Enterprise employees are increasingly providing smart phones and tablets to employees. Those mobile device users are accessing their company mail, calendar, and other enterprise applications both from home and when traveling around the world! Often users are browsing the web with those mobile devices, connecting to secure web sites to do banking or to make purchases.
Is any of the access from the mobile device being done in a secure way that protects employees as well as the enterprise's private and proprietary data? What version of SSL or TLS are they using to securely browse the web from their device? Not sure, huh. How about the IPsec VPN tunnel between the phone or tablet and the office? Seems to work. But does the phone employ the latest versions of the Internet Key Exchange protocol? Does it inadvertently use weak ciphers when you expect otherwise? There's one way to find out this and more about the phones and tablets being re-sold by carriers and built by familiar manufacturers like Apple, HTC, LG, Motorola, NEC-Casio, Pantech, Samsung, and Sony Mobile: have the devices tested by an independent third party like ICSA Labs.
ICSA Labs has been testing VPN security for more than 15 years. Beginning with our IPsec interoperability and later our SSL-TLS VPN testing program, ICSA Labs has extensive expertise in these technologies. So, taking that kind of rigorous, no-nonsense testing to mobile phones that are in the hands of over 1 billion users worldwide was a no-brainer for us.
Are you a carrier that re-sells mobile devices or a manufacturer of those devices? Perhaps you're a third-party provider of the VPN technology found in mobile devices. This testing may be for you and may give peace of mind to both you and your customers. So, if you are interested or curious at all about what ICSA Labs can do for you in terms of testing the SSL/TLS functionality and/or the VPN capabilities in mobile devices, please contact ICSA Labs via e-mail or phone at 717.790.8143.