Leading Information Security consultancy, MWR InfoSecurity, has released Mercury v2.0 on Friday 14th December. MWR are building on the success of their tool Mercury v1.1 which is the first and only security testing framework that allows for dynamic analysis of apps running on Android devices.
The power of Mercury was demonstrated by a team from MWR Labs, the company’s research arm, fwhen they used the tool to win the Pwn2Own competition for Android at EUSecWest in September this year.
Tyrone Erasmus, creator of Mercury, said: “Mercury allows Android developers and security researchers to investigate the Android environment to identify security vulnerabilities. The v2.0 release introduces a number of significant new features and many important changes under the bonnet.”
He added: “We have improved the usability and want to push out this new version to allow more people to explore the Android platform with ease.”
One of the new features is the Infrastructure Mode - it is a new way to use Mercury where the Android device can phone home to a central server which allows Mercury to traverse common network security equipment such as firewalls. This new feature is an improvement on Mercury v1.1 because users can now connect to an Android device without knowing its IP address.
Daniel Bradberry, Head of Security Tools Development at MWR, said: “The Infrastructure Mode is a significant new feature which allows security researchers to build real world attack scenarios and test how devices may be used to compromise corporate environments. This is particularly important given the rise in BYOD strategies.”
Mercury v2.0 provides support for more devices, covering over 99% of those active in the market. Support has been extended back to Android 2.1 (Eclair) and all later versions. The release also introduces an improved User Interface which has replaced multiple levels of menus with a single prompt that gives access to all of Mercury’s functionality; this makes it faster and easier to perform an assessment.
Daniel Bradberry added: “The key is we have made it simpler. We have tried to improve the interface by drawing on the shells we use on a daily basis; this should make it more comfortable for people when they first start using Mercury.”
Additionally, Mercury v2.0 provides very easy access to allow users to write code and execute it directly on the device without altering the existing software. This improves the ability to extend Mercury’s functionality and provides the user with the opportunity to dig deeper than before.
Erasmus said: “The development of Mercury v2.0 has been enhanced by the substantial amount of feedback we have received from the community and the comments and suggestions we have been provided with as a result of the beta testing.”
Mercury v2.0 is free and available to download at mwr.to/mercury – Daniel Bradberry and Tyrone Erasmus have been tweeting useful hints and tips from @droidhg on how to use and get the most out of the tool.
Daniel Bradberry, Head of Security Tools Development at MWR InfoSecurity, said today: “Mercury v2.0 had a great response since it was released on Friday 14th, with the number of people downloading the tool within the past three days going well over 200. We believe it is because there is no other tool like Mercury which will run security tests on Android devices.”
MWR InfoSecurity is one of the world’s leading information security consultancies – MWR specialise in security testing on mobile devices.
For further information please contact:
Head of Security Tools Development at MWR
T: +44(0)1256 300920
Creator of Mercury
M: +44(0)7860 322333
T: +44(0)207 544 8980
M: +44(0)78 3854 7531
T: +44(0)20 7544 8831
T: +44(0)1256 300920
M: +44(0)79 0983 1909
Or visit http://www.mwrinfosecurity.com/