Mobility Security and Penetration Testing

One of the most challenging areas to implement robust security is with mobile devices and applications.

Even the most security-conscious organisation may have a challenging time managing a diverse collection of mobile devices such as Androids, iPhones and tablets. Each device comes with a different operating system, updates, patches, encryption, applications and security software.

Many commercial enterprises use tablets for ordering, billing, internal communications and loyalty programs and transmit critical data wirelessly and often via custom applications or software.

As globalisation continues, the standard working day changes and mobile devices are used 24/7, both in the office and in diverse geographic locations.

Malware and exploits aimed specifically at mobile devices and applications are common, with goals including interception of data, ransom attacks, destructive viruses or social-engineering attacks such as phishing. Mobile devices are often exposed to nearly every attack a desktop system may encounter, plus some specifically targeted to mobile devices – and yet the security measures are often considered secondary to functionality. Mobile devices bring considerable communication advances, but come with an entire range of new issues.

Employees generally retain company devices beyond the office, and use them outside of business requirements. They may be frequently connected to free Wi-Fi services, used for personal banking or online purchases and may be used by family members to communicate, play games, download applications and transfer data. The popularity of “Bring Your Own Device” (BYOD) is also increasing, meaning that significantly less control over the content and usage of mobile devices is in the hands of the organisation.

Many of these devices are then connected to the internal network, and present a genuine risk to an organisation’s security posture.

Requirements for compliance and governance of mobile devices and applications can also be complex and confusing, and in many cases no defined standard is in place.

Even organisations that consciously implement a Mobile Device Management (MDM) solution may not have full visibility of what is protected and how.

Testing the security of mobile solutions is essential to uncover vulnerabilities and exposures, and lead the way to determining best-practice, configuration recommendations and lists of safe and unsafe applications.

Sense of Security employs specialist consultants with considerable expertise in mobile device and application security, and knowledge of current governance requirements. Consultants can assess the various mobile technologies in use (including iOS and Android systems) for a broad range of security vulnerabilities or compliance to specified standards (PCI DSS for example). If required, they can actively penetration test your devices, systems and applications to attempt to compromise the device or even gain access to your internal network.

Where custom application or software solutions are in place, SOS can assess the source code or otherwise test the application for vulnerabilities, utilising established internal methodologies and respected industry standards such as OWASP (Open Web Application Security Project).

A Sense of Security Mobile device assessment can be performed to an agreed scope to test your company’s mobile security position and provide recommendations for how to better secure the broad range of mobile devices in use.

To discuss how our specialist security services can help your organisation with mobility matters please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.

Contact Us