Data Breaches Connected to Mobile Apps on the Rise
Recent data breaches demonstrate valuable lessons in cybersecurity. Major takeaways include the importance of businesses taking social engineering and mobile app attacks seriously, acknowledging that employees can pose great risks, recognizing that non-profit organizations remain vulnerable, and protecting even the most well-guarded secrets. Breaches in fintech mobile apps, third-party breaches, identity theft on virtual platforms, tech giants being targeted by threat actors, the significance of encryption for data security, and the increasing prevalence of ransomware attacks all emphasize the ongoing challenges in cybersecurity. To prevent security breaches, organizations and individuals should stay informed on cybersecurity best practices and invest in proactive defense measures.
But, you don’t have to take our word for it. Just take a look at the damage done by the top data breaches that took place last year:
- Rockstar Games, the developer of the Grand Theft Auto series, suffered a significant breach when footage of its upcoming game, Grand Theft Auto VI, was leaked. The hacker claimed to have the game’s source code and attempted to sell it. Suspected to be a social engineering attack, the breach likely began with an employee’s compromised Slack account. This incident highlights the importance of businesses taking social engineering attacks seriously.
- Uber’s computer network was compromised in 2022, affecting its engineering and communications systems. A hacker gained access to a staff member’s Slack account and sent out messages to reveal the breach. This breach underscores that employees can pose substantial risks to organizations, regardless of their intentions, and emphasizes the need for stronger security measures around the use of communication tools like Slack and sharing of sensitive information.
- The Cash App data breach occurred in December 2021 but was reported on April 4, 2022, to the US Securities and Exchange Commission by Block, the app’s parent company. In this breach, 8.2 million customer records were stolen due to a disgruntled employee accessing company databases and obtaining sensitive information such as customer names and brokerage account numbers.
How Mobile Application Attacks Work
Device-level attacks target mobile devices like phones and tablets, either aiming for network access or sensitive information stored within the device. Vulnerabilities that hackers may exploit include improper platform usage, vulnerable binaries, insecure data storage, security decisions via untrusted inputs, rooted Android or jailbroken iOS devices, and extraneous functionality.
Improper platform usage occurs when developers misconfigure or ignore recommended security features in mobile development frameworks. Vulnerable binaries can be analyzed and reverse-engineered to clone or modify an app’s original source code, compromising its integrity. Insecure data storage assumes that client-side storage is safe, but attackers can exploit tools to extract valuable information. Security decisions via untrusted inputs can result in hackers bypassing security checks and gaining unauthorized access. Rooted Android or jailbroken iOS devices can be exploited for deeper system access or enabling attackers to install corrupted apps. Extraneous functionality often includes powerful features intended for development/testing but can be misused by hackers if they remain in production environments.
Overall, the severity and impact of these attacks can vary, but they often lead to sensitive data exposure, unauthorized access, or compromised system integrity.
8 Most Dangerous Types of Mobile App Cyberattacks
As we become increasingly reliant on mobile devices for everything from communication to financial transactions, it is crucial to understand these evolving threats to protect our sensitive data. We will discuss the pernicious nature of malware in mobile apps, the emergence of on-device fraud (ODF), the dangers of rooting or jailbreaking, phone call redirection, and the abuse of notification direct reply features. Furthermore, we will delve into the domain generation algorithm (DGA) employed by some malware to evade detection, the bypassing of app store detection methods, and the refined development practices employed by hackers in creating advanced malware.
By understanding these threats, you can be better prepared to secure your devices and maintain your privacy in an increasingly interconnected, mobile world.
Malware in Mobile Apps
Malicious software, or malware, can infect devices or apps to steal personal information. It can spread through links, downloads, or even from other apps. To distribute malware through mobile apps, cybercriminals either upload apps containing malicious code or inject it into existing apps. They may also replicate popular apps with malicious code to deceive users.
On-Device Fraud (ODF)
Advanced malware, such as Octo, TeaBot, Vultur, and Escobar, can execute fraudulent activities directly from a victim’s device. This marks a shift from previous mobile attacks focused on credential theft and data exfiltration. ODF capabilities could potentially target other types of accounts and communication tools used by businesses, including Slack, Teams, and Google Docs.
Rooting or Jailbreaking
Gaining root access to a device’s operating system can lead to severe security risks, as it can bypass app security measures, allow malicious code to run and provide hackers with unrestricted access to sensitive data.
Phone Call Redirection
Emerging threats such as the Fakecalls banking Trojan can intercept and redirect legitimate phone calls to numbers controlled by attackers without the victim’s knowledge. The call screen will still display the intended phone number, deceiving the victim into believing they are speaking with a legitimate contact.
Notification Direct Reply Abuse
Malware like FluBot, Medusa, and Sharkbot can abuse Android’s Notification Direct Reply feature to intercept and directly respond to push notifications from targeted apps. This functionality can sign fraudulent transactions, intercept two-factor authentication codes