CY-EL5Semester 74 (3-0-2)Elective

Mobile & Wireless Security

Syllabus

Unit 1: Mobile Platform Security Architecture

Android security model (sandboxing, app permissions, SELinux), iOS security (code signing, sandbox, XNU kernel), App lifecycle and inter-process communication (Intents, AIDL, XPC), Secure boot chain and verified boot, Mobile device management (MDM) frameworks, Root/jailbreak detection bypasses, Hardware security (TEE, ARM TrustZone).

Unit 2: Mobile Application Security

Static analysis (MobSF, QARK), Dynamic analysis (Frida, Objection), Reverse engineering (APKTool, Hopper, IDA), Common vulnerabilities (insecure storage, hard-coded secrets, improper IPC), OWASP Mobile Top 10, Certificate pinning bypass, Runtime hooking and SSL pinning evasion, Binary protection (obfuscation, RASP).

Unit 3: Wireless Network Security Protocols

802.11 wireless fundamentals (WEP, WPA, WPA2, WPA3), Wi-Fi attack vectors (evil twin, KRACK, PMKID), Enterprise security (802.1X/EAP methods: PEAP, EAP-TLS), Bluetooth Low Energy (BLE) security (pairing modes, Just Works vulnerability), BLE attacks (knob turning, spoofing), Zigbee/IoT protocol security, Wireless IDS/IPS.

Unit 4: Cellular Network Security

GSM/CDMA vulnerabilities (A5/1 cracking, IMSI catchers), LTE/4G security (EPS-AKA, SUCI encryption), 5G security architecture (SUPI concealment, SEAF authentication), Mobile network attacks (SS7 exploitation, Diameter signaling), IMS/SIP security, Roaming security risks, SIM toolkit and OTA attacks, eSIM security.

Unit 5: Mobile Threat Landscape and Forensics

Mobile malware evolution (banking trojans, spyware), Phishing and social engineering vectors, MDM bypass and enterprise compromise, Mobile forensics (logical, file system, physical extraction), JTAG/ISP chip-off methods, Anti-forensics (app shredders, secure erase), Mobile security frameworks (MASA, GSMA NESAS).

Skills

Computer NetworksCyber SecurityEmbedded SystemsGISSemiconductor DesignCommunication Skills

Structure

Semester: 7

Credits: 4 (3-0-2)

Category: Elective

Practicals

Lab 1: Android App Reverse Engineering: Focuses on APK decompilation, manifest analysis, permission abuse.
Lab 2: iOS App Analysis: Focuses on IPA cracking, runtime hooking with Frida/Cycript.
Lab 3: Wi-Fi Security Assessment: Focuses on Aircrack-ng suite, WPA2 cracking, evil twin setup.
Lab 4: Bluetooth/BLE Exploitation: Focuses on GATT attacks, Ubertooth, gattacker, BLE recon.
Lab 5: Mobile Dynamic Analysis: Focuses on MobSF automation, Objection scripting, SSL pinning bypass.
Lab 6: Cellular Network Recon: Focuses on OpenBTS/IMSI catcher simulation, SS7 basics.
Lab 7: Root Detection Bypass: Focuses on MagiskHide, Frida anti-root scripts.
Lab 8: Mobile Forensics Acquisition: Focuses on Cellebrite/Grayshift, ADB backup analysis.
Lab 9: Wireless IDS Deployment: Focuses on Kismet, Snort wireless rules.
Lab 10: Mobile Pentest Report: Focuses on complete app/network assessment with remediation.