What do you keep close to you almost constantly but that can potentially cause you and your business untold amounts of harm?
The answer: iPhone or Android, Windows or Blackberry, the mobile is modern life’s essential accessory.
And with mobile applications being increasingly used for such sensitive operations as personal and corporate finance, communication and even romantic liaisons, the lure for attackers is bigger than ever. Indeed, Gartner predicts a sea change this year in what attackers target, with endpoint breaches likely to centre on mobile devices as opposed to the traditional targets of laptops and desktop computers. Furthermore, vulnerabilities or misconfigurations at an application level, as opposed to a device level, are expected to cause 75% of mobile security breaches.
To prevent such vulnerabilities and misconfigurations, thorough testing during an application’s development is essential, which is why MWR’s drozer and needle were created. Drozer, launched in 2012 as Mercury, and needle, launched in 2016, streamline the assessment of mobile devices to allow for the effective assessment of mobile applications without the need for multiple tools. Drozer assesses Android applications; Needle Apple iOS.
Now MWR has launched a new website to provide user guides, blogs and examples to make it easy to track the development and utilise new features in both tools. Visitors to the site can use such functions to identify weaknesses in mobile applications as soon as support is added to support the identification of new vulnerable areas
Mobiletools.mwrinfosecurity.com includes user guides that cover such operations as installing the tool, starting a session, using it for application security assessments and installing modules. Developers can use these guides to get to grips with both tools in order to highlight weaknesses before they are introduced into applications under development and can integrate them into existing secure development lifecycles.
Drozer and needle are also key tools for security professionals, providing them with a framework for modules to be developed to target specific vulnerability identification and an easy way for integration. For example, security consultants employed by an organisation can use drozer or needle in a red team exercise, where they have an open scope to attack assets belonging to a company to test its digital infrastructure and security standards. The tools allow them to expand the attack surface to include mobile devices as a path of entry into a company’s network.
Commenting on the site launch, MWR’s Group Professional Services Director Martyn Ruks said:
“Drozer and needle are essential tools for assessing an application’s security from both a developer’s and a corporate security professional’s perspective. The development of both tools has been driven by substantial feedback from the security community and the new website will further encourage collaboration in allowing anyone to contribute to and advance the tools to allow for improved assessment techniques.”