Mobile Security is a relatively young discipline and because of growing complexity of devices, technologies and services, we believe that the threats in this field are increasing and that most of them are still unexplored.

Our services rely on an intensive research activity, which helps us in our effort to stay up to date in, and possibly ahead of, this rapidly changing scenario.
They are aimed at supporting the relevant parties of the Mobile Security environment in the identification, evaluation and mitigation of threats.

In the last few years we have been working in close contact with some mobile operators; our services have been applied in such contexts, helping our customers to better protect them.
We have also done a significant amount of work for other players in the mobile community.

Our offering addresses two of the main needs related to the security field: checking for new threats and getting proper knowledge of the existing ones.

Vulnerability Assessments

Vulnerability Assessments target an already existing platform, device or service with the aim of evaluation of the security level in one or more areas.

Our expertise extends, as an example, to the assessment of:

  • Security Model: refers to any function designed and implemented for security reasons.
    • Design – Proper design is of paramount importance for providing any kind of security. Mobile Security Lab is able to provide thorough security evaluation at the design level of the desired target or solution.
    • Implementation – Implementation of a security solution is often the most critical part. Even if backed from a sound design, many security solutions may fail because of implementation flaws. Mobile Security Lab can help in assessing the actual product, both at the source and binary level.
  • TCP/IP Stack – In an IP connected world, the TCP/IP stack is the foundation of each modern service. Robustness evaluation is performed with respect to a wide range of attacks. Fuzzing techniques are also extensively used in the target assessment.
  • Applications – Applications vulnerability assessment is performed on the target by means of typical activities such as binary, source and protocol analysis, fault injection.
  • Services – Mobile services usually rely on complex software infrastructure, based on both mobile software components and network-based services. Slight unnoticed details may concur in creating vulnerabilities at the system level. Assessment of such services need extensive coverage of all the components involved such as devices, protocols, applications, interface between components, protocol analysis.

Reporting services help our customers to stay on pace with the multiple security threats ad properly assess the risks against their assets, achieving a smaller vulnerability window and reducing total risk exposure.

  • Attack Validation – Validation of methodologies, attack techniques and tools performed by testing them chosen targets. Evaluation of attack scenarios and useful details in assessing are also provided.
  • Attack Analysis – In-depth technical analysis of a threat and the involved vulnerabilities, both as a stand alone item and as a threat to the customer’s specific environment. Involved vulnerabilities, attack vectors, feasible countermeasures and possible evolutions are also analyzed and pointed out.
  • Security News – Information gathering and filtering, providing security alerts and information strictly pertinent to the customer’s environment, maximizing signal to noise ratio.