Security professionals can safeguard their enterprise by studying advanced hacking techniques from China, India and Korea
Security professionals know that hackers are an invisible army with infinite patience, and a bottomless bag of tricks. Against these odds businesses are at a disadvantage, because the only surefire way to know you’re vulnerable to hackers is after an attack has occurred. By then it’s too late to plug any holes that lead to a breach.
So how can you keep your apps safe, and stay ahead of the curve? Look to Asia, particularly China and Korea.
Asia is Ground Zero for mobile app hackers who target video game developers. And while Asian mobile developers seem like an isolated target, the implications are much larger than one market, or one specific form of mobile technology. Mobile hacks–often originating in China and India–quickly become a global contagion with the potential to unleash untold havoc for companies of any size.
Asia is the world’s largest Internet market, with the highest number of smartphone users. Asian consumers are avid gamers and fast adopters of mobile trends, such as mobile commerce, and in-game/in-app purchases. And as early technology adopters, Asia’s developers are the first to experience new threats to their mobile apps.
App piracy is a costly problem for Asian app developers.
Asian consumers have a long-standing relationship with pirated content, such a movies, and premium merchandise. Culturally it is common to see knockoff designer items and pirated games/movies on the streets, and it is accepted as a part of life. The in-app sale of premium items is a business model first pioneered in Asia as a response to rampant piracy of video games.
Today app piracy serves as a way for unscrupulous developers to dramatically reduce production cycles. With access to a rival’s source code, a copycat app version is released with identical functionality, allowing the thieves to shift development funds to marketing and new user acquisition. Hard-working developers unwittingly provide a generous subsidy to their competition when they fail to lock down or obfuscate their code. In this new world, the copycat can sometimes be more popular than the original.
Advanced evasion techniques with high sophistication
The piracy problem has many faces, and aids, in advanced evasion techniques favored by hackers.
The duplication of certificates and security credentials from compromised apps often become components of new attacks against enterprise targets. With these bogus credentials hackers can deploy malicious code in an otherwise secure environment, because it appears to be coming from a trusted source.
Today’s most advanced hackers function like startups, with a chain of command and compensation structure like any legit technology firm.But the businesslike nature of their illegal enterprises does not mirror the companies they target.
Hackers are opportunists. Hackers spend weeks or months looking for one hole to exploit. Once they have breached a company’s defenses they may wait months more before selecting the right moment to launch a crippling offensive.
The Asian mobile security market has unique characteristics, but it is dangerous for IT professionals to treat threats as a purely local phenomenon. In a connected world, cybergangs in China, India, Pakistan and Eastern Europe are not limited by geography.
The attack patterns that originate in Asia inevitably become standard tactics used against European and American enterprise targets. Asian cybercriminals who bring battle-tested techniques to new shores, are better able to avoid detection, and more resilient to inoculation attempts, like antibiotic-resistant bacteria that cause deadly outbreaks.
Protecting your apps
The threat posed by hackers is very real; just ask Sony, Tesco, Macy’s or Nieman Marcus, retailers who suffered costly and serious brand damage after hackers gained access to millions of customer records and credit cards.
An ounce of prevention saves a pound of cure. There are no bulletproof security solutions to stop all attacks, however, there are simple and often-overlooked steps you can implement today, such as binary-level obfuscation, source code obfuscation, key encryption (private/public) and secure communications between client/server (HTTPS, not HTTP)
Think like a hacker to stop hackers
Identify weak links in your security environment by proactively educating yourself about emerging threats.
Asia is at the forefront of hacking techniques, therefore paying close attention to the latest security research will give you a leg up on hackers, before you become front page news.
The best hackers will always find a way to make mischief. Because they are opportunists first and foremost, the more difficult you make their job, the more likely they are to target someone else.