Which of the following is characterized by an attack against a mobile device?

A.
Evil twin

B.
Header manipulation

C.
Blue jacking

D.
Rogue AP

Explanation:
A bluejacking attack is where unsolicited messages are sent to mobile devices using Bluetooth.
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as
mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the
name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.
Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can
reach up to 100 metres (328 ft) with powerful (Class 1) transmitters.
Bluejacking is usually harmless, but because bluejacked people generally don’t know what has happened,
they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but
with modern phones it’s possible to send images or sounds as well. Bluejacking has been used in guerrilla
marketing campaigns to promote advergames.
Incorrect Answers:
A: An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that
appears as a genuine hotspot offered by a legitimate provider.
In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the
personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a
phishing technique.
For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point
and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using
the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspotwith the same name. A mobile device could connect to an evil twin access point but an evil twin is does
not attack a mobile device.
B: Header manipulation is an attack on an application that access web pages or web services. It involves
introducing unvalidated data in an HTTP response header which can enable cache-poisoning, cross-site
scripting, cross-user defacement, page hijacking, cookie manipulation or open redirect. It is not used as a
direct attack on a mobile device.
D: A rogue access point is a wireless access point that has either been installed on a secure company
network without explicit authorization from a local network administrator, or has been created to allow a
hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security
threat to large organizations with many employees, because anyone with access to the premises can
install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to
a secure network to unauthorized parties. Rogue access points of the second kind target networks that do
not employ mutual authentication (client-server server-client) and may be used in conjunction with a
rogue RADIUS server, depending on security configuration of the target network. Similar to an evil twin, a
mobile device could connect to a rogue access point but an evil twin is does not attack a mobile device.

http://en.wikipedia.org/wiki/Bluejacking
http://www.techopedia.com/definition/5057/evil-twin
http://en.wikipedia.org/wiki/Rogue_access_point