Recently, more and more hacking activities have been associated with
mobile applications, and the trend is expected to continue. When looking at exploits such as WireLurker, Masque and other recent attacks, both iOS and Android apps are falling victims to hacks and being exploited for malicious gain.
So how protected are your mobile applications?
Mobile Apps as Hacking Targets
Detailed findings have shown that mobile applications are vulnerable to reverse-engineering, repackaging and republishing, and are even susceptible to becoming malicious weapons. Most applications are actually not well protected. For example, the analysis revealed that the following had been hacked:- 97 percent of top paid Android applications;
- 87 percent of top paid iOS applications;
- 80 percent of the most popular free Android applications;
- 75 percent of the most popular free iOS applications.
How to Protect Mobile Applications
To combat the threats that mobile applications are susceptible to, organizations must adopt preemptive and reactive measures, such as the following:- Applications with high-risk profiles running on mobile platforms should be made tamper-resistant and be capable of detecting and defending themselves against threats at run time.
- The software that is used to enable mobile wallets and payment applications (such as host card emulation software for Android platforms) should leverage cryptographic key protection and application hardening.
- As part of the mobile application development life cycle, your organization should conduct penetration tests that assess your level of vulnerability to reverse-engineering and tampering that can result from unprotected binary code.
0 comments:
Post a Comment