Skip to content
Mirai-BG-2000x1032

PayByPhone Secures its Systems from a Critical Vulnerability Thanks To Mirai Security

Case Study: Penetration Test

PayByPhone is a global leader in parking payment solutions. The company's smart cashless parking app is used in more than 1,200 cities across three continents.

Founded in 2001, PayByPhone sought to take the pain out of parking. Its user-friendly mobile app eliminates the need to use coins or terminals, greatly simplifying the daily journeys of its growing customer base. Since then, it has accumulated more than 70 million users while processing hundreds of millions of payments each year.

PayByPhone’s tremendous success has brought its share of cybersecurity challenges, such as maintaining compliance with regional privacy requirements across three continents and ensuring the payment information of its massive user base is secure.

PayByPhone logo 1
sven-mieke-qZF9kF51ODc-unsplash
“There was no hesitation in hiring Mirai for this test, as we know the quality of the team Alex [Dow, Mirai CIO] has put together and the company’s leadership.”
Alan Ottnad
Alan OttnadDirector of IT Compliance @ PayByPhone
PCI Security Standards Council

The Project

In 2022, PayByPhone hired Mirai Security to conduct a penetration test. The company had recently undergone a significant infrastructural change and was required to prove it could operate securely in its new environment.

Penetration testing is prescribed by the Payment Card Industry Security Standards Council (SSC), a global forum that maintains the Payment Card Industry Data Security Standard (PCI DSS). As these penetration tests must be conducted impartially, PayByPhone had to find the right cybersecurity partner to verify its infrastructure was secure.

Although PayByPhone maintains working relationships with several cybersecurity companies, Mirai Security was the only vendor available to conduct this test in a timely and efficient manner.

Alan Ottnad, PayByPhone’s Director of IT Compliance, cites Mirai’s professionalism and expertise during previous engagements as a deciding factor in trusting Mirai once again:

“There was no hesitation in hiring Mirai for this test, as we know the quality of the team Alex [Dow, Mirai CIO] has put together and the company’s leadership.”

PCI Security Standards Council

During the test...

Mirai uncovered a previously unnoticed
and potentially COSTLY
vulnerability

Our penetration testers discovered a critical vulnerability that PayByPhone’s other security partners had yet to disclose. The vulnerability concerned the use of Microsoft’s Active Directory (AD) service, which is deployed by many companies to manage network resource access.

If left unchecked, the vulnerability could have been exploited and potentially allowed an attacker to gain domain access and wreak havoc on the company’s digital infrastructure.

In Ottnand’s words, “That could have become a breached account with a straight escalation of privilege to the highest level of authority within our organization. It could have done severe damage and basically shut us down.”

1-Oct-20-2022-03-43-18-62-AM
unsplash-image-6pDLA8ieviw-1
"The communication aspect was really good... We had a call every Friday, we had a slack channel going and we had some high-priority stuff that we could fix up during the engagement."
Alan Ottnad
Alan OttnadDirector of IT Compliance @ PayByPhone

OUTCOME

Fortunately, our team acted quickly and professionally so the vulnerability could be patched. 

“The communication aspect was really good,” said Ottnand. “I’m a little bit specific on the reports, that they need to be individual instead of all one because I have multiple audiences.”

“We had a call every Friday, we had a slack channel going and we had some high-priority stuff that we could fix up during the engagement.”

“My job is to make sure we get the best value for our audit dollar. Mirai found a vulnerability on our AD that the previous six years of pen testing hadn’t found. That’s value.”

 
rohit-tandon-ku79qGpxWXQ-unsplash
"My job is to make sure we get the best value for our audit dollar. Mirai found a vulnerability on our AD that the previous six years of pen testing hadn’t found. That’s value."
Alan Ottnad
Alan OttnadDirector of IT Compliance @ PayByPhone

IN CYBERSECURITY, IT’S BETTER TO BE PROACTIVE THAN REACTIVE

We offer the following security testing services to identify threats and vulnerabilities before they're exploited:

7-2

Receive clear, accurate, and consistent vulnerability reporting for your organization

11-1

Prove the security of your application

20

Obtain tangible evidence of vulnerabilities in your infrastructure

unsplash-image-7hNFDgIqxSY-sml

CONTACT A CYBERSECURITY EXPERT

Mirai Security is a trusted cybersecurity partner for businesses across North America.

If you have an information security problem to solve or a challenge to discuss, we'd love to hear from you.

CONTACT AN EXPERT