Threat landscape
We make sure that the risks your apps face don't become a reality
Sensitive Data Exfiltration
If your app contains sensitive data, then there’s a chance a hacker will attempt to steal it. This might be your end users’ personal information like their passport details or medical records. Or it could be their financial information such as account numbers and statements. Important cryptographic material - like keys for encryption and decryption, and cryptocurrency wallets - are also targets.
Sensitive data exfiltration is a risk that all industries face. A key reason why hackers succeed is that there’s often a weak link somewhere in your app. A door left ajar. One example is exposing sensitive information by storing it in your system logs. If you log the username and password for a failed user-to-app authentication attempt, then a hacker that gains access to that log could also get at your data. Another example is poorly implemented cryptography. Some apps have cryptographic algorithms and ciphers that are weak or broken. And bad actors can exploit them to find a route to your valuable data. These are examples of poor security. Sensitive data exfiltration becomes a lot harder when your app is reinforced with multiple layers of protection.
How we help
Our products work hard to prevent malicious data exfiltration. They start by protecting your content and code. They use anti-tampering measures. Then they carry out integrity checks and environment checks. This process makes sure nothing has been altered in your apps. It also detects untrusted environments, rooting, debugging, hooking, and emulators. This is important, because tools like debuggers and emulators are used by hackers to reverse engineer apps.
Our products also run sensitive crypto operations and store key material in a safe container. This makes it much harder for attackers to find sensitive data to steal in the first place. We use deep communication hardening and certificate transparency to block man-in-the-middle attacks. And our real-time attacks telemetry and threat intelligence gives you a better idea of the risks your apps face.
Repudiation and Modification of Information
There are several types of repudiation and modification attacks. But the most common are man-in-the-middle attacks. And these attacks have a better chance of success if the server authentication is weak. That’s why it’s so important for apps that exchange information with a back-end server to strongly authenticate that server before trying to establish a secure connection. If the authentication mechanism is weak, then hackers can impersonate the back end server. That can give them unauthorized access to unencrypted data. Once the app is exchanging data with a compromised back-end server, it can become even more vulnerable. That’s because this server will then be treated as a trusted system. And so a bad actor could gain access to sensitive user data, too.
Aside from man-in-the-middle attacks, the risk of repudiation and modification can come in the form of fraud. A hacker might try to capture your legitimate credentials and then use those to carry out an illegal operation. Bad actors can also manipulate, modify or destroy user data. Or they might decide to overwrite a file with an encoded or encrypted one. Then they could demand payment in exchange for its safe return.
How we help
Our certificate pinning and communication hardening makes it much harder for hackers to carry out man-in-the-middle attacks. Some of our clients also make use of certificate transparency to eliminate structural flaws in the SSL certificate system.
Our self-defending products also make your apps harder to read and harder to attack. They prevent tampering and protect your code and content. And they use sensitive crypto functions to safely store your most valuable logic and data. We also carry out integrity checks and environment checks to make sure nothing has been altered in your apps. This helps to protect them from reverse engineering attempts.
Tampering
Tampering takes many forms. One of the most common is for a trojan app or a malicious app to impersonate your legitimate one. With a trojan app, an attacker manages to obtain the install packages for your legitimate app. And once they have them, they can decompile your app, introduce the trojan, and then generate a new install package. To the unsuspecting user, the new app will look exactly like yours. It’s a similar situation with a malicious app impersonating yours. But this time a bad actor would reverse engineer your app and then create a fake version that looks exactly the same. The hacker’s hope in both of these scenarios is that your customer or employee would download their version instead of the real one. Then they would try to trick that person into sharing their personal credentials.
All industries are at risk from tampering attacks like these. But a favorite industry for hackers to target is FinTech. And it's easy to see why. Imagine if a bad actor were able to get customers of a bank to download a bogus version of their banking app. They would then be able to illegally profit not only from user data, but also the funds from individuals' accounts. This would have lasting negative consequences for the reputation of the bank involved.
How we help
The key to preventing this kind of tampering is running environment and integrity checks. Our products check nothing has been altered in your apps. They also detect untrusted environments, rooting, debugging, hooking, and emulators. This is crucial, because these are common tools used by bad actors looking to reverse engineer your apps. Our thorough code and content protection also hardens your apps and makes them tougher to read. This also aids in anti-tampering.
Another important part of the defense against tampering is attack telemetry and threat intelligence. Alice Threat Intelligence, our risk analysis system, gives you a detailed view of the risks in your field. It helps you to understand them better and know where they’re coming from. This intelligence gives you as better strategy for eliminating the threat of tampering.
IP Theft
Your apps contain lots of intellectual property (IP) in the form of algorithms and source code. These are attractive targets for bad actors. They can steal this IP by pirating or cloning specific parts of your apps - or all of it. The process of them cloning your proprietary algorithms and data structures typically begins with them reverse engineering your app. And this in itself is only possible after running a static or dynamic analysis of your apps. In recent years we’ve seen incidents of creative data such as scripts and media content being cloned in this way.
IP theft is a risk for businesses across industries. But it’s particularly damaging for tech and R&D companies that are focused on innovation and creativity. The loss of their critical ideas and plans can hit them hard. And IP theft can also lead to loss of trust. Imagine you’re the customer of a mobile bank, and you hear that the bank’s vital source code has been stolen. You’d be forgiven for wondering about the safety of your own account information, too.
How we help
Our products come with hardening capabilities that protect your code and your content. They shield the key logic inside your apps and prevent hackers from tampering with it. By encrypting and hiding this logic, they make sure that bad actors aren’t able to make sense of your source code. This stops them carrying out a static analysis. And that means they’re not able to understand how your apps are put together, so they can’t decompile them.
We also use runtime application self protection to monitor behaviours, control your apps’ execution, and prevent real-time attacks. So, hackers can’t run a dynamic analysis, and your apps’ integrity is secured. Finally, our risk analysis system, A.L.I.C.E, helps you to understand the threats to your IP. Its insights give you a better idea of how to defend against them.
Untrusted Environments
There’s an uncomfortable realization that comes to every app developer. Your apps will be used anywhere and everywhere. Sure, they’ll be run on secure networks. But they’ll also be run on insecure wifi and on compromised home networks. They might be run on the same device as another dangerous app that your end user has downloaded. On top of that, software logic for mobile, IoT, and web apps is increasingly being moved to the client side. It’s this combination of factors that makes in-app protection a necessity for any critical or high-end app.
There are several ways that untrusted environments can lead to attacks. For example, an operating system can be downgraded to a more vulnerable version. And that version can then be exploited. Similarly, a device itself can be jailbroken by its owner or user, putting it in a weaker state and more open to attack. A device can also be deliberately rooted via inherent weaknesses in its hardware. These are common risks faced by companies across industries.
How we help
Our products protect your app so they can be used safely in any environment. They come with multiple defense mechanisms, including encryption and obfuscation. This hardens your apps and secures their code and content. We also employ anti-tampering measures. And we carry out sensitive crypto operations and store key material and logic where attackers can’t get to them.
Environment checks are also an important part of our protection process. These checks make sure that nothing has been modified within your app and look for signs of debugging and emulators. We also offer risk analysis to give you an instant view of the threats surrounding your apps. Armed with these insights, you can be confident your apps are up to the task of defending attacks wherever they're being used.