During a Mobile Device Attack and Penetration, SecureState evaluates the following controls:
- Basic security controls, such as remote wiping, passcode auto locking, passcode brute force prevention, and enforcement
- Advanced security requirements, such as Rooting or Jailbreaking preventive controls, secure wireless, and VPN configurations
- Exploitation of known and unknown mobile device vulnerabilities
Additionally, if a target organization makes use of a Mobile Device Management (MDM) solution, attempts are made to bypass established controls and requirements.
Once a device has been compromised, SecureState attempts to find sensitive or confidential information either stored on the device or being used by applications.
Some of the "trophies" that can be retrieved by SecureState upon successful exploitation include:
- Application Logs and Data
- Contact Lists and Address Book
- Geolocation Data
- Keyboard Cache
- SMS Messages