Beste ebook binare optionen11 comments
Warning about the binary options brainwaves
A lack of binary protections results in a mobile app that can be analyzed, reverse-engineered, and modified by an adversary in rapid fashion. However, an application with binary protection can still be reversed by a dedicated adversary and therefore binary protection is not a perfect security solution. At the end of the day, binary protection only slows down a security review. It is extremely common for apps to be deployed without binary protection.
The prevalence has been extensively studied by a large number of security vendors, analysts, and researchers [ 1 ] [ 2 ] [ 3 ] [ 17 ]. Typically, the app owner will realize reverse engineering was successful when the code shows up in another app in iTunes [ 4 ] , Google Play [ 5 ] [ 16 ] , or a third-party app store [ 6 ]. Usually, the owner discovers this by accident and not through active policing by an app store.
There are many different viable solutions to detect code modification at runtime and respond accordingly. Pre-determined reactions of the apps will vary from either attempting to thwart the attack or fail in a subtle way [ 7 ]. Binary protections slow down an adversary from analyzing exposed interfaces and reverse engineering code within the mobile app.
All too often, the adversary will steal code and recycle it within another app for resell [ 16 ]. The app owner is often unaware that the app has been repurposed and sold elsewhere unless they utilize some form of appstore monitoring service or similar.
If there is a likely chance that this may occur, the owner should consider binary protections to the app. But be warned, this protection only slows an attacker from reverse engineering. It does not prevent an attacker from doing so. Binary protections slow an adversary from modifying the underlying code or behavior to disable or add additional functionality on behalf of the adversary. This is likely to occur if the application stores, transmits, or processes personally identifiable information PII or other sensitive information assets like passwords or credit cards.
Code modification often takes the form of repackaging or insertion of malware into existing mobile apps [ 3 ] [ 18 ]. Many different analysts have provided policy guidance around minimizing this risk [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ]. If you are hosting code in an untrustworthy environment, you are susceptible to this risk [ 1 ] [ 2 ] [ 3 ] [ 17 ].
An untrustworthy environment is defined as an environment in which the organization does not have physical control. This includes mobile clients, firmware in appliances, cloud spaces, or datacenters within particular countries.
First, the application must follow secure coding techniques for the following security components within the mobile app:. Next, the app must adequately mitigate two different technical risks that the above controls are exposed to:. This section outlines typical app vulnerabilities that result from a lack of binary protection. Items within parenthesis indicate examples of tools you can use to test for these vulnerabilities.
There are many well-established security experts within the mobile space that have written books on the topic of binary protection testing [ 13 ] [ 14 ] [ 15 ]. Characterization and Evolution , 7 September Mobile Application Shielding, March 26th, Retrieved from " https: Navigation menu Personal tools Log in Request account.
Views Read View source View history. This page was last modified on 8 October , at Typically, an adversary will analyze and reverse engineer a mobile app's code, then modify it to perform some hidden functionality. An adversary will use an automated tool to reverse engineer the code and modify it using malware to perform some hidden functionality. Organizations should apply binary protections to a mobile app under a few different circumstances: Analysis and Reverse Engineering Binary protections slow down an adversary from analyzing exposed interfaces and reverse engineering code within the mobile app.
Unauthorized Code Modification Binary protections slow an adversary from modifying the underlying code or behavior to disable or add additional functionality on behalf of the adversary.
Typically, a lack of binary protection will result in the following business impacts: