Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Core Impact Adds Mobile Device Exploits, Widens Metasploit Integration

Core Security has introduced mobile device testing and measurement in the latest version of its Core IMPACT penetration testing software. Version 12 also improves Core's integration with the popular open source Metasploit Framework pen-testing tool.

Mobile phones, which have been hyped as a coming major attack vector for years, have become a hot-button security issue. Smart phones, capable of both cellular and Wi-Fi connectivity, have grown more powerful and capable of storing large amounts of data. They are commonly used to access corporate email and other standard business applications.

In addition to managed phones, chiefly BlackBerry devices, enterprises are embracing the use of privately owned devices, particularly the iPhone and, increasingly, Android. Attackers can potentially retrieve data or, more likely, read corporate email and/or use the victim’s account to pose as a legitimate user to conduct spear-phishing attacks within the enterprise.

Core Impact Pro v12 allows penetration testers to exploit critical exposures by:

  • Retrieving phone call, SMS and MMS logs
  • Scraping GPS and contact information
  • Taking snapshots using the mobile device’s camera

    The new release also uses social engineering techniques to test user awareness and trust on mobile devices. Testing techniques include phishing emails and texts; Web form impersonation; fake wireless access points; and man-in-middle attacks.

    • 1