Networking

09:06 AM
Connect Directly
RSS
E-Mail
50%
50%

Core Impact Adds Mobile Device Exploits, Widens Metasploit Integration

Core Security has introduced mobile device testing and measurement in the latest version of its Core IMPACT penetration testing software. Version 12 also improves Core' integration with the popular open source Metasploit Framework pen-testing tool.

Core Security has introduced mobile device testing and measurement in the latest version of its Core IMPACT penetration testing software. Version 12 also improves Core's integration with the popular open source Metasploit Framework pen-testing tool.

Mobile phones, which have been hyped as a coming major attack vector for years, have become a hot-button security issue. Smart phones, capable of both cellular and Wi-Fi connectivity, have grown more powerful and capable of storing large amounts of data. They are commonly used to access corporate email and other standard business applications.

In addition to managed phones, chiefly BlackBerry devices, enterprises are embracing the use of privately owned devices, particularly the iPhone and, increasingly, Android. Attackers can potentially retrieve data or, more likely, read corporate email and/or use the victim’s account to pose as a legitimate user to conduct spear-phishing attacks within the enterprise.

Core Impact Pro v12 allows penetration testers to exploit critical exposures by:

  • Retrieving phone call, SMS and MMS logs
  • Scraping GPS and contact information
  • Taking snapshots using the mobile device’s camera

    The new release also uses social engineering techniques to test user awareness and trust on mobile devices. Testing techniques include phishing emails and texts; Web form impersonation; fake wireless access points; and man-in-middle attacks.

    Previous
    1 of 2
    Next
    Comment  | 
    Print  | 
    More Insights
  • Slideshows
    Cartoon
    Audio Interviews
    Archived Audio Interviews
    Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
    White Papers
    Register for Network Computing Newsletters
    Current Issue
    2014 Private Cloud Survey
    2014 Private Cloud Survey
    Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
    Video
    Twitter Feed