Mobile & Wireless Security Testing

CryptoForensics’ Mobile and Wireless Security Testing offerings are designed to help organizations safely embrace the full reach and opportunity of mobile devices and applications. Employing a holistic approach, our assessment looks at the security and compliance risks of your entire mobile application, its associated back-end systems, and the interactions and data flows between them.

The proliferation of mobile devices and mobile applications—combined with the demands from executives and employees for support of their personal devices to access business applications and data—force IT organizations to take a hard look at their current mobile infrastructure.
Unfortunately, much of this infrastructure is inadequate to deal with today’s challenges, including:

• The growing diversity of mobile platforms and applications being introduced
• Addressing mobile security concerns and protecting data as it moves further outside the network perimeter
• Responding to staff members’ demands for IT support of their personal devices

Our Mobile Security offerings include:
I. Solutions to address Bring Your Own Devices Challenges (BYOD).

BYOD is a multidimensional challenge with varying device types, OS platforms, differing network and mobile data security features, and a corresponding loss of organizational control over devices and what can or cannot be stored in them. IT organizations feel the pressure to support personal mobile devices across their businesses. However, supporting employees’ personal devices adds layers of complexity to any mobile support and security strategy. Though arguments for supporting BYOD include increased productivity and higher morale, the strategy may not yield a discernible ROI for IT and businesses to capture.

The CryptoForensics’ Mobile Security Strategy Roadmap Service is designed to help IT organizations determine the most efficient and cost-effective path to support BYOD while concurrently protecting your networks and data from unauthorized access. Our mobile security experts are highly versed in all aspects of mobile support technologies and strategies, including user authentication, mobile device management, mobile device security, secure communications, and data encryption. They can conduct specialized workshops and extensive interviews with major stakeholders across an organization to assess our clients’ mobile support and security requirements, help them evaluate current capabilities, and design mobile support and device management solutions that protect their networks, valuable data, and comply with myriads of regulatory requirements.

II. Mobile Applications/Device Penetration Testing/Use Risk Assessment.

From rogue access points to weak encryption algorithms, threats to wireless networks are unique and the risk the technology poses can be significant. A wireless penetration test identifies organizational weaknesses the same way an attacker would: by hacking it. CryptoForensics Technologies offers a wide range of Wireless Penetration Testing services, from security tests of standard corporate Wi-Fi networks to assessments of specialized wireless solutions. For corporate Wi-Fi deployments, we identify wireless exposures using a number of techniques, including information gathering, traffic sniffing, and authentication bypassing. We also offer custom research services and security evaluations for various technologies, including wireless IPS, wireless payment devices, and other solutions.

Our wireless security testing focuses on enumerating and verifying potential attack vectors and threats to your organization’s wireless infrastructure. The wireless security test is comprised of the following major phases:

• Access point discovery
• Wireless Penetration Testing
• Post wireless exploitation.

Upon completion of the wireless penetration test exercise, CryptoForensics will provide a comprehensive report, including a clear and concise analysis of the current state of the security controls. The analysis will identify areas that need to be resolved in order to achieve an adequate level of security.

Typical contents of the deliverable are:

• Purpose of the engagement including project’s scope and approach
• Positive security controls that were identified
• Tactical resolutions to immediately reduce risk in the environment
• Strategic recommendations for preventing similar issues from recurring
• An industry comparison based on our vast experience from similar previous engagements
• An in-depth analysis and recommendations for technical staff to understand the underlying risks and recommendations, including:
  • A technical description and classification of each vulnerability
  • Anatomy of exploitation including steps taken and proof in the form of screenshots
  • Business or technical risk inherent in the vulnerability
  • Vulnerability classification that describes the risk level as a function of vulnerability impact and ease of exploitation
  • Technical description of how to mitigate the vulnerability

III. Mobile Applications/Device Use Risk Assessment.

The CryptoForensics’ Mobile Device Use Risk Assessment is designed to assess risk and security controls for a specific mobile device use case. The Mobile Device Use Risk Assessment is uniquely different from a Mobile Application Security Assessment in that the target is not a specific mobile application. At the same time, the Mobile Device Use Risk Assessment is not intended as a strategic evaluation of an entire mobile strategy or support model, but rather, it is an in-depth evaluation of a specific usage model and associated system or process. As such, Mobile Application Security Assessment is a holistic security and risk assessment of your mobile device-based application. CryptoForensics can help your organization to:

• Plan for your large mobile deployment from beginning to end through our comprehensive evaluation of your use, the risks you may encounter, and the controls you need
• Define high-level policies for controlling and monitoring risk associated with mobile devices and applications.
• Establish a governance framework for data compliance that encompasses mobile platforms and integrates mobile security considerations into your overall security program.