In today’s world, new mobile innovations have changed the way we bank, shop, play, and communicate. This increased demand for mobile innovation is placing pressure on organizations and developers to get applications to market, quickly.
Often times this focus on feature functionality rather than application security can result in an app becoming vulnerable to malicious attacks. This lack of mobile application protection provides mobile hackers an entirely new way to exploit applications. Among the most exploitable areas for hackers to target, is the binary code of the mobile application. Binary code is the code you download from a mobile app store and is what the machine reads to execute an application. There are a number of ways “black hats” seek to exploit binary-based vulnerabilities in order to compromise applications.
Mobile app hacking is easier and faster than ever before. Hackers are utilizing readily available tools to compromise apps in just a matter of minutes. In the videos below, Jonathan Carter from Arxan Technologies, he explains 7 common hacking techniques used to exploit mobile applications.
iTunes Code Encryption Bypass
See how easy it is for hackers to bypass iOS encryption to progress a mobile app attack.Android APK Reverse Engineering
Watch how hackers can easily reverse engineer binary code (the executable) back to source code and primed for code tamperingAlgorithm Decompilation and Analysis
See how “Hopper” is leveraged to initiate a static, springboard attack for counterfeiting and stealing informationBaksmali Code Modification
Learn how hackers can easily crack open and disassemble (Baksmali) mobile code.Reverse Engineering String Analysis
Watch how hackers use strings analysis as a core element for reverse engineering
Swizzle with Code Substitution
Learn how hackers leverage infected code to attack critical class methods of an application to intercept API calls and execute unauthorized code, leaving no trace with the code reverting back to original formUnderstanding application internal structures and methods via Class Dumps
Learn how hackers use this widely available tool to analyze the behavior of an app as a form of reverse engineering and as a springboard to method swizzling- See more at: http://www.rafayhackingarticles.net/2015/04/how-to-hack-mobile-application-video.html#sthash.fnT5tQRm.dpuf
0 comments:
Post a Comment