Which of the following is characterized by an attack against a mobile device?

A.
Evil twin

B.
Header manipulation

C.
Blue jacking

D.
Rogue AP

Explanation:
A bluejacking attack is where unsolicited messages are sent to mobile devices using Bluetooth. Bluejacking is the sending of unsolicited messages over Bluetooth
to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for
bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.
Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1)
transmitters. Bluejacking is usually harmless, but because bluejacked people generally don’t know what has happened, they may think that their phone is
malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it’s possible to send images or sounds as well. Bluejacking has been
used in guerrilla marketing campaigns to promote advergames.
Incorrect Answers:
A: An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate
provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data
can be stolen by spying on a connection or using a phishing technique.
For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and

frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate
hotspot with the same name. A mobile device could connect to an evil twin access point but an evil twin is does not attack a mobile device. Therefore, this answer
is incorrect.
B: Header manipulation is an attack on an application that access web pages or web services. It involves introducing unvalidated data in an HTTP response header
which can enable cache- poisoning, cross-site scripting, cross-user defacement, page hijacking, cookie manipulation or open redirect. It is not used as a direct
attack on a mobile device. Therefore, this answer is incorrect.
D: A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network
administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large
organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that
can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual
authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network.
Similar to an evil twin, a mobile device could connect to a rogue access point but an evil twin is does not attack a mobile device. Therefore, this answer is incorrect.

http://en.wikipedia.org/wiki/Bluejacking
http://www.techopedia.com/definition/5057/evil-twin
http://en.wikipedia.org/wiki/Rogue_access_point