Core Security Announces New Mobile Phone Hacking Capabilities

PRESS RELEASE

BLACK HAT USA 2011 – Las Vegas, NV. – August 4, 2011 – Core Security Technologies' today announced the world’s first security test and measurement solution that safely replicates sophisticated real-world attacks against popular smartphones to meet the demands of enterprises to lock down their mobile infrastructures. CORE IMPACT' Pro v12 penetration testing software is the only commercial-grade solution available that pinpoints security exposures in Android, BlackBerry and iPhone mobile devices to help prevent the theft and compromise of sensitive enterprise data accessible deeply within them – including phone call and SMS information, contacts and GPS location data.

CORE IMPACT Pro v12 significantly advances the use of the community-developed Metasploit Framework through one-of-a-kind features that meet strict enterprise requirements for effective use of open-source exploits. Metasploit Framework exploits effectively supplement Core Security’s vast library of commercial-grade exploits researched and designed by CoreLabs, the innovative world-class IT security research center within Core Security.

Additionally, CORE IMPACT Pro now supports IPv6 environments, provides assessment capabilities for all OWASP Top Ten Web application vulnerabilities, and establishes VPN pivots on Windows' and Linux' systems.

“With budget cutbacks, many companies are discontinuing the supply of company-issued cell phones and allowing employees to use their personal devices to connect to the system. It is inevitable that we are, as a society, continuing to become a fully dependent mobile world with a variety of devices at our fingertips,” said William R. Whitney III, operations and technical services manager, Garland Power & Light Operations. “With Core’s new mobility testing feature, we can now feel a little sense of security with employees using their personal devices, and have the data to prove whether or not the devices are secure. Core is on the right track because they value my opinions and that helps to provide the technology I need to in order to effectively protect a public utility.”

"While a rapidly increasing amount of employees want to use the mobile device of their choice to access corporate email, applications and data, IT staff need to know the security risks posed by every device they grant access to networked resources,” said Chris Hazelton, research director, mobile and wireless, at the 451 Group. “71.2 percent of U.S. companies allow employees to connect their own mobile devices. This creates a rapid and ever changing environment, so it is critical that IT staff put tools in place to determine the specific risks that a mobile device can introduce to a secured network and what needs to be done in order to prevent a breach."

New Features: CORE IMPACT Pro v12

CORE IMPACT Pro assesses the real-world security of Web applications, network and endpoint systems, mobile and network devices, wireless networks, email users and information security policies. The award-winning penetration testing software solution safely replicates a broad range of threats to identify exactly where and how an organization’s critical data can be breached.

New Mobile Device Penetration Testing Capabilities

Evaluate Android, BlackBerry and iPhone mobile device security, prior to deployment

Identify and prove critical exposures to data, just as deeply as criminals

o Retrieve phone call, SMS and MMS information

o Download contacts

o Gather GPS location data

Assess end-user security awareness using common social engineering techniques

o Phishing emails and texts

o Web form impersonation

o Fake wireless access points

o Wireless Man-in-the-Middle (MITM) attacks

Gain actionable data and reports on mobile device security

o Required to mitigate financial, operational and reputational risks

“Mobile phones are ideal targets for criminals to attack. Everyone uses them, and they allow access to valuable information that is getting easier to steal,” said Griffin Reid, systems security analyst at Secure Network Technologies. “We understand the need to measure the security of each and every part of a network and use CORE IMPACT Pro to help our customers find out where vulnerabilities exist so we can exploit them.”

Advanced Usage of Metasploit Exploits*

Run Metasploit Framework exploits through any pivot point to remotely launch exploits against compromised systems, regardless of where they fall on the attack path revealed during testing

Increased testing scope to reflect a broader range of attacks, by selecting and identifying Metasploit Framework exploits using built-in selection capabilities

Deploy Core Security’s patented agent payload to take advantage of advanced post-exploitation and pivoting capabilities, based on exploits created by either Core Security or Metasploit Framework

Encrypt all agent payload communications for penetration testing

Support for OWASP Top Ten, IPv6 and VPN Pivoting

Assessment capabilities that address all OWASP Top Ten Web application vulnerabilities

o Includes cross-site request forgery, OS command injection, and unvalidated redirects and forwards

Security assessments that now target and attack over IPv6 systems

VPN pivoting on both Windows and Linux systems

o Run vulnerability scanners and other complementary solutions against targeted systems

Enhanced anti-virus evasion

“The sophistication of recent online attacks makes it clear that criminals are successfully striking major enterprises at multiple stages across several attack vectors – including mobile,” said Mark Hatton, president and CEO of Core Security. “Companies cannot afford to rely on incomplete solutions or promises to defend against these real-world threats. They make it clear that proven, enterprise-grade security solutions are required to lock down their data throughout the entire IT infrastructure, and we are delivering that with the new release of CORE IMPACT Pro.”

CORE IMPACT Pro will be available in late Q3 2011 direct from Core Security and its solutions partners. Learn more about the latest release CORE IMPACT Pro penetration testing software at www.coresecurity.com/impact.

About Core Security

Core Security is the leader in enterprise security test and measurement solutions and provides more than 1,300 companies and government organizations worldwide with real-world intelligence that reveals exactly where and how outside attacks can happen – before they occur. Core Security solutions help enterprises manage and identify risks throughout the IT infrastructure that matter most and are backed by more than 15 years of leading-edge research and expertise from CoreLabs, the innovative IT security research center within Core Security. For more information, visit www.coresecurity.com.