Page 56 - index
P. 56
Apps Under Attack
New Research Demonstrates Increase in App Hacks for Top 100 Mobile Apps
by Patrick Kehoe, Chief Marketing Officer, Arxan Technologies
Increasingly, the news we hear about hacks is dealing with mobile apps. Whether it is
WireLurker, Masque, or one of the other recent exploits, both iOS and Android apps alike are
falling prey to hacks and being exploited for malicious gain. Given this, the findings from a
recent State of Mobile App Security report are not surprising.
How protected are mobile apps?
The findings from the report clearly illustrate that unprotected mobile applications are vulnerable
to reverse-engineering, repackaging, republishing and susceptible to becoming malicious
weapons – and that most apps are, in fact, not well protected. The analysis, for example,
revealed that the following had been hacked:
• 97% of top paid android apps
• 87% of top paid iOS apps
• 80% of the most popular free Android apps
• 75% of the most popular free iOS apps
The research also revealed that hacks are occurring on apps across verticals. In financial
services, for example (where research has shown that hacking or malware has been the
predominant method of credit card data breaches that occurred from 2005 to 2014*
source Privacy Rights Clearinghouse), most apps have been hacked. Specific findings related
to financial services apps – as well as retail and healthcare apps - are summarized in the
attached infographic.
The 360 apps analyzed in the study were identified in the iOS App and Google Play stores, and
a number of techniques and sources were used to identify hacked versions of these apps. The
techniques to find hacked versions included, but were not limited to:
• Searching unofficial app stores
• Examining app distribution sites
• Reviewing the top torrent sites
• Examining file download sites
The numbers are staggering and frightening – can this really be the case?
When you consider a few points, you realize how we’ve gotten to the “state” we’re in:
• First, securing mobile apps hasn't been a significant focus for many organizations;
rather, most organizations have focused on network and device-level protection.
• Second, those who are focused on application layer security are not typically
protecting their binary code (which is the code you download from an app store) –
and a mobile application whose binary code is not protected is at risk, and can
potentially jeopardize your other security work as well. (Note: you can learn more
56 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
