Solution for Mobile Phones
New CORE IMPACT® Pro v12 Penetration Testing Software Assesses Security of Android™, BlackBerry® and iPhone® Smart Phones;
New Release Significantly Advances Use of Metasploit
Open Source Framework
BLACK HAT USA 2011 - Las Vegas, NV. - August 4, 2011 – Core Security Technologies ® today announced the world’s first security test and measurement solution that safely replicates sophisticated real-world attacks against popular smart phones to meet the demands of enterprises to lock down their mobile infrastructures. CORE IMPACT® Pro v12 penetration testing software is the only commercial-grade solution available that pinpoints security exposures in Android, BlackBerry and iPhone mobile devices to help prevent the theft and compromise of sensitive enterprise data accessible deeply within them – including phone call and SMS information, contacts, and GPS location data.
CORE IMPACT Pro v12 significantly advances the use of the community-developed Metasploit Framework through one-of-a-kind features that meet strict enterprise requirements for effective use of open-source exploits. Metasploit Framework exploits effectively supplement Core Security’s vast library of commercial-grade exploits researched and designed by CoreLabs, the innovative world-class IT security research center within Core Security.
Additionally, CORE IMPACT Pro now supports IPv6 environments, provides assessment capabilities for all OWASP Top Ten web application vulnerabilities, and establishes VPN pivots on Windows® and Linux® systems.
“With budget cutbacks many companies are discontinuing the supply of company issued cell phones and allowing employees to use their personal devices to connect to the system. It is inevitable that we are, as a society, continuing to become a fully dependent mobile world with a variety of devices at our fingertips,” said William R. Whitney III, Operations and Technical Services Manager, Garland Power & Light Operations. “With Core’s new mobility testing feature we can now feel a little sense of security with employees using their personal devices, and have the data to prove whether or not the devices are secure. Core is on the right track because they value my opinions and that helps to provide the technology I need to in order to effectively protect a public utility.”
"While a rapidly increasing amount of employees want to use the mobile device of their choice to access corporate email, applications, and data, IT staff need to know the security risks posed by every device they grant access to networked resources,” said Chris Hazelton, Research Director, Mobile and Wireless, at the 451 Group. “71.2% of US companies allow employees to connect their own mobile devices. This creates a rapid and ever changing environment, so it is critical that IT staff put tools in place to determine the specific risks that a mobile device can introduce to a secured network and what needs to be done in order to prevent a breach."
New Features: CORE IMPACT Pro v12
CORE IMPACT Pro assesses the real-world security of web applications, network and endpoint systems, mobile and network devices, wireless networks, email users and information security policies. The award-winning penetration testing software solution safely replicates a broad range of threats to identify exactly where and how an organization’s critical data can be breached.
New Mobile Device Penetration Testing Capabilities
- Evaluate Android, BlackBerry and iPhone mobile device security, prior to deployment
- Identify and prove critical exposures to data, just as deeply as criminals
- Retrieve phone call, SMS and MMS information
- Download contacts
- Gather GPS location data
- Assess end-user security awareness using common social engineering techniques
- Phishing emails and texts
- Web form impersonation
- Fake wireless access points
- Wireless Man-in-the-Middle (MITM) attacks
- Gain actionable data and reports on mobile device security
- Required to mitigate financial, operational and reputational risks
“Mobile phones are ideal targets for criminals to attack. Everyone uses them, and they allow access to valuable information that is getting easier to steal,” said Griffin Reid, Systems Security Analyst at Secure Network Technologies. “We understand the need to measure the security of each and every part of a network and use CORE IMPACT Pro to help our customers find out where vulnerabilities exist so we can exploit them.”
Advanced Usage of Metasploit Exploits*
- Run Metasploit Framework exploits through any pivot point to remotely launch exploits against compromised systems, regardless of where they fall on the attack path revealed during testing
- Increased testing scope to reflect a broader range of attacks, by selecting and identifying Metasploit Framework exploits using built-in selection capabilities
- Deploy Core Security’s patented agent payload to take advantage of advanced post-exploitation and pivoting capabilities, based on exploits created by either Core Security or Metasploit Framework
- Encrypt all agent payload communications for penetration testing
Support for OWASP Top Ten, IPv6 and VPN Pivoting
- Assessment capabilities that address all OWASP Top Ten web application vulnerabilities
- Includes cross-site request forgery , OS command injection, and unvalidated redirects and forwards
- Security assessments that now target and attack over IPv6 systems
- VPN pivoting on both Windows and Linux systems
- Run vulnerability scanners and other complementary solutions against targeted systems
- Enhanced anti-virus evasion
“The sophistication of recent online attacks makes it clear that criminals are successfully striking major enterprises at multiple stages across several attack vectors – including mobile,” said Mark Hatton, President and CEO of Core Security. “Companies cannot afford to rely on incomplete solutions or promises to defend against these real-world threats. They make it clear that proven, enterprise-grade security solutions are required to lock down their data throughout the entire IT infrastructure, and we are delivering that with the new release of CORE IMPACT Pro.”
CORE IMPACT Pro will be available in late Q3 2011 direct from Core Security and its solutions partners. Learn more about the latest release CORE IMPACT Pro penetration testing software at www.coresecurity.com/impact.
*Legal Disclaimer: Core Security cannot guarantee the reliability, safety and consistency of Metasploit exploits when used in conjunction with its solutions.
About Core Security
Core Security is the leader in enterprise security test and measurement solutions and provides more than 1,300 companies and government organizations worldwide with real-world intelligence that reveals exactly where and how outside attacks can happen – before they occur. Core Security solutions help enterprises manage and identify risks throughout the IT infrastructure that matter most and are backed by more than 15 years of leading-edge research and expertise from CoreLabs, the innovative IT security research center within Core Security. For more information, visit www.coresecurity.com.
Core Security Technologies, CORE IMPACT and CoreLabs are either registered trademarks or trademarks of Core Security Technologies in the United States and/or other countries. All other products, services and/or events referenced within this document are trademarks and/or registered trademarks of their respective companies.
Core Security Technologies