Your mobile apps are under near-constant attack from more people than you might realize: mischievous adolescent hackers who only want to see if it can be done; terrorists looking to undermine our nation’s largest businesses; local and foreign criminals eager to steal your information and your credit cards. The list is seemingly endless, and constantly growing. Mobile app security trends and predictions can save your business.
AppSolid protects your business by protecting your customers. We scan your apps for a range of security vulnerabilities, then take proactive steps to correct holes. Our binary protection is the strongest in the industry, and we’re constantly evolving our protocols to provide cutting-edge security based on the latest threats.
We believe in the power of knowing your enemy. Last year, our CEO, Min Pyo Hong, predicted the six biggest threats to face mobile apps in 2016. Here’s what we learned about security this year, and our mobile app security trends and predictions for 2017.
Trends We Saw in 2016
So what happened to those six big threats we predicted back in 2015? They all came to fruition in one way or another. A brief review of 2016’s biggest mobile app security threats:
Terrorism is big business. And just like other business professionals, terrorists communicate with each other on mobile and digital platforms. Communications apps that use end-to-end encryption continued to be a preferred favorite among terrorists groups wishing to covertly communicate. Use of coded and hidden communications in YouTube and other videos also increased.
Targeting of Mobile Payment Systems
Mobile payment systems such as Apple Pay make it easy to pay bills and purchase apps with just a click of a button. That ease of use isn’t limited to authorized users, though. Hackers are increasingly targeting mobile payment systems to gain fast -- and often untraceable access -- to cash.
Hacking Mobile Browsers
It’s not just apps that are under threat. Hackers increasingly target mobile browsers. This approach provides an easy bypass to a phone’s various levels of security, potentially compromising the entire system. A number of webkit-based exploits make bypassing built-in browser security measures relatively easy for a committed hacker.
Evolving Denial of Service Attacks
Denial of service (DDoS) attacks have long been used to temporarily target websites. In 2012, a massive DDoS attack targeted numerous major websites, including PayPal, Twitter, and Etsy. Devices are increasingly turned into bots that can engage in DDoS attacks with minimal effort -- and maximal damage.
These attacks have historically been short-lived, but we predicted in 2015 that they would escalate in 2016. The recent DDoS attack around Netflix, Amazon, Twitter, and other major websites in October was in a massive scale that affected the U.S. and Europe.
The Internet of [Hacking] Things
Our increasingly interconnected world means parents can monitor their children from work, toys can talk to one another, and a range of devices can track personal data over time. Hackers are not oblivious to the Internet of things, and continued to use it to their advantage in 2016. Internet-enabled devices that are insufficiently secured open up our most private of moments -- those that occur in our homes -- to hackers.
Remote Hacking and Eavesdropping
A savvy hacker can use the Internet of things to eavesdrop on just about anyone. Even a simple baby monitor can be turned into a surveillance device with surprisingly minimal work. Mobile devices that access unsecured networks can easily turn into eavesdropping devices. Further, so-called man in the middle attacks target unwitting users, allowing hackers to eavesdrop on phone calls.
New Trends for 2017
In the coming year, we expect to see a continuation of many of the trends we saw in 2016. We further anticipate that some emerging threats will become more prevalent. Those include:
Experts have referred to planes as “big flying mobile devices”-- a terrifying thought for anyone who regularly flies. Planes and the system that supports them are increasing targets, as in the case of passport control system disruptions at Istanbul’s Sabiha Gokcen and Ataturk airports this year.
Although directly hacking entire planes is still a distant nightmare, hackers are getting closer. They may begin targeting communication and navigation systems, potentially triggering mid-air collisions and even lost planes. Terrorists and enemy governments alike could use this system to target enemies, assassinate leaders, and stoke panic.
Controversy continues to swirl around allegations that Russia used hackers to manipulate the 2016 election. Most experts agree that hacking played some role in the election results, and this phenomenon may continue. It’s not just about hacking computerized voting systems. Hackers can hack individual devices, as is alleged in the case of the release of Hillary Clinton’s emails. In so doing, they embark on a disinformation campaign that can alter the course of history.
Ransomware and Extortion May Increase
Ransomware, which demands payment for access to a device, is an increasingly popular tool of criminals. Experts suggest it may become even more prevalent in the coming year, with mobile devices and apps serving as easy targets. Local governments may become targets, upending democracy and putting resident data at risk.
Connected Cars and Malicious Code
As the Internet of things extends to cars, so too does the danger. Cars are becoming more automated, and more frequently connected to the Internet, making them a prime target for hackers. The nightmare scenario involves gaining control of self-driving cars to cause accidents, but this is unlikely to happen in 2017. Instead, hackers will continue experimenting with subtle changes that can help them gain access to user data -- and eventually, to vehicle controls. There is even a possibility of car hacking tools being distributed in the black market, which enables not only hackers but also the general public to participate in car hacking crimes.
The usage of biometric security has been rapidly increasing. It’s being used on not only smartphones but also IoT devices, and it’s expected that many more devices will take the biometric security system in the very near future. Despite the common belief that biometric security would be bulletproof towards hacking attacks, hackers still can find security breaches, and abuse it. Furthermore, they may find a way to bypass biometric security, and eventually they may be able to disable the security system.
How Mobile Security Could Improve in 2017
Don’t fret -- the mobile security landscape isn’t all gloom and doom this year. With more security experts raising alarm bells about security holes, companies are increasingly stepping in to fill security gaps. AppSolid is part of that trend.
Users are also increasingly aware of the dangers posed by mobile apps, forcing hackers to become ever more creative. Apps themselves are placing greater demands on consumers, too, forcing them to use more complex passwords, to enter their passwords every time they use the app, and warning about the potential for security breaches.
As long as apps continue to host loads of consumer data with few security controls and ready access to the device, though, these apps will pose a security problem. And in a world where just about anyone can devise an app, hackers will continue to be a problem for unsuspecting device users.