A known defender of human rights in the Arab Emirates receives a text message with a link which promises to give him certain sensitive information. On suspecting said message, he decides to make Lookout and Citizen Lab aware of it; the former a cybersecurity company focused on mobile devices and the latter an investigation laboratory centred around the study of communication technologies.
These businesses conclude that the message is a direct attack, intending to take advantage of the three 0 day vulnerabilities in iOS in order to take control of the owner’s iPhone and spy on him. They decided to make a responsible outreach group to make Apple aware of such information, which results in Apple publishing versión 9.3.5 de iOS in order to correct these errors that affect nearly 1,000 million users.
This case, despite seeming to be part of the main plot from a chapter from Person of Interest or Mr. Robot, is only one of the recent examples showing the relevance that cybersecurity has acquired in mobile phones in recent years. It is due to their incursion, both in a business and on a private level, that our way of interacting with the internet has changed, encouraging the appearance of professional profiles exclusively focused towards mobile technologies such as a Mobile Device Developer, Mobile Communications Technician, Expert in Mobile Security or Auditor in Mobile Security.
The need to acquire security knowledge has surged in this field. Technical knowledge is needed, which is often not easily accessible but very valuable for the current labour market.
Reservation for INCIBE's free course on Cybersecurity in Mobile Devices is now open on the Canvas Network and starts on 17 October, intending to respond to this labour need. Therefore, it has focused on a practical perspective with laboratories and investigation exercises that make the student apply all their course theory in a virtual training environment so they can acquire a deeper understanding and embed the concepts that are involved.
It is intended for technical staff who is interested in understanding and deepening their knowledge of the different mobile platforms in order to carry out vulnerability and forensic analysis of the incidents, whilst developing the mobile applications securely. The course, with an estimated duration of 52 hours, comprises the following units:
- Preparation of a test environment
- Risk analysis and threats in mobile environments
- Study of the make-up of mobile technologies
- Analysis of the vulnerabilities of devices and applications
- Forensic analysis of mobile environments
- Safe development of mobile devices
- Countermeasures and mitigation of risk
For example, a video is shown below which shows the unit: “Analysis of the vulnerabilities of devices and applications” so future students have a rough idea of what they can expect from the course. It shows how to analyse the components of an application through static analysis or how to investigate the security features of an application in execution through dynamic analysis. In this way, at the end of the unit the student will be capable of identifying application configuration issues that can result in information leaks or analyse their source code in search of vulnerable procedures.
For more detailed information please go to the website https://www.incibe.es/formacion. On the website you can find all the information about signing up and accessing the course, as well as the requisites and previous knowledge necessary.