| |
Wireless subscribership and usage has been growing exponentially. According to the CTIA, there were 220 M subscribers in 2006 in the US generating over $ 118B in revenue. Some of the reasons for this explosive growth include innovative services such as SMS based features, multi-media content, web browsing and enterprise applications provided by carriers and their value added partners. Unfortunately, this wireless growth has extended a carriers wireless security perimeter and increased the number of threats they face on a regular basis.
M3 Security’s mobile application assessments help wireless carriers, enterprises, connectivity aggregators, ASPs/content providers, and mobile application developers to secure their environments, networks, and applications. Some of the threats are illustrated below:
M3 Security Assessment services provide the following benefits:
| Wireless Carriers |
Identify internal threats from malicious insiders, misconfigured devices, improper security policies and procedures, malware resident on the network |
Identify application security threats from carrier hosted web applications. Review application security against OWASP list, identifying administrative backdoors to web applications that can result in loss of customer sensitive data, billing fraud, Denial of Service attacks, hardening issues of application platform |
Identify gaps in security posture that enable external threats to be successfully launched against the carrier network using email, SMS, Enhanced SMS, Multimedia Service (MMS), corporate networks, connectivity aggregators, ASPs, mobile devices and inter-carrier wireless networks as a vehicle for the attack |
| Typical attacks can include but are not limited to SPAM (both incoming & outgoing), malware infection, theft of customer sensitive data/billing information, digital content rights violation, denial of service (DoS), fraud, and phishing |
| Assess risk associated with each threat and provide prioritized validated enumeration of risks |
| An actionable remediation plan |
Insecure security posture can result in an ASP’s environment being used as base or vehicle for launching of attacks against a carriers network. Our assessment services identify threats, enumerate risk and provide remediation plans to ensure ASPs are secure. Benefits include:
| Application Service Providers/Content Providers |
Avoid getting black listed by wireless carriers |
Application developer client retention |
Reduce loss of revenue |
| Competitive advantage (e.g. ISO 27001 certification) |
Given the rising popularity of wireless devices (PDAs/Smart Phones) with advanced features, processing and memory, hackers are using them as a vehicle to launch attacks. Threats include mobile device specific malware, Bluetooth exploits, spam, digital content rights violation, identify thefts, fraud etc. M3 Security provides assessment services that target both device and corresponding application server security.
| Device Specific Assessments include: |
Black box testing of different applications on mobile devices such as BREW, JaveME etc. |
Mobile source code review |
Application threat modeling |
| Assessments of the application's supporting server infrastructure through configuration reviews |
|
|
