Page 57 - index
P. 57
about the risks associated with unprotected binary code in this "How to Hack an
App" Video )
• Finally, once an application's hacked, there's no shortage of outlets for distribution.
In fact, there are hundreds of app stores and websites around the world, many of
which are legitimate, but have limited security controls, and unfortunately many
others are focused solely on the distribution of torrents and hacked apps
So what do we do about it?
To combat the unique threats that mobile apps are susceptible to, organizations must adopt pre-
emptive and proactive measures:
• Applications with high-risk profiles running on mobile platforms should be made tamper-
resistant and capable of detecting and defending themselves against threats at runtime.
Note: You can learn more about how to maintain the confidentiality of code and establish
runtime application self-protection in this brief video.
• The software that's used to enable mobile wallets/payment applications (e.g., Host Card
Emulation software for Android platforms) should leverage cryptographic key protection and
application hardening.
• As part of the mobile application development lifecycle, your organization should conduct
penetration tests that assess your level of vulnerability to reverse-engineering and
tampering that can result from unprotected binary code.
These and other recommendations are detailed within the full State of App Security report.
Hopefully the proliferation of recent mobile attacks and findings from the research are eye-
opening for developers and security practitioners alike. However, I suspect that a dramatic shift
in focus toward application protection and making applications self-protecting at runtime won’t
occur any time soon, and that the “state of app security” won’t change much in the near term.
Hopefully I’m proven wrong!
About The Author
Patrick Kehoe is the Chief Marketing Officer of Arxan Technologies. He and
the team at Arxan are in the business of understanding application security
vulnerabilities and deploying approaches to protect applications—building on
over 10 years of research and intellectual capital on this topic. Patrick brings
over twenty years of experience working with software, hardware, and service
providers in the High Tech industry. He holds a degree in Computer Science
from Vanderbilt University and a MBA from the Darden Graduate School of
Business at the University of Virginia. In his spare time, he enjoys triathlons
and traveling with his family. Patrick can be reach at (310) 968-4290 and at
the Arxan website http://www.arxan.com.
57 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
