Mobile Device Penetration Testing

Apple have sold more than 110 million iPhones and more than 25 million iPads to date.Similarly Google has activated more than 100 million Android devices since they were released in 2008. One of the reasons the devices have been so popular is due to their ability to download applications from the Apple App Store and Android Market which in 2011 contained more than 900,000 third party applications between them.

The programming language used to develop many iPhone and iPad applications is Objective C, where as the Android platform is Linux based and uses Java.Both Apple iOS and Android are effectively miniature computers, and consequently the applications that run on them are similar to conventional thick clients or web based applications.

Many of the mobile applications use web based functions which open them up to Cross Site Scripting (XSS), Cross Site Forgery (CSRF) and session hijacking attacks.These attacks are being mutated on mobile applications to capture user displays, keystrokes and to perform tapjacking, (similar to clickjacking)and screen smudging attacks.Similarly, iOS can be susceptible to buffer overflow attacks, and attackers can decompile code to identify security flaws and weaknesses.

Nettitude has broad experience in security testing mobile devices.Whether it is a phone or tablet based resource, Nettitude’s security consultants have a solid foundation in identifying vulnerability and exposure in both devices and applications alike.To find out how Nettitude can help you test your Web Applications for security vulnerabilities and exposures, please complete our contact form and a security consultant will respond to your enquiry.