대/한/민/국
스타트업을 응원합니다.

스타트업 소식

[에스이웍스] The greatest threats to the Android ecosystem-SEWORKS Column

Android


All mobile apps can be hacked. A group of hackers with enough time and dedication can gain access to, and reverse engineer, even the most secure app environment.

Android represents 80 percent of the smartphone OS market, according to ABI research, and its open development environment exposes the platform to certain unique threats from hackers and malware.

 

While Android security experts debate the merits of installing antivirus software on Android devices, they ignore a host of potential dangers that lurk just below the surface -- critical threats no one in our industry talks about. In an effort to strengthen the Android ecosystem for all developers, we want to shine a light on some of the most dangerous Android threats no one discusses.

A smorgasbord of risk

Android hacks come in all shapes and sizes, but the following are common exploits with the potential to unleash havoc.

  • App Piracy
  • Repackaging
  • Memory Hacking
  • Payments Verification Manipulation
  • Server Data Interpretation
  • Attack App Creation

Ground Zero

It all boils down to the fundamental problem with the Android application execution file (aka the .apk file). The Android .apk file can be easily decompiled with various apps. When you decompress (decompile) a .apk file, it converts to a DEX file so that the app can run on a Dalvik virtual machine. When you decompile the DEX file, that's where the Java code lives. And that's where the source code lives as well.

Some developers may say that they don't develop in Javacode so they're ok, or it's ok since they develop in .so library files. This is a dangerous assumption; .so files have been susceptible to reverse engineering even before Android was released. If you use IDA, a leading commercial reverse engineering tool, you can see the structure of the library and the code inside the .so files, and change the contents with a binary patch. Furthermore, there are dozens of tools available to decompile and crack Android apps simply by searching Google.

So what can you do with decompiled code?

1. App Piracy -- ripping off the source code to create a new copycat app. Remember all the Flappy Bird clones?


2. Repackaging -- inserting malware or other malicious code and repackaging, releasing into the app store. Since there is no app review process, anyone can do this. And people download wrong or bad apps all the time. A fake BBM app on Android had more than 100K downloads before it was found and shut down by Google, and it was a simple spamming app. Malware has been found in repackaged apps.


3. Memory hacking -- manipulating memory values to cheat in mobile games, etc. GameCih, Game Killer, and so on. From a hacker's perspective, here's a few more threats common to Android apps.


4. Manipulate payment verification information to steal virtual items from apps -- Freedom, etc. are free tools that you can download and use.


5. Analyze and find what type of data gets passed to which server, then use man in the middle attacks (MITM) to hijack or change the app -- Snapchat security leak.


6. Create an attack app which can communicate with the server (since you see all the client code) to do various things, such as:

  • Take the SSL certificate or PGP key to attack the server (if the certificates are not encrypted)
  • Create a non SSL tunnel to see plain text data (see unencrypted versions of data)
  • Attack the database query via SQL injection
  • Attack the server with a DoS attack to flood the server with requests and make it unusable, don't let any other users in by tying up the server.
  • By allowing server attacks, hackers can easily decrease the amount of time needed to figure out how the data structure is composed.
  • With SSL certificates, if you have this certificate, there can be secondary and tertiary attacks derived from this.

Simply put, people say "it's ok since all the data lives on the server side".

However, if the data is all on the server (the locked room), the data needed to access that server is all in the client (the key). If the key can be replicated, who can say that the locked room will never be accessed by an outside person?

Eliminating danger

The greatest risk Android developers face is is the security of the app itself. Once the app has been compromised through the.apk file, the value of the developer's IP can vanish instantly.

To maintain the total security and integrity of your apps, I recommend PentaProtect from SEWorks, which provides source code obfuscation, binary obfuscation, anti-decompile protection, anti-memory hacking, library protect. Couple this with app tampering detection/monitoring service AppSecure and this is as close to bulletproof as you can get (right now anyway).

http://betanews.com/2014/07/22/the-greatest-threats-to-the-android-ecosystem/

에스이웍스

San Francisco의 offensive & Defensive Cybersecurity 서비스 회사

[에스이웍스] 를(을) 서포트하고 있는 사람들

댓글 0
건전한 토론문화를 위해, 주제에 맞지 않거나 타인에게 불쾌감을 주는 욕설 또는 특정 계층/민족, 종교 등을 비하하는 경우 삭제 될 수 있습니다.
회사명 제목 작성자 작성일
이뮤직마켓 Goodbye year 2013 party on eMusicMarket headquarter Hyoung Jun Rim 2014.07.23
이뮤직마켓 eMusicMarket Demo Live at Dong-joo University! Hyoung Jun Rim 2014.07.23
이뮤직마켓 Winners of the 'Arranging Contest' awarded. Hyoung Jun Rim 2014.07.23
에스이웍스 The greatest threats to the Android ecosystem-SEWORKS Column Kim Hee Yeon 2014.07.23
아우름플래닛 [아우름플래닛 2.0] 회사 홈페이지 리뉴얼 stargt 2014.07.21
펀그랩 발키리컨플릭트 CBT @ 네이버앱스토어 펀그랩 2014.07.21
에스이웍스 [SBS] SBS스페셜 '나를 잊어주세요'-SEWORKS Kim Hee Yeon 2014.07.21