1. Field of Invention
The present invention relates to network and data security and more specifically, to a mobile device application for testing and demonstrating network security threats and defenses (or lack thereof).
2. Description of Related Art
Network and data security has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal and business information stored on mobile computing devices such as smartphones and tablets. Mobile devices collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy and intellectual property of the user. All mobile devices, as computers in general, are preferred targets of attacks. The attacks exploit weaknesses that come from communications protocols, web browsers, operating systems, unknown malware, and mobile applications (a.k.a., “mobile apps” or just “apps”).
As mobile devices are a point of access to the internet, they can be compromised as easily as computers with malware. Malware is a computer program that aims to harm the system in which it resides. Trojans, worms, and viruses are all considered malware. Malware can be unintentionally downloaded through seemingly innocuous web pages and Internet sites. Malware infestation may cause serious performance problems as it tries to read, write or broadcast data from the mobile device.
Other real-world attacks originate over wireless networks such as Wi-Fi, which is a popular networking technology that is based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards. All types of computer networks are subject to attacks from malicious sources. An attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.
Standard security defenses, such as firewalls, intrusion detection systems, and antivirus software, are common mechanisms that guard computers against outsider as well as insider attacks. The use of a firewall, for example, limits the access of outsiders to an internal network, and an intrusion detection system detects intrusion attempts by outsiders. Inside attacks can be prevented through antivirus scans that detect Trojans installed on mobile computers, which send out confidential information. Often, mobile devices become targets of attacks because they can move from a network with good security defenses to a network with weak or non-existent security defenses. The goal of many attacks is theft of data stored inside a network and transmitting the stolen data to outside the network.
Security testing is a process to determine that a computer system protects data and maintains functionality as intended. Internal and external security controls are evaluated through a methodically planned simulated attack that imitates threats from malicious outsiders and malicious insiders to understand the security weaknesses in a computer system and network.