluzzo et al., "Tapprints: your finger taps have fingerprints", in _Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services_, 2012, pp. 323-336; https://forge.info.unicaen.fr/attachments/download/559/tapprints-final.pdf +[^249]: E. Miluzzo et al., "Tapprints: your finger taps have fingerprints", in _Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services_, 2012, pp. 323-336; link -[^250]: C. Liang and H. Chen, "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion", presented at _6th USENIX Workshop on Hot Topics in Security_, 9 Aug. 2011; https://pdfs.semanticscholar.org/8c8c/f6ff0a88a5ae99360cada9afaf5439b61a8d.pdf [accessed 11/07/2016] +[^250]: C. Liang and H. Chen, "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion", presented at _6th USENIX Workshop on Hot Topics in Security_, 9 Aug. 2011; link [accessed 11/07/2016] -[^J-Padgette-1]: J. Padgette et. al, Guide to Bluetooth Security, Draft SP 800-121 rev. 2, National Institute of Standards and Technology, 2016; http://csrc.nist.gov/publications/drafts/800-121/sp800_121_r2_draft.pdf [accessed 12/07/2016] +[^J-Padgette-1]: J. Padgette et. al, Guide to Bluetooth Security, Draft SP 800-121 rev. 2, National Institute of Standards and Technology, 2016; link [accessed 12/07/2016] -[^O-Whitehouse-1]: O. Whitehouse, _War Nibbling: Bluetooth Insecurity_, white paper, 2003; www.wardriving.ch/hpneu/blue/doku/atstake_war_nibbling.pdf [accessed 12/07/2016] +[^O-Whitehouse-1]: O. Whitehouse, _War Nibbling: Bluetooth Insecurity_, white paper, 2003; link [accessed 12/07/2016] -[^O-Afonin-1]: O. Afononin, _TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion_, Elcomsoft Blog, 23 Sept 2016; https://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/ [accessed 12/9/2016] +[^O-Afonin-1]: O. Afononin, _TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion_, Elcomsoft Blog, 23 Sept 2016; link [accessed 12/9/2016] -[^D-Goodin-1]: D. Goodin, "Using Rowhammer bitflips to root Android phones is now a thing", _Ars Technica_, 23 Oct. 2016; http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/ [accessed 12/15/2016] +[^D-Goodin-1]: D. Goodin, "Using Rowhammer bitflips to root Android phones is now a thing", _Ars Technica_, 23 Oct. 2016; link [accessed 12/15/2016] -[^Apple-1]: "About the security content of iOS 10.3", Apple, https://support.apple.com/en-us/HT207617 [accessed 4/10/2017] +[^Apple-1]: "About the security content of iOS 10.3", Apple, link [accessed 4/10/2017] -[^AndroidDevBlog-1]: "An investigation of Chrysaor Malware on Android", blog, 3 Apr. 2017; https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html [accessed 4/5/2017] +[^AndroidDevBlog-1]: "An investigation of Chrysaor Malware on Android", blog, 3 Apr. 2017; link [accessed 4/5/2017] -[^TrendMicro-1]: "androidos_kagecoin.hbt" in _Threat Encyclopedia_, TrendMicro, 2014; http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/AndroidOS_KageCoin.HBT [accessed 01/05/2017] +[^TrendMicro-1]: "androidos_kagecoin.hbt" in _Threat Encyclopedia_, TrendMicro, 2014; link [accessed 01/05/2017] -[^V-Zhang-1]: V. Zhang, "Mobile Malware Mines Dogecoins and Litecoins for Bitcoin Payout", TrendLabs Security Intelligence Blog, 25 Mar. 2104; http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-malware-mines-dogecoins-and-litecoins-for-bitcoin-payout/ [accessed 01/05/2017] +[^V-Zhang-1]: V. Zhang, "Mobile Malware Mines Dogecoins and Litecoins for Bitcoin Payout", TrendLabs Security Intelligence Blog, 25 Mar. 2104; link [accessed 01/05/2017] -[^T-Katsuki-1]: T. Katsuki, "Android.Tascudap", Symantec; www.symantec.com/security_response/writeup.jsp?docid=2012-121312-4547-99 [accessed 01/05/2017] +[^T-Katsuki-1]: T. Katsuki, "Android.Tascudap", Symantec; link [accessed 01/05/2017] -[^AirWatch-1]: "VMSA-2017-0001", AirWatch Security Advisories, 30 Jan. 2017; http://www.vmware.com/security/advisories/VMSA-2017-0001.html [accessed 04/21/2017] +[^AirWatch-1]: "VMSA-2017-0001", AirWatch Security Advisories, 30 Jan. 2017; link [accessed 04/21/2017] -[^Ha-1]: A. Ha, "SilverPush Says It's Using Audio Beacons For An Unusual Approach to Cross-Device Ad Targeting", TechCrunch, 24 July 2014; https://techcrunch.com/2014/07/24/silverpush-audio-beacons/ [accessed 05/05/2017] +[^Ha-1]: A. Ha, "SilverPush Says It's Using Audio Beacons For An Unusual Approach to Cross-Device Ad Targeting", TechCrunch, 24 July 2014; link [accessed 05/05/2017] -[^Arp-1]: D. Arp, et al., "Privacy Threats through Ultrasonic Side Channels on Mobile Devices", [white paper], 2017; http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf [accessed 05/05/2017] +[^Arp-1]: D. Arp, et al., "Privacy Threats through Ultrasonic Side Channels on Mobile Devices", [white paper], 2017; link [accessed 05/05/2017] -[^Artenstein-1]: N. Artenstein, "Broadpwn: Remotely Compromising Android and IOS Via a Bug in the Broadcom Wi-Fi Chipset", [white paper], 2017; https://www.blackhat.com/docs/us-17/thursday/us-17-Artenstein-Broadpwn-Remotely-Compromising-Android-And-iOS-Via-A-Bug-In-Broadcoms-Wifi-Chipsets-wp.pdf [accessed 08/08/2017] +[^Artenstein-1]: N. Artenstein, "Broadpwn: Remotely Compromising Android and IOS Via a Bug in the Broadcom Wi-Fi Chipset", [white paper], 2017; link [accessed 08/08/2017] -[^Rambus-1]: "Evolving differential power analysis targets SIM cards," Rambus, 23 Sept. 2015; https://www.rambus.com/blogs/security-evolving-differential-power-analysis-targets-sim-cards/ [accessed 07/18/2017] +[^Rambus-1]: "Evolving differential power analysis targets SIM cards," Rambus, 23 Sept. 2015; link [accessed 07/18/2017] -[^D-Goodin-2]: D. Goodin, "Currency-mining Android malware is so aggressive it can physically harm phones", _Ars Technica_, 19 Dec. 2017; https://arstechnica.com/information-technology/2017/12/currency-mining-android-malware-is-so-aggressive-it-can-physically-harm-phones/ [accessed 02/02/2018] +[^D-Goodin-2]: D. Goodin, "Currency-mining Android malware is so aggressive it can physically harm phones", _Ars Technica_, 19 Dec. 2017; link [accessed 02/02/2018] -[^A-Chen-L-Goode-1]: A. Chen and L. Goode "The science behind exploding phone batteries", _The Verge_, 13 Oct. 2016; https://www.theverge.com/2016/9/8/12841342/why-do-phone-batteries-explode-samsung-galaxy-note-7 [accessed 02/02/2018] +[^A-Chen-L-Goode-1]: A. Chen and L. Goode "The science behind exploding phone batteries", _The Verge_, 13 Oct. 2016; link [accessed 02/02/2018] -[^J-Horn-1]: J. Horn, "Reading privileged memory with a side-channel", Project Zero blog, Google, Jan. 3, 2018; https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html [accessed 1/10/2018] +[^J-Horn-1]: J. Horn, "Reading privileged memory with a side-channel", Project Zero blog, Google, Jan. 3, 2018; link [accessed 1/10/2018] -[^P-Kocher-et-al-1]: P. Kocher et al., _Spectre Attacks: Exploiting Speculative Execution_, white paper, 2017; https://spectreattack.com/spectre.pdf [accessed 02/02/2018] +[^P-Kocher-et-al-1]: P. Kocher et al., _Spectre Attacks: Exploiting Speculative Execution_, white paper, 2017; link [accessed 02/02/2018] -[^M-Lipp-et-al-1]: M. Lipp et al., _Meltdown_, white paper, 2017; https://meltdownattack.com/meltdown.pdf [accessed 02/02/2018] +[^M-Lipp-et-al-1]: M. Lipp et al., _Meltdown_, white paper, 2017; link [accessed 02/02/2018] -[^P-Frigo-1]: P. Frigo et al., _Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU_, white paper, 2018; https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf +[^P-Frigo-1]: P. Frigo et al., _Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU_, white paper, 2018; link -[^300]: McAfee, _How Does Jailbreaking Or Rooting Affect My Mobile Device Security?_, blog, 13 Jun. 2012; https://www.mcafee.com/blogs/consumer/how-does-jailbreaking-or-rooting-affect-my-mobile-device-security [accessed 12/02/2019] +[^300]: McAfee, _How Does Jailbreaking Or Rooting Affect My Mobile Device Security?