Editor's note
Editor's note
Editor's note
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Mobile Security<br />
Testing<br />
With a new generation of mobile App developers,<br />
who have yet to be trained about secure coding<br />
practices on the new platforms, has come a<br />
wealth of vulnerabilities just waiting to be identified and<br />
exploited. The smartphone revolution hasn’t just caught<br />
businesses off guard it has also exposed security testers<br />
who are often left without the knowledge or toolkits to<br />
be able to provide assurances about the security of the<br />
mobile platforms and applications they are testing. If you<br />
want to know more about how you can become part of<br />
the smartphone security testing revolution then read on!<br />
Introduction<br />
Before we get stuck into discussing how to go about<br />
security testing mobile platforms its worth just looking<br />
at which ones you are likely to encounter if being asked<br />
to perform testing either for a client or for your own<br />
enjoyment. The major platforms are currently:<br />
• Google Android – This recently became the market<br />
leading mobile platform and is very popular with<br />
end users who run it on both phones and tablets.<br />
Android is an open source platform built on Linux<br />
that is used on cheaper lower end devices but can<br />
also be very easy to test for security vulnerabilities.<br />
• Apple iOS – The original smartphone platform that<br />
arguably started this whole revolution and the one time<br />
market leader. iOS is a Unix like platform that is derived<br />
starterkit 02/2011(2)<br />
MOBILE PENTESTING<br />
New technology brings with it new opportunities, for developers<br />
and for security consultants and penetration testers. Usually we<br />
find that new technology brings new opportunities to introduce<br />
vulnerabilities and with the mobile revolution we certainly aren’t<br />
short of them.<br />
from Mac OS X and is designed to run on Apple’s own<br />
phones and tablets and there are several challenges<br />
associated with finding security vulnerabilities.<br />
• Microsoft Phone 7 – The new kid on the block as<br />
far as the major mobile platforms are concerned<br />
and Microsoft’s partnership with Nokia is certain<br />
to help its place in the market. Phone 7 is based<br />
on the Windows CE family although it is a closed<br />
platform with little information available about its<br />
security model.<br />
• RIM Blackberry OS – The current favourite of<br />
the corporate environment is the now ubiquitous<br />
Blackberry. Older devices run a proprietary<br />
Blackberry OS but newer incarnations including<br />
the Playbook tablet now runs on top of a modified<br />
version of the QNX operating system which provides<br />
more opportunity for interrogation of its security.<br />
There are a number of other smartphone platforms<br />
that you may encounter including Nokia’s Symbian<br />
and Palm’s WebOS which are now most likely confined<br />
to the annals of history. In this article we will focus<br />
on three of the platforms mentioned above with the<br />
majority of focus on the two market leaders.<br />
The Need for Testing<br />
Before we get stuck into the mechanics of testing<br />
mobile platforms for security vulnerabilities it is worth<br />
Page 12 http://pentestmag.com