Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Mobile Security

Mobile Security

Section titled “Mobile Security”

5 automated security scanners

Mobile Network Security

Section titled “Mobile Network Security”

Purpose: The Mobile Network Security Scanner is designed to evaluate and report on the security posture of mobile networks by assessing various aspects including VPN enforcement, insecure network detection, SSL/TLS configuration for mobile devices, public WiFi protection, and identifying vulnerabilities that could lead to traffic interception, man-in-the-middle attacks, or data exfiltration over untrusted networks.

What It Detects:

  • VPN Enforcement: The scanner checks for mentions of VPN requirement, always-on VPN references, per-app VPN, and VPN policy enforcement. It also flags the absence of any mention of VPN protection.
  • Network Detection: This includes checking for insecure network warnings, public WiFi detection, captive portal handling, verifying network trust indicators, and identifying missing network validation checks.
  • SSL/TLS Mobile Configuration: The scanner evaluates mobile-specific TLS settings, certificate transparency, certificate validation, pinning on mobile devices, and flags any weak or unencrypted SSL/TLS configurations.
  • Traffic Protection: It examines encrypted DNS usage, mentions of traffic encryption, end-to-end encryption, and data-in-transit protection to ensure secure communications across networks.
  • Network Policy: The scanner checks for network access controls, WiFi security requirements, cellular-only policies, and verifies any restrictions on network access to prevent unauthorized data leakage or interception.

Inputs Required:

  • domain (string): A fully qualified domain name (e.g., ekkatha.com) that represents the target mobile application’s server for analysis.

Business Impact: Mobile networks are critical infrastructure in today’s digital world, handling sensitive user data and transactions. Poor network security can lead to significant risks including unauthorized access to personal information, financial theft, and business disruption. This scanner helps organizations and regulatory bodies ensure compliance with mobile network security standards and protect against potential threats.

Risk Levels:

  • Critical: Missing or inadequate VPN enforcement that allows traffic interception is a critical issue as it can lead to severe data breaches and unauthorized access.
  • High: Insecure network warnings, lack of public WiFi protection, and weak SSL/TLS configurations are high risk factors as they facilitate man-in-the-middle attacks and data exfiltration.
  • Medium: Undetected or poorly enforced VPNs and inadequate network validation checks pose medium risks by potentially exposing user credentials to interception.
  • Low: Informal mentions of mobile TLS settings, while not directly risky, can indicate a lack of proactive security measures that might be improved for enhanced protection.
  • Info: Informational findings such as unencrypted DNS queries or lack of end-to-end encryption are considered low risk but still informative about the current configuration.

Example Findings:

  • The application mentions “VPN required” in its terms, but does not enforce a VPN connection, posing a critical risk for data protection.
  • Public WiFi detection is absent, allowing unencrypted traffic and potential eavesdropping on user communications.
  • SSL/TLS settings are weak, failing to meet modern security standards that could be exploited by MITM attacks.

This documentation provides a clear overview of the Mobile Network Security Scanner’s purpose, what it detects, required inputs, business impact, risk levels, and example findings in a user-friendly format suitable for stakeholders who may not have a technical background.

Mobile App Security

Section titled “Mobile App Security”

Purpose: The Mobile App Security Scanner is designed to assess the security posture of mobile applications by evaluating various aspects such as API endpoints, data storage, certificate pinning, authentication mechanisms, and potential vulnerabilities that could lead to unauthorized access, man-in-the-middle attacks, or data theft.

What It Detects:

  • Mobile API Detection: Identifies mobile API endpoints, checks for iOS/Android specific paths, detects SDK usage, and flags publicly accessible APIs.
  • Certificate Pinning Analysis: Analyzes the presence of certificate pinning mentions, tests SSL pinning implementation, verifies documentation, and identifies missing pinning protection.
  • Mobile Authentication: Tests mobile-specific authentication endpoints, checks for device binding, detects biometric authentication, and verifies token-based authorization.
  • Data Storage Security: Checks for encrypted storage mentions, detects secure enclave usage, verifies database encryption claims, and flags insecure storage indicators.
  • Mobile-Specific Vulnerabilities: Validates deep link validation, tests intent handling security, identifies WebView vulnerabilities, and verifies code obfuscation mentions.

Inputs Required:

  • domain (string): The fully qualified domain name of the mobile application under evaluation.

Business Impact: Mobile app vulnerabilities pose significant risks to user data and application integrity. Unencrypted local storage can expose sensitive information directly, while insecure API endpoints may lead to data leakage. Poor authentication mechanisms can facilitate unauthorized access, and reverse engineering can extract valuable secrets from an app.

