Mercury v2.0 Released - The Leading Android Security Testing Framework
- Published on Monday, 17 December 2012 14:17
- Written by Mike McClain, Web Editor
Leading Information Security consultancy, MWR InfoSecurity, has released Mercury v2.0 today, Friday 14th December. MWR are building on the success of their tool Mercury v1.1 which is the first and only security testing framework that allows for dynamic analysis of apps running on Android devices.
The power of Mercury was demonstrated by a team from MWR Labs, the company’s research arm, when they used the tool to win the Pwn2Own competition for Android at EUSecWest in September this year.
Tyrone Erasmus, creator of Mercury, said: “Mercury allows Android developers and security researchers to investigate the Android environment to identify security vulnerabilities. The v2.0 release introduces a number of significant new features and many important changes under the bonnet.”
He added: “We have improved the usability and want to push out this new version to allow more people to explore the Android platform with ease.”
One of the new features is the Infrastructure Mode - it is a new way to use Mercury where the Android device can phone home to a central server which allows Mercury to traverse common network security equipment such as firewalls. This new feature is an improvement on Mercury v1.1 because users can now connect to an Android device without knowing its IP address.
Daniel Bradberry, Head of Security Tools Development at MWR, said: “The Infrastructure Mode is a significant new feature which allows security researchers to build real world attack scenarios and test how devices may be used to compromise corporate environments. This is particularly important given the rise in BYOD strategies.”
Mercury v2.0 provides support for more devices, covering over 99% of those active in the market. Support has been extended back to Android 2.1 (Eclair) and all later versions. The release also introduces an improved User Interface which has replaced multiple levels of menus with a single prompt that gives access to all of Mercury’s functionality; this makes it faster and easier to perform an assessment.
Daniel Bradberry added: “The key is we have made it simpler. We have tried to improve the interface by drawing on the shells we use on a daily basis; this should make it more comfortable for people when they first start using Mercury.”
Additionally, Mercury v2.0 provides very easy access to allow users to write code and execute it directly on the device without altering the existing software. This improves the ability to extend Mercury’s functionality and provides the user with the opportunity to dig deeper than before.
Erasmus said: “The development of Mercury v2.0 has been enhanced by the substantial amount of feedback we have received from the community and the comments and suggestions we have been provided with as a result of the beta testing.”
Mercury v2.0 is free and available to download from today at mwr.to/mercury – Daniel Bradberry and Tyrone Erasmus will also be tweeting useful hints and tips on how to use and get the most out of the tool throughout the release day from @droidhg.