Method and apparatus for testing a security of communication of a device under test

The invention claimed is: 1. A test apparatus for testing a security of communication of a device under test, DUT, wherein the test apparatus comprises: an RF unit having an RF interface adapted to receive from the device under test, DUT, an RF signal carrying Internet Protocol, IP, data, and an IP unit adapted to extract IP data carried in the received RF signal to check communication security aspects of the IP-based communication links between the device under test, DUT, and communication endpoints indicated in the extracted IP data, wherein said IP unit is adapted to analyze IP data carried by the received RF signal to check the communication security of the device under test, DUT, on the basis of at least one security criterion, SC, related to the communication endpoint, CEP, addressed by an IP address included in the extracted IP data, wherein the at least one security criterion, SC-CEP, related to the communication endpoint, CEP, comprises at least one of: a reputation of the addressed communication endpoint, a usage age of the IP address, a geographical location of the addressed communication endpoint, an owner of the addressed communication endpoint, a type of the addressed communication endpoint, an observed communication behaviour of the addressed communication endpoint, or a certificate of the addressed communication endpoint issued by a trusted certificate authority. 2. The test apparatus according to claim 1 , wherein the at least one security criterion, SC-CEP, related to the communication endpoint, CEP, addressed by the IP address is read by said IP unit from a communication endpoint look-up table, LUT, stored in a memory, wherein the memory is a local memory integrated in said test apparatus or a remote memory of a server of a data network to which the test apparatus is connected by means of a network interface of said test apparatus. 3. The test apparatus according to claim 1 , wherein the IP address comprises a numerical IP address or a domain name translated by a DNS server of a data network into a numerical IP address. 4. The test apparatus according to claim 1 , wherein the IP unit comprises a server component adapted to initiate and/or terminate an IP connection, IPC, between the device under test, DUT, and a communication endpoint, CEP, indicated by an IP address included in extracted IP data carried by the RF signal received by the RF interface of the RF unit of said test apparatus. 5. The test apparatus according to claim 1 , wherein the IP unit is adapted to check the communication security of the device under test, DUT, on the basis of security criteria, SC-CEP, related to the communication endpoint, CEP, addressed by the IP address, and/or security criteria, SC-DUT, related to the device under test, DUT, and/or security criteria, SC-IPC, related to the IP connection, IPC, between the device under test, DUT, and the communication endpoint, CEP, addressed by the IP address. 6. The test apparatus according to claim 5 , wherein the security criteria, SC-DUT, related to the device under test, DUT, comprise protocols supported by the device under test, DUT, and available cipher suites, wherein the security criteria, SC-IPC, related to the IP connection, IPC, between the device under test, DUT, and the communication endpoint, CEP, addressed by the IP address comprises: security criteria extracted from headers of data packets transported via the IP connection including a negotiated protocol type, a negotiated protocol version, a negotiated key exchange mechanism and negotiated user cipher suites and/or security criteria extracted from data content of data packets, DP, transported via said IP connection including user names, passwords, a current position of the device under test, DUT, an IMEI and/or an IMSI. 7. The test apparatus according to claim 1 , wherein the IP unit is adapted to perform a communication security evaluation, wherein a communication security provided by the device under test, DUT, is evaluated on the basis of metrics applied to the different security criteria, SC-CEP, related to the communication endpoint, CEP, addressed by the IP address, metrics applied to the different security criteria, SC-DUT, related to the device under test, DUT, and/or metrics applied to the security criteria, SC-IPC, related to the IP connection between the device under test, DUT, and the communication endpoint, CEP, addressed by the IP address to calculate an overall security communication score value of the device under test, DUT. 8. The test apparatus according to claim 1 , wherein the test apparatus is further adapted to influence an IP-based communication link, IPC, between the device under test, DUT, and a communication endpoint CEP/to analyse an impact on the operation behaviour of said device under test DUT/for checking the communication security of the respective device under test DUT. 9. The test apparatus according to claim 8 , wherein the test apparatus is adapted to influence the IP-based communication link, IPC, between the device under test DUT, and the communication endpoint, CEP, by modifying a data throughput of a wireless IP-based communication link between the device under test DUT, and the RF communication interface of the RF unit of said test apparatus and/or by modifying a data throughput of a wired IP communication link between the IP unit of said test apparatus and the communication endpoint CEP and/or wherein the test apparatus is adapted to influence the IP based communication link between the device under test DUT, and the communication endpoint CEP, by changing a Radio Access Network, RAN, technology of a wireless IP-based communication link between the device under test DUT, and the RF interface of the RF unit of said test apparatus, and/or wherein the test apparatus is adapted to influence the IP-based communication link, IPC, between the device under test DUT, and the communication endpoint, CEP, by modifying an address type of an IP address of said device under test DUT, and/or an address type of the IP address used for addressing said communication endpoint CEP, and/or by modifying an IP connection type of an IP communication link between the IP unit of said test apparatus and the communication endpoint CEP, and/or wherein the test apparatus is adapted to influence the IP-based communication link, IPC, between the device under test DUT, and the communication endpoint CEP, by providing a modified virtual location of said device under test ( 4 ) detected by a position detection unit of said device under test, DUT, and/or by providing a modified virtual network operator to said device under test, DUT. 10. The test apparatus according to claim 1 , wherein the IP unit is adapted to analyse the IP data carried by the received RF signal to check a connection behaviour of an application, APP, installed on the device under test, DUT. 11. The test apparatus according to claim 10 , wherein the IP unit is adapted to check the connection behaviour of the application, APP, installed on the device under test, DUT, in response to a modified digital certificate. 12. The test apparatus according to claim 1 , wherein the IP unit further comprises a port scan component configured to scan ports used by said device under test, DUT, to check a current security status of said device under test, DUT, wherein the port scan component of said IP unit is adapted to analyse IP data carried by the RF signal received by the RF unit of said test apparatus to identify the ports used by said device under test, DUT, wherein the port scan component is adapted to evaluate whether the respective port used by said devic