Mobile Devices Penetration Testing

[satyr]

any pointers on how to do a penetration testing for mobile devices ?

what sorts of things need to be considered security of mobile applications ?

also is there a guidelines for developing secure applications for mobile devices ?

any help in this regards is highly appreciated

[Jhaddix]

There was a really good presentation at Bsides by one of the Intrepidis guys on this. He attacked the protocols, auth mechanisms, and other aspects using a variety of MiTM attacks… Ill see if i can dig it up.

Mallory is gonna be sweet for this.

[satyr]

thanks 🙂

kindly share any information you have on this topic as it would be really helpful

[philocipher]

From what i know it seems like the easiest way to Pen Test a Cell phone or other mobile device is through blue-tooth hacking. I’ve read stuff about cloning cell phones as well but idk if that falls under the same category.

[Brian Cowen]

Hello guys….!
Thank you for your useful information.I like this kind of post which tell us much wander full massage. …!

[Darktaurus]

Hey guys,

I was just wondering, what are people here telling their customers after a pentest of mobile devices?  Should they disable bluetooth all together?  Create complicated 5 pin codes?  Encrypt them if applicable? Add antivirus where applicable?  It just seems like there are so many attack vectors with the mobile devices, it would be hard to nail down a secure way for all customers to use them 24-7.  Not to mention, the browser being vulnerable.  Just curious since I see so many companies now going to IPhones, Ipads, and Androids.  Thanks.

[T_Bone]

Here are some URLs to help start you off:

http://www.mcafee.com/us/resources/white-papers/foundstone/wp-pen-testing-iphone-ipad-apps.pdf

http://www.mcafee.com/us/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf

[magnologan]

Try this too… https://www.owasp.org/index.php/Mobile#tab=For_Security_Testers

[Author]

Posts