1
2
3
1

Vulnerability Management

2

Realtime Threat monitoring and scanning

3

Detailed reporting (prioritized by vulns)

Mobile Vulnerability Management and Threat Intelligence

Security Recap is the most comprehensive vulnerability scanner for Android devices on the market. Unlike antivirus software which scan for infected applications, Recap goes further with over 2800+ checks to address System and Application vulnerabilities that exist in the original code such as buffer overflows, malicious input, memory corruption, insecure permissions among others and provides actionable references for resolution.

Enterprise organizations are using Recap to maximize coverage of identifying inherent vulnerabilities on mobile devices including handsets and tablets.

Recap Security

The Mobile Threat landscape evolves as fast as the release of the next new device or killer application and so do mobile security threats. Most solutions that provide mobile security rely on signature-based inspection for viruses and malware along with blacklisting of URL’s. Although this approach provides some peripheral coverage, it is not effective against the fundamental attributes of active Mobile Threats such as inherent software vulnerabilities including buffer overflows, privilege escalation, high resource utilization (i.e., ransom-ware) and intent spoofing among other exploitation vectors. An organization must have the ability to proactively identify and mitigate such Threats. Traditional anti-virus and malware solutions are rendered useless to attacks that exploit vulnerabilities inherent in the application and the device OS. Recap helps bridge this gap by detecting threats and identifying vulnerabilities that are inherent in the device software and can be actively exploited by malicious actors.

Security Analytics

  • Near real-time reporting of vulnerabilities and events
  • Insightful analytics data representation
  • Prioritization and categorization of vulnerabilities and Threat events
  • Customizable charts/data queries

Vulnerability Feed

Recap maintains an extensive scanning Database of vulnerabilities from multiple sources (see below). The Recap vulnerability database is updated daily (for licensed versions) and every quarter for free versions and it is comprised by the following sources:

IST Vulnerability Database: The NIST National Vulnerability Database (NVDB)  is a central repository of software vulnerabilities. Recap’s DB leverages selected vulnerabilities published in the NVD and distinguishes those entries with the “CVE” prefix (e.g., CVE-2014-8507).

Palindrome Technologies​ CyWAR Lab: Palindrome Technologies​ performs security research on mobile devices on behalf of commercial customers. This research has led to the discovery of several 0-day vulnerabilities, which they are also disclosed to the corresponding OEMs (i.e., Samsung, Motorola, LG etc ). Palindrome Technologies​ discovered vulnerabilities are identified using the “PAL” prefix  (e.g., PAL-2015-0004” instead of CVE).

Public Forums: There are several public forums where Android vulnerabilities or security issues are discussed. In instances where 0-day vulnerabilities are discussed in public forums we develop verify its applicability and include in the Recap database as necessary.

Google Partner Security Bulletin: The Google Partner Security Bulletin (PSB) is a closed consortium of trusted Google partners in which Android security issues are communicated.  These vulnerabilities are distinguished using the prefix “PSB”. It should be noted that PSB’s are included in versions of Recap scanner that maintains an active license. The PSB’s capture issues under investigation that may not have an immediate software fix and thus used for awareness purposes only.   

Threat Feed

The Recap Security agent aims in identifying inherent vulnerabilities in a mobile device’s Operating System software, 3rd party libraries, programs, utilities and applications. Furthermore the agent detects events that exhibit malicious intent such as privilege escalation (which is an indication of a malicious process attempting to gain root or system access) and high CPU utilization (i.e., ransomware).

There are several Threats associated with mobile devices but the most significant ones aim in exploiting vulnerabilities that exist in the Operating System software and/or device applications. For example, Rooting is a popular attack vector on Android devices which allows a user to gain privileged access (administrative root access) to the mobile device firmware and perform various changes from removing OEM or carrier preloaded applications to changing device configuration (e.g., for tethering, CPU over clocking).

Regardless of the user’s intention, the Rooting process exploits existing vulnerabilities in the OS software that allow the user to compromise the device security controls and gain root access. At the same time, these inherent vulnerabilities can be exploited by malware.

Gaining root access can also impact DRM (Digital Rights Management) applications or other critical applications such as mobile wallet.

Recap’s Threat monitoring agent can detect suspicious activities related to privilege escalation, rooting attempts, and 0-day exploits (such as Stagefright) and alert the user.