contact@scnsoft.com en flag +1 214 306 68 37
en flag +1 214 306 68 37
Contact us
Mobile Device Pentesting for a Healthcare IT and Research Company with 80K Employees

Mobile Device Pentesting for a Healthcare IT and Research Company with 80K Employees

Industry
Healthcare

Customer

The Customer is a multinational company providing technology solutions, research and consulting services for the healthcare industry. It operates in more than 90 countries and has about 80,000 employees on board.

Challenge

To conduct commercial clinical trials, the Customer stored, processed and transferred personal health information. To ensure PHI protection and comply with HIPAA regulations, the Customer resorted to security testing after any significant changes in corporate software and IT infrastructure. At this stage, the Customer needed to check Android and iOS mobile devices used by the employees for working purposes for security vulnerabilities that could endanger PHI.

Solution

ScienceSofts ethical hackers explored the Customer’s corporate Android and iOS mobile devices at the hardware, middleware and software levels. They performed black box and gray box penetration testing, including:

  • Assessment of wireless transmission of data.
  • Assessment of encryption protocols.
  • Assessment of mobile Bluetooth settings.
  • Exploration of OS security permissions.
  • Analysis of commonly known vulnerabilities of the specific versions of mobile devices and mobile applications under test.
  • Attempted SMS-based attacks (DoS, malware dissemination).
  • Input data manipulation (SQL injections, buffer overflow, network protocol violations).

ScienceSoft’s pentesters revealed several critical vulnerabilities that had been missed out during previous checks by another vendor. The vulnerabilities included outdated user applications and mobile OS versions, unrestricted access to certain user applications, poorly secured Wi-Fi.

ScienceSoft’s security experts documented all found security gaps and provided recommendations on preventing their exploitation. They advised to implement a reliable network authentication protocol, monitor Wi-Fi access points on the mobile devices, update security patches and mobile OS versions, delete unnecessary user applications, restrict user access to the Suggested Apps feature and emergency apps, etc.

Also, ScienceSoft delivered consultations for the Customer’s IT team to better understand the existing security gaps and best ways to address them.

Results

The Customer received detailed reports on detected vulnerabilities with the classification according to their severity and likelihood and an actionable guidance on vulnerability remediation. Satisfied with ScienceSoft’s professional approach, the Customer decided to rely on ScienceSoft’s security experts for another penetration testing project.

Technologies and Tools

Nmap, Wireshark, Metasploit, custom scripts (Python, C and Perl scripts for the exploitation of vulnerabilities).

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

Get in touch instantly

Call us Live chat WhatsApp Email us

More Case Studies

Share:

facebook twitter linkedin