Mobile Device Security Testing

Most businesses do not have a firm grasp of the security vulnerabilities associated with handheld devices used by their workforce. Mobile phones, iPads, iPhones, Android phones and tablets, Blackberries, and a myriad of other hybrid handheld devices are used to access business systems, but their inherent mobile security vulnerabilities are largely overlooked.

Given their size and portability, the primary security concern associated with these devices is their ability to store large amounts of information. Add to this the breadth of communication options available, and you have a device that introduces formidable risks to your systems and information.

A wide variety of security vulnerabilities exist with handheld devices: trojan horses and malware programs can easily be installed, thus creating a backdoor to networks, permitting unauthorised access. Worryingly, antivirus products for handheld devices are not evolved and operating systems currently do not limit malicious codes from modifying system files. Device connections can be intercepted, and data captured without the knowledge or permission of the user.

Risk Crew’s Engineers identify, minimise and manage mobile risks by testing the security integrity of their configurations and connections to your systems.

Security Testing Overview Download

Risk Crew Deliverables

Risk Crew delivers an all-encompassing service to includes testing, a detailed report of findings and remedial recommendations, a courtesy workshop and on-call assistance.

Detailed Report

The report details specific vulnerabilities identified on the platform, how they were identified, methods and tools used to identify them and visual evidence if applicable. The report shall indicate a security vulnerability risk rating for risk reduction references.

Courtesy Workshop

The report is presented in a workshop with applicable business stakeholders to ensure their understanding of the findings and the risks associated with hosting the business information assets on the platform.

On-call Advice Assistance

We provide advice and assistance for 30 days following the report submittal and answer any questions that arise from implementing remedial actions and ensuring risk reduction.

Complimentary Retesting

We offer retesting to verify remedial actions were effective. Upon completion, we’ll provide you a summary report verifying remedial measures have been implemented.

Customer Promise

We offer retesting to verify remedial actions were effective. Upon completion, we’ll provide you a summary report verifying remedial measures have been implemented.

Mobile Device Penetration Testing Benefits

Risk Crew reviews the device hardware, operating system and applications for existing security vulnerabilities which if exploited, could potentially allow unauthorised access.

Testing activities may include but are not limited to:

✓Retrieving and/or unlocking cached credentials

✓Missing security patches, updates & fixes

✓Local Security Policy Circumvention

✓Password and pin cracking

✓Configuration data leakage

✓Unauthorised peer-to-peer connections (WiFi, Bluetooth)

✓Service enumeration

✓Geo-location data leakage

✓Encryption strength

✓Unauthorised tethering

Additionally, Risk Crew test the robustness of any controls such as passwords, PIN numbers, authentication, firewalls, VPS, anti-malware or encryption protection deployed to ensure the security integrity of the device of its connectivity to business systems.

Why Choose Risk Crew

Our experienced security engineers implement detailed Mobile Device Testing methodologies to effectively assess your businesses capabilities to detect and mitigate an attack against your business’s mobile devices. All security testing engineers are thoroughly vetted and subject to in-depth professional, criminal and credit records checks.

When you choose Risk Crew, you’re electing to work with qualified experts.

Best Practice

Risk Crew follows best practices including OWASP and NIST

Accredited

Engineers carry CREST, C√SS, C│EH and GIAC credentials

Certified

Engineers hold ISACA CISSP, CISM and CRISC certifications

Subject Matter Experts

Risk Crew engineers are SMEs with published articles in industry journals & magazines

Find out how Risk Crew can help reduce the security risks to mobile devices used in your business.

Frequently Asked Questions

What is mobile device security and why is it important?

Mobile device security is defined as the security measures deployed to protect the sensitive information processed, stored or transmitted by smartphones, tablets, laptops and any other portable device. Mobile devices are increasingly used by attackers to access business systems and sensitive data as they are largely omitted in a business’ security defences and can provide a backdoor for unauthorised access.

What are the most serious mobile device security threats?

From the myriad of threats to mobile devices the most significant are network spoofing, malware (such as spyware, tracking software or call-jacking), data interception, broken cryptography and unauthorised Wi-Fi and Bluetooth connections.

What are best practices for securing mobile devices?

Best practices for reducing the cyber risks to mobile devices range from the use of strong passwords or biometrics, using virtual private network connections (VPN) installing anti-malware ensuring the latest software is used and encrypting sensitive data stored locally on the device.