_, blog, 13 Jun. 2012; link [accessed 12/02/2019] -[^301]: Trend Micro, _Understanding Code Signing Abuse in Malware Campaigns_, blog, 5 Apr. 2018; https://blog.trendmicro.com/trendlabs-security-intelligence/understanding-code-signing-abuse-in-malware-campaigns [accessed 12/02/2019] +[^301]: Trend Micro, _Understanding Code Signing Abuse in Malware Campaigns_, blog, 5 Apr. 2018; link [accessed 12/02/2019] -[^302]: MITRE, _Install Insecure or Malicious Configuration_, blog; https://attack.mitre.org/techniques/T1478 [accessed 12/02/2019] +[^302]: MITRE, _Install Insecure or Malicious Configuration_, blog; link [accessed 12/02/2019] -[^303]: SearchSecurity, _backdoor (computing)_, blog, Aug. 2017; https://searchsecurity.techtarget.com/definition/back-door [accessed 12/02/2019] +[^303]: SearchSecurity, _backdoor (computing)_, blog, Aug. 2017; link [accessed 12/02/2019] -[^304]: B. Brenner, _Fur flies over Android bootloader flaws: here’s what you need to know_, Naked Security, blog, 6 Sep. 2017; https://nakedsecurity.sophos.com/2017/09/06/fur-flies-over-android-bootloader-flaws-heres-what-you-need-to-know [accessed 12/02/2019] +[^304]: B. Brenner, _Fur flies over Android bootloader flaws: here’s what you need to know_, Naked Security, blog, 6 Sep. 2017; link [accessed 12/02/2019] -[^305]: C. Puodzius, _UEFI malware: How to exploit a false sense of security_, WeLiveSecurity, blog, 19 Oct. 2017; https://www.welivesecurity.com/2017/10/19/malware-firmware-exploit-sense-security [accessed 12/02/2019] +[^305]: C. Puodzius, _UEFI malware: How to exploit a false sense of security_, WeLiveSecurity, blog, 19 Oct. 2017; link [accessed 12/02/2019] -[^306]: B. Donohue, _Weak Encryption Enables SIM Card Root Attack_, threat post, blog, 1 Aug. 2013; https://threatpost.com/weak-encryption-enables-sim-card-root-attack/101557/ [accessed 12/03/2019] +[^306]: B. Donohue, _Weak Encryption Enables SIM Card Root Attack_, threat post, blog, 1 Aug. 2013; link [accessed 12/03/2019] -[^307]: Security Research Labs, _New SIM attacks de-mystified, protection tools now available_, blog; https://srlabs.de/bites/sim_attacks_demystified/ [accessed 12/03/2019] +[^307]: Security Research Labs, _New SIM attacks de-mystified, protection tools now available_, blog; link [accessed 12/03/2019] -[^308]: Wikipedia, _Side-channel attack_; https://en.wikipedia.org/wiki/Side-channel_attack [accessed 12/09/2019] +[^308]: Wikipedia, _Side-channel attack_; link [accessed 12/09/2019] + +[^309]: Secure Element Deployment & Host Card Emulation v1.0, white paper, SIMalliance, 2014; link [accessed 10/24/2016] + +[^310]: Host Card Emulation (HCE) 101, white paper MNFCC-14002, Smart Card Alliance Mobile & NFC Council, 2014; link [accessed 10/24/2016] From ef3beada720c513057be220d813368bae1357ed4 Mon Sep 17 00:00:00 2001 From: samz-cs <68604439+samz-cs@users.noreply.github.com> Date: Mon, 8 Aug 2022 10:55:47 -0400 Subject: [PATCH 16/16] update instructions to include hyperlinks --- contributing.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/contributing.md b/contributing.md index 958234b..59d4feb 100644 --- a/contributing.md +++ b/contributing.md @@ -158,9 +158,10 @@ If you are familiar with Github you are also welcome to provide suggestions to c 1. After forking the repository, Find the ``references.md`` file located in the ``_includes`` folder 2. Make a new entry at the bottom of the file with the following format -``[^ReferenceID]: Author(s), "Name of Document", in Name of Publication, [type of resource], Date of Publication, URL (if available online)`` -3. Back in the threat file, make a call to the newly added reference using the following format ``[^ReferenceID]`` -4. [Create a pull request](#creating-a-pull-request). +``[^ReferenceID]: Author(s), "Name of Document", in Name of Publication, [type of resource], Date of Publication, [URL](link) (if available online)`` +3. If adding a url, please include the entire url including the protocol, otherwise the hyperlink will not work. +4. Back in the threat file, make a call to the newly added reference using the following format ``[^ReferenceID]`` +5. [Create a pull request](#creating-a-pull-request). #### Adding a Glossary Term