Method and apparatus for testing a security of communication of a device under test

The invention claimed is: 1. A test apparatus for testing a security of communication of a device under test, DUT, wherein the test apparatus comprises: an RF unit having an RF interface adapted to receive from the device under test, DUT, an RF signal carrying Internet Protocol, IP, data including at least one IP address; and an IP unit adapted to analyse IP data carried in the received RF signal to check communication security of the device under test, DUT, using at least one security criterion, SC-CEP, related to a communication endpoint, CEP, addressed by the IP address, wherein the IP unit is adapted to perform a communication security evaluation, wherein the IP unit evaluates the communication security provided by the device under test, DUT, on the basis of metrics applied to the different security criteria, SC-CEP, related to the communication endpoint, CEP, addressed by the IP address, metrics applied to the different security criteria, SC-DUT, related to the device under test, DUT, and metrics applied to the security criteria, SC IPC, related to the IP connection between the device under test, DUT, and the communication endpoint, CEP, addressed by the IP address to calculate an overall security communication score value, CSSV, of the device under test, DUT, and wherein if the overall security communication score value, CSSV, is beneath a configurable threshold value: some or all applications of the device under test are partially or completely deactivated, a list of alternative communication endpoints is loaded from a database connected to the test apparatus, and the CSSV is exported to an external processing unit. 2. The test apparatus according to claim 1 , wherein said IP unit is adapted to analyse IP data carried by the received RF signal to check the communication security of the device under test, DUT, on the basis of at least one security criterion, SC, related to the communication endpoint, CEP, addressed by the IP address, wherein the at least one security criterion, SC-CEP, related to the communication endpoint, CEP, comprises: a reputation of the addressed communication endpoint, a usage age of the IP address, a geographical location of the addressed communication endpoint, an owner of the addressed communication endpoint, a type of the addressed communication endpoint, an observed communication behaviour of the addressed communication endpoint, and/or a certificate of the addressed communication endpoint issued by a trusted certificate authority. 3. The test apparatus according to claim 2 , wherein the security criterion, SC-CEP, related to the communication endpoint, CEP, addressed by the IP address is read by said IP unit from a communication endpoint look-up table, LUT, stored in a memory, wherein the memory is a local memory integrated in said test apparatus or a remote memory of a server of a data network to which the test apparatus is connected by means of a network interface of said test apparatus. 4. The test apparatus according to claim 1 , wherein the IP address comprises a numerical IP address or a domain name translated by a DNS server of a data network into a numerical IP address. 5. The test apparatus according to claim 1 , wherein the IP unit is adapted to check the communication security of the device under test, DUT, on the basis of security criteria, SC-CEP, related to the communication endpoint, CEP, addressed by the IP address, security criteria, SC-DUT, related to the device under test, DUT, and/or security criteria, SC-IPC, related to the IP connection, IPC, between the device under test, DUT, and the communication endpoint, CEP, addressed by the IP address. 6. The test apparatus according to claim 5 , wherein the security criteria, SC-DUT, related to the device under test, DUT, comprise protocols supported by the device under test, DUT, and available cipher suites, wherein the security criteria, SC-IPC, related to the IP connection, IPC, between the device under test, DUT, and the communication endpoint, CEP, addressed by the IP address comprises: security criteria extracted from headers of data packets transported via the IP connection including a negotiated protocol type, a negotiated protocol version, a negotiated key exchange mechanism and negotiated user cipher suites and/or security criteria extracted from data content of data packets, DP, transported via said IP connection including user names, passwords, a current position of the device under test, DUT, an IMEI and/or an IMSI. 7. The test apparatus according to claim 1 , wherein the test apparatus is further adapted to influence an IP-based communication link, IPC, between the device under test, DUT, and a communication endpoint, CEP, to analyse an impact on the operation behaviour of said device under test, DUT, for checking the communication security of the respective device under test, DUT. 8. The test apparatus according to claim 7 , wherein the test apparatus is adapted to influence the IP-based communication link, IPC, between the device under test, DUT, and the communication endpoint, CEP, by modifying a data throughput of a wireless IP-based communication link between the device under test, DUT, and the RF communication interface of the RF unit of said test apparatus and/or by modifying a data throughput of a wired IP communication link between the IP unit of said test apparatus and the communication endpoint, CEP. 9. The test apparatus according to claim 7 , wherein the test apparatus is adapted to influence the IP based communication link between the device under test, DUT, and the communication endpoint, CEP, by changing a Radio Access Network, RAN, technology of a wireless IP-based communication link between the device under test, DUT, and the RF interface of the RF unit of said test apparatus. 10. The test apparatus according to claim 7 , wherein the test apparatus is adapted to influence the IP-based communication link, IPC, between the device under test, DUT, and the communication endpoint, CEP, by modifying an address type of an IP address of said device under test, DUT, and/or an address type of the IP address used for addressing said connection endpoint, CEP, and/or by modifying an IP connection type of an IP communication link between the IP unit of said test apparatus and the communication endpoint, CEP. 11. The test apparatus according to claim 7 , wherein the test apparatus is adapted to influence the IP-based communication link, IPC, between the device under test, DUT, and the communication endpoint, CEP, by providing a modified virtual location of said device under test, DUT, detected by a position detection unit of said device under test, DUT, and/or by providing a modified virtual network operator to said device under test, DUT. 12. The test apparatus according to claim 1 , wherein the IP unit is adapted to analyse the IP data carried by the received RF signal to check a connection behaviour of an application, APP, installed on the device under test, DUT. 13. The test apparatus according claim 1 , wherein the test apparatus comprises an output interface to export communication security results related to the communication security of said device under test, DUT, to an external processing unit. 14. The test apparatus according to claim 1 , wherein the device under test, DUT, comprises a mobile device or a fixed terminal. 15. The test apparatus according to claim 1 , wherein the test apparatus is a device connected via a wireless communication link to the device under test, DUT, or is a device plugged into the device under test, DUT, or is int