Almost every day, new technology arises so organizations must be up to date with their security solutions to avoid being hacked. One such device that is constantly changing are the devices that uses mobile device technology. Vulnerability assessments and penetration testing requirements for these types of devices are a little different from ordinary devices.
Phone hacking is not limited to entering pin numbers and tapping them. Criminals can get access to your phone simply by manipulation of some data on the mobile devices and numerous social engineering techniques with the use of malicious codes. Mobile users are at risk of being attacked through phishing and installation of fake access points is just some of the techniques attackers are using to control mobile devices. Penetration testing on mobile devices can be done by using rouge access point detection technique since attackers typically takes advantage of delay in awareness of most users as a point of attack. This type of penetration testing technique will require testers to look for 802.11n networks which are not commonly detected by testers. Phishing tests could also be made where users are tricked to access a link which will prompt an attack. Response to data requests could also be inserted to the existing traffic which will later be used to attack the device.
Mobiles devices are more vulnerable since they are access in public locations where proper security measures are not properly in placed. When making vulnerability assessments for mobile devices, the access point of the devices and possibility of access to vulnerable data through sharing of files and availability of data online must be taken into consideration. Possibility of losing the device or stolen devices must also be addressed when making the assessment.
References:
“Penetration testing for mobile phones” (2011). HelpNetSecurity.org. Retrieved on February 21, 2012 from http://www.net-security.org/secworld.php?id=11394
“Penetration Testing Goes Mobile” (2012). Fedtechmagazine.com. Retrieved on February 21, 2012 from http://www.fedtechmagazine.com/article/2011/01/penetration-testing-goes-mobile-0