The COVID-19 pandemic led to an uptick in cybercrime. According to some estimates, cybercrime increased by as much as 600%. Additionally, as more people settle down to the new normal of working from home, criminals will undoubtedly continue to explore the weaknesses of mobile app security. Enterprise mobility management (EMM) will also take center stage as more workers use their personal devices for work-related activities.
Cybercriminals target new attack vectors when they see them as financially viable, especially without robust security measures. An attack surface is how unauthorized actors attempt to access mobile app backend features such as user profile information and data. A cybercriminal aims for automation by scanning all surfaces of a targeted application while collecting APIs keys or business logic to design a programmed attack.
Below are five mobile attack surfaces targeted by cybercriminals with tips on how app developers can improve cybersecurity.
Mobile App Integrity
Performance integrity is critical for mobile apps. When hackers attack a mobile app’s integrity, they are usually interested in three things:
- Acquire identity keys: Cybercriminals try to acquire identity keys such as API keys, which they can use to reverse engineer the app.
- Information extraction: Cybercriminals try to extract information from an app that could be used for hacking, such as access tokens or other information.
- Transform the app into an attack tool: Cybercriminals transform the app into an attack tool by injecting malicious code. Once they do this, they can divert payments and revenue into their accounts.
To protect the integrity of their application, developers should determine if requests from various sources are valid.
Attackers will often target user credentials, which are usually the highest level of security for apps. Additionally, cybercriminals will attempt to steal sensitive information by using social engineering. Cybercriminals will also try to exploit design and logic flaws in the app’s logic and security loopholes.
Developers can take some steps to make their apps less susceptible to cyberattacks. One way is by adding a layer of authentication for users within the app, such as biometrics or two-factor authentication that has been available since Android Lollipop 5.0.
Another way is by updating your app with credentials during the installation or upgrade process, which is more resistant to malware as it relies on an authorization token instead of static credentials like usernames and passwords. Cybercriminals often use malware to gain access to information stored within the app.
API Channel Integrity
API channel integrity is one way to help ensure that API connections are safe. Unfortunately, the most common way to compromise channel integrity is through public Wi-Fi connections that expose the communication channel between the API and mobile app. While developers may implement TSL/SSL protocols to mitigate attacks, sophisticated attackers use man-in-the-middle (MITM) attack tools to set up dummy servers to steal information and read API queries/responses.
MITM attacks can be achieved by targeting specific smartphone-oriented websites. In these cases, the primary goal of hackers is API server impersonation and tricking clients into believing they are in communication with each other. However, the reality is that the hacker intercepts communication at both ends and steals information.
The channels venues that are of interest to attackers include:
- The API protocols in use. This allows the attacker to extract code and impersonate authentic traffic.
- Obtaining API keys by mounting an attack to insert scripts to convince the server that the communication comes from genuine client interaction.
- Extracting a user’s credentials and embedding them in scripts that the server will identify as coming from a trusted source.
- By tampering with the requested course of action, transactions made through API can be manipulated by cybercriminals to take a different turn than what was initially requested.
- Cybercriminals use a variety of strategies to break into an individual’s system. One example is exposing API vulnerabilities and accessing information that would not be accessible to the given person.
Consider the methods below to protect your channel’s integrity:
- Install a WEP security mechanism to protect your wireless connection from nearby unauthorized users.
- Change your router’s default password. Cybercriminals can be redirected if they have the login credentials for a Wi-Fi signal or VPN provider, so continually update your Wi-Fi passwords on routers and turn off remote access to the connection at home.
- Use VPNs to secure your traffic. When you are within a local area network, use virtual private networks to prevent attackers on the public internet from accessing your traffic.
Device integrity is one of the most used mobile attack surfaces. Cybercriminals will often target sensitive information and data by using various vulnerabilities in applications or devices. Cybercriminals may try to bypass this security measure by tampering with the device or altering app data remotely. Cybercriminals may also install malicious applications on devices, often to exfiltrate sensitive information such as financial details or personal photos and videos.
One common technique used to bypass device security is rooting or jailbreaking. Another method is code tampering, where criminals use an instrumentation framework to insert malicious code into an app during runtime. Cybercriminals also use code tampering to hide malware within a legitimate app. To thwart hacking attempts on mobile apps, implement runtime self-defense code. This code monitors the app for rootkits and other intrusions.
Cybercriminals looking to plant malicious applications on a device often try brute-forcing an app’s code on cloud development platforms such as AWS. This process can be automated by a large number of bots, making it easier for the cybercriminal to exploit thousands of apps. You can use tools to monitor and detect suspicious behavior in your cloud environment, such as AWS GuardDuty.
API and Service Vulnerabilities
API and service vulnerabilities are vital as they could enable cybercriminals to exploit sensitive information in the app. Cybercriminals will also often target API vulnerabilities to achieve three common goals:
- Data theft: One target cybercriminals love to exploit is personal data, as it can be a valuable commodity for them. Along with physical theft of devices and users’ information through social engineering techniques, cybercriminals can access user accounts thanks to APIs that allow for the automation of many processes such as file syncing and credit card transactions.
- Denial of Service (DOS): A denial of service attack targets the availability of the endpoints rendering them unusable for genuine requests. This is done by overloading the API endpoint with malicious API requests, causing a mobile app to go offline.
- Login system attacks: Attackers will relentlessly reuse passwords they have stolen by trial and error to access protected information. Working credentials are then used to access API information.
Cybercriminals are always looking for new ways to exploit mobile devices. Therefore, cybersecurity professionals should constantly look for and fix vulnerabilities that provide malicious actors access to their mobile apps.