![]() ![]() This is the second category of exploitable binary vulnerabilities, whereby mobile app binaries can be analyzed statically and dynamically. A rogue application performing a drive-by attack (via the run-time method known as swizzling, or function/API hooking) to compromise the target mobile app (in order to lift credentials, expose personal and/or corporate data, redirect traffic, etc.).A hacker injecting malicious code into the binary, and then either repackaging the mobile apps and publishing it as a new (supposedly legitimate) app, distributed under the guise of a patch or a crack, or surreptitiously (re)installing it on an unsuspecting user’s device.For example, disabling security controls, bypassing business rules, licensing restrictions, purchasing requirements or ad displays in the mobile app - and potentially distributing it as a patch, crack or even as a new application. A hacker or hostile user, modifying the binary to change its behavior. ![]() Code modification or code injection threat scenarios can include: This is the first category of binary-based vulnerability exploits, whereby hackers conduct unauthorized code modifications or insert malicious code into an application’s binaries. Well-equipped hackers seek to exploit two categories of binary-based vulnerabilities to compromise apps: Code Modification or Code Injection: For those of you who may not be familiar, binary code is the code that machines read to execute an application - it’s what you download when you access mobile apps from an app store like Google Play. ![]() Hackers are increasingly aiming at binary code targets to launch attacks on high-value mobile applications across all platforms. Unprotected binary code in mobile apps can be directly accessed, examined, modified and exploited by attackers.
0 Comments
Leave a Reply. |