You think your mobile app is safe? Think again…
The silent nature of all mobile attacks is what makes them so damaging.
Sadly, users are still their own worst enemy as they are not taking the safeguards to help protect themselves in digital mobile market today. As reported by Infosecurity Magazine, today, only 45% report locking their phone with a pin, password or biometric. Yet 83% of consumers are extremely, very or somewhat concerned about Identity theft in America based on TransUnion's annual survey. In just 6 months, over 400,000 consumers called the TransUnion Fraud Victim Assistance Department for help against fraud and it continues to grow.
With Mobility being key to driving the optimal experience, the vectors for fraud become unimaginable with the power and capabilities of the mobile device. You are hearing about fraud everywhere; gaming, banking, travel, retail, entertainment, healthcare etc and then add into the mix new attack vectors being magnified by your mobile device and the 5.86mil applications in the marketplace today you have to manage your daily life. Fortune’s chronicled Wintego claims around their ability to hack WhatsApp hack utilizing a Man-In-The-App to steal all your personal information. That has to make one think that standard or no security is really a problem.
In talking with several individuals, however, they seem to feel that the App Stores are providing them with safe apps, and in general, the mobile devices are safe. Not exactly as the above concerns illustrate quite vividly the dangers the users are to themselves and what vulnerability most mobile apps carry within them these days.
The reality is such that no app these days are immune to hacker attacks. It doesn’t matter if it’s password protected; doesn’t matter if this password is “complex” or even requires 2-factor authentication. None of this matters because the most damaging attacks on the mobile platform are silent ones: Jailbreaking, Rooting, Code Injection, App Cloning, Screen Scraping, and Brute Force attacks. These fancy names mean that the hacker can (unbeknownst to you) get access to all encrypted data on your phone and within your apps, display an overlay image, log information typed in the text field and modify the text displayed back to the user. Essentially, this means hackers can modify how any application works and perform tasks that may put your private information, money, other possessions in danger.
Wintego claims they leverage the mobile phone and the app to grab any data they want anytime they want. In other words, you don’t have to be a security freak to be very concerned. Mobile banking, social apps, any app that is connected to your credit card or bank account, - all of these can be hacked and abused. And if you don’t care so much about your hotel points or airlines miles, or your In-App revenue, think what a bad guy can do to a “smart” home controlled via a mobile app. And of course, they can clean out your bank account too.
What if there was a comprehensive yet simple way to protect mobile applications to make sure the bad guys can't get to your information? RASP or Runtime Application Self-Protection is a relatively new technology that can be quickly applied to existing apps as well as those in development. Without going into technical details, RASP can take an application and put a protective layer or “wrapper” around it that would secure your application and block a range of attack vectors such as malware, Man-In-The-App and OS vulnerability Exploits no matter what authentication you are utilizing today. In my mind, this is the starting point for all mobile app security.
With all the cyber-attacks today, Bloomberg’s article states that the Fed is formulating a plan to adopt new safeguards so that banks can leverage a baseline to shield themselves from the ongoing cyberthreats. They feel the digital vulnerabilities will become more frequent and aggressive and just 1 large attack could cripple the entire financial system. Ongoing testing and protection is expected today but tomorrow this will be mandatory to help address the ongoing cyber threats in the marketplace. The best way to protect clients and customers and create trust is by taking proactive and preventive steps to safeguard the data. So what is protecting your App ?