Risk Levels:

  • Critical: Missing certificate pinning completely enables MITM attacks, exposing user data to interception by malicious actors.
  • High: Insecure storage methods or weak mobile authentication protocols pose significant risks of data theft if compromised.
  • Medium: Publicly accessible APIs and unencrypted local storage can lead to sensitive information exposure but are less critical than the above issues.
  • Low: Issues related to deep linking validation, intent handling security, and WebView vulnerabilities may not directly compromise user data but still affect app functionality and integrity.
  • Info: Code obfuscation mentions and SDK usage at a basic level do not significantly impact application security unless used in conjunction with other critical issues.

Example Findings:

  • An app exposes multiple mobile API endpoints without proper authentication, allowing unauthenticated access to sensitive data.
  • The app uses unencrypted local storage for user credentials, which can be easily accessed by unauthorized users.

This documentation provides a clear and comprehensive overview of the Mobile App Security Scanner’s purpose, functionalities, inputs, business impact, risk levels, and potential findings, tailored for a security audience familiar with mobile application vulnerabilities.

Mobile OS Security

Section titled “Mobile OS Security”

Purpose: The Mobile OS Security Scanner evaluates mobile operating system security by assessing various aspects such as OS version requirements, security patch enforcement, jailbreak/root detection, sandboxing implementation, and identifying vulnerabilities that could lead to privilege escalation, malware installation, or security bypass.

What It Detects:

  • OS Version Requirements: The scanner checks for minimum iOS/Android version, detects deprecation notices, tests for version enforcement, verifies update requirements, and flags outdated OS support.
  • Security Patch Level: It checks for patch level requirements, detects mentions of security updates, tests for patch enforcement, verifies update frequency, and flags missing patch requirements.
  • Jailbreak/Root Detection: The scanner includes jailbreak detection, root device integrity checking, and tamper detection to ensure platform protections are in place.
  • Sandbox Security: It evaluates sandboxing mechanisms, app isolation references, container security, and permission models to identify weak points that could allow data leakage or unauthorized access.
  • Platform Features: The scanner assesses secure boot, verified boot processes, SELinux/MAC implementations, and exploit mitigation techniques to ensure platform hardening against potential threats.

Inputs Required:

  • domain (string): Fully qualified domain name (e.g., ekkatha.com), which is essential for making HTTP requests to the target mobile OS application.

Business Impact: Evaluating mobile OS security is crucial as outdated versions and missing patches can be exploited by attackers, while jailbreak/root devices bypass critical protections that could lead to unauthorized access or data leakage. Proper sandboxing mechanisms are vital to prevent cross-app access and protect sensitive information.

Risk Levels:

  • Critical: This severity level applies when the mobile OS is known to be outdated with numerous exploits available, security patches are not enforced, devices have been jailbroken or rooted, or there’s significant evidence of weak sandboxing that allows unauthorized data access.
  • High: Applies when minimum required OS versions are not met, missing critical security patches exist, and there’s a risk of privilege escalation due to insufficient platform hardening features like secure boot or verified boot processes.
  • Medium: Indicates vulnerabilities in the mobile OS where outdated software components could be exploited with moderate effort but significant impact on data security. This includes cases where sandboxing mechanisms are not effectively implemented.
  • Low: Informational findings about missing specific OS version requirements, patch level enforcement, or platform features that do not pose immediate risks but should still be addressed for overall system integrity and compliance.
  • Info: These include general mentions of required inputs like domain names without concrete evidence of vulnerabilities or security issues.

Example Findings:

  1. The mobile OS application requires iOS version 12, which is deprecated with known exploits available for versions below 12.
  2. Security patch updates are not enforced, indicating a potential risk for ongoing attacks exploiting unpatched vulnerabilities.

This documentation provides a clear and detailed overview of the Mobile OS Security Scanner’s purpose, detection points, input requirements, business impact, risk levels, and example findings to help users understand how this tool assesses mobile operating system security.

Mobile Device Management

Section titled “Mobile Device Management”

Purpose: The Mobile Device Management Scanner is designed to assess the effectiveness of mobile device management (MDM) solutions in various domains. It aims to identify potential risks such as unauthorized access, data loss, and policy bypass by evaluating MDM presence, compliance enforcement, remote wipe capabilities, app distribution security, and weak policy enforcement.

What It Detects:

  • MDM Solution Detection: The scanner checks for mentions of prominent MDM vendors (Intune, Jamf, MobileIron) to determine if the domain is integrated with any MDM solution. It also tests for device registration APIs and verifies the presence of MDM services.
  • Device Compliance: This includes checking for compliance policies that enforce security measures such as jailbreak/root detection, OS version enforcement, and encryption requirements.
  • Remote Management: The scanner evaluates remote wipe capabilities, detects remote lock features, checks for location tracking, and verifies remote configuration settings to ensure proper device management.
  • App Distribution: It assesses the presence of enterprise app stores, identifies mechanisms for deploying apps, tests for whitelisting/blacklisting, and ensures that applications are signed securely.
  • Policy Enforcement: The scanner examines password policies, enforces VPN requirements, restricts network data access, and verifies data loss prevention measures to ensure robust policy enforcement across devices.

Inputs Required:

  • domain (string): A fully qualified domain name (e.g., ekkatha.com) that represents the target organization’s website or service.

Business Impact: Poor MDM implementation can lead to significant security risks, including data exposure due to missing remote wipe capabilities, risky devices enabled by weak compliance checking, and unauthorized access through unmanaged apps. This directly impacts enterprise mobile security posture and must be addressed to maintain regulatory compliance and protect sensitive information.

Risk Levels:

  • Critical: Missing remote wipe capabilities that allow for uncontrolled data exposure.
  • High: Weak enforcement of compliance policies leading to the acceptance of devices with potential risks.
  • Medium: Unmanaged apps that can install malware or bypass security measures, potentially exposing enterprise data.
  • Low: Informal password policies and basic VPN requirements without strict enforcement.
  • Info: Minimal app distribution mechanisms without stringent verification of signed applications.

Example Findings:

  1. The domain does not mention any MDM vendors, indicating a lack of mobile device management integration.
  2. Compliance policies are overly permissive, allowing devices that can be remotely wiped without proper authorization.

IMPORTANT:

  • Be comprehensive, don’t summarize
  • Include ALL inputs from the README
  • Use professional security terminology
  • No code snippets or implementation details

Mobile Authentication

Section titled “Mobile Authentication”

Purpose: The Mobile Authentication Scanner is designed to evaluate the security of mobile authentication mechanisms by assessing various aspects such as OAuth mobile flows, biometric authentication, token management, device binding, and session management. This tool aims to identify vulnerabilities that could lead to unauthorized access, data theft, or account hijacking.

What It Detects:

  • OAuth Mobile Flow Detection: The scanner checks for the implementation of OAuth PKCE, detects authorization code flow, identifies custom URL schemes, verifies redirect URI validation, and flags any insecure OAuth flows.
  • Biometric Authentication: It checks for support of Touch ID/Face ID, detects fingerprint authentication, tests biometric API usage, verifies fallback mechanisms, and flags weak biometric implementation.
  • Token Management: The scanner includes features to check for JWT usage, detect refresh token rotation, test secure token storage, verify token expiration, and flag insecure token handling.
  • Device Binding: It involves checking for device ID usage, detecting hardware-based binding, testing device attestation, verifying device registration, and identifying missing device binding.
  • Session Management: The scanner checks for session timeout, detects concurrent session limits, tests for session invalidation, verifies logout functionality, and flags weak session controls.

Inputs Required:

  • domain (string): Fully qualified domain name (e.g., ekkatha.com) that represents the target mobile application or service.

Business Impact: Mobile authentication vulnerabilities can significantly impact security posture by enabling unauthorized access to accounts, leading to potential financial losses and damage to reputation. Ensuring robust mobile authentication mechanisms is crucial for protecting sensitive user data and maintaining trust in digital services.

Risk Levels:

  • Critical: This severity level applies if the scanner identifies critical issues such as insecure token storage or lack of refresh token rotation that could lead to session hijacking, token theft, or unauthorized access without requiring any specific conditions beyond basic implementation details.
  • High: Risk is considered high if vulnerabilities are found in OAuth flows, biometric authentication, or device binding mechanisms that can be exploited with minimal effort but may require more advanced techniques for some components like JWT usage and secure token storage.
  • Medium: Medium risk applies to issues such as weak session controls or improper handling of tokens that might not always lead to immediate compromise but could become significant vulnerabilities under certain conditions, especially if multiple instances are present across the system.
  • Low: Informational findings at this level include minor issues like outdated protocol usage in OAuth flows or lack of device binding information which generally do not pose a direct threat and can be addressed through routine updates and improvements.
  • Info: This category includes purely informational aspects such as detection of basic compliance with industry standards that might not directly affect security but are important for transparency and regulatory compliance.

If the README doesn’t specify exact risk levels, infer them based on the scanner’s purpose and impact.

Example Findings: The scanner might flag issues like insecure OAuth flows leading to token theft or weak biometric authentication that allows bypass without requiring sophisticated attacks, both of which are indicative of significant security risks.