Penetration Testing for Mobile Devices
“Phone hacking” goes way beyond guessing pin numbers and listening to voicemail. In reality, criminals can easily access and manipulate the data on mobile devices by targeting end users through a combination of social engineering techniques and malicious code. Phishing, fake wireless access points, and other social engineering attack techniques have been responsible for many large, high-profile network breaches. Mobile devices put these risks within arm’s reach of employees every hour of the day.
Mobile Device Penetration pinpoints and addresses gaps in end-user awareness and security exposures in their devices before attackers do. With iNet|Detect’s Mobile Device Penetration Testing capabilities, you can demonstrate the exploitability of Android™, iPhone®, iPad®, Windows®, and BlackBerry® smart devices using the same attack techniques employed by criminals today.
Conducting mobile penetration tests with iNet|Detect enables you to …
- Identify and prove critical data breach exposures created by mobile devices in your environment
- Evaluate the security of new mobile technologies prior to deployment
- Get actionable data required to mitigate financial, operational & reputational risks
- Assess end-user security awareness of social engineering techniques
- Protect end users from defamation, fraud and blackmail
- Audit and report on mobile device security to executive management and other stakeholders
Assess Mobile Device Security Before Attackers Do
iNet|Detect’s Mobile Penetration Testing capabilities assess end users and their devices through the following real-world attack techniques:
- Phishing:
Enables you to send emails and texts that determine whether your organization’s employees would fall prey to phishing and spear phishing attacks by clicking through to malicious sites and/or installing nefarious mobile apps. - Web form impersonation:
Assess data leakage threats by conducting phishing tests seeded with links to web forms designed to capture and record user-entered data, such as usernames and passwords. - Fake wireless access points:
Impersonate valid wireless access points in an attempt to trick users into connecting their devices to them. - Wireless man-in-the-middle (MITM) attacks:
Identifies and monitors wireless networks that have either no encryption or WEP-based encryption and observe any connected devices.
Reporting: Gain Actionable Data to Address Critical Exposures
Mobile Device Penetration generates the following reports to assist in vulnerability remediation and fulfill security assessment documentation requirements:
- Mobile Device Reports record information on all mobile devices accessed during testing
- Executive Reports provide a high-level overview of test findings
- Client-Side Reports present the results of security awareness assessments
- Vulnerability Reports detail vulnerabilities exploited and provide links to remediation information
- Activity Reports provide audit trails of all targeted devices and conducted tests
- Delta Reports compare the results from tests repeated over time
- Attack Path Reports graphically depict the path followed to target and exploit specific devices
