US office

+1 (0) 877 529 6694
UK office

+44 (0) 1565 658 480

Mobile Security

The Problem

Mobile platforms are the most used platform in the corporate environment and this proliferation has created the most widespread vulnerability.

Employees are issued with smartphones to improve productivity and responsiveness but without any threat or risk implications taken into account.

Mobile devices are constantly introduced into corporate networks (either by design, or inadvertently) without any clear policy or testing for the exposure that such devices introduce to the corporate security landscape.

Applications are built in-house, commissioned, or simply bought off the shelf. None of which have gone through any assurance process. Apps are prevalent at every level of the organisation.

Mobile platforms carry an implicit trust since they seem like limited devices with well-designed user interfaces and use-cases. They are actually built on fairly open platforms, fully featured computing platforms (equivalent of PCs), and a fully featured network stack.

Malicious software is easy to introduce into EVERY platform in the market (iOS, Android, BlackBerry OS, Windows Phone 7).

Breaching the Network Perimeter

Mobile devices have essentially de-perimiterised even the more vigilant organisations.
Wi-Fi connectivity to the corporate network combined with 3G access to the public internet and occasional connectivity to unknown networks (coffee shops) have rendered these devices into a highly sought after attack vector for criminals.

Conclusion: Companies need to assess their current situation internally in terms of mobile platform threats, as well as create a development and testing framework for the applications they build for their customers and users.

Mobile Application Security Testingflow

Mobile platform exposure risk analysis provides an accurate risk analysis for the organisation, with actionable recommendations for policies and controls by:

  • Review and test of mobile usage in a corporation.
  • Test currently deployed applications, platforms, and topology.
  • Check newly introduced devices.

Secure Development Lifecycle for Mobile Application R&D

We offer several services that can be obtained as a full package or on a staged basis for application security testing.

  • Design review and modifications
  • Architecture review
  • Threat Modeling
  • Code Review
  • Black/Grey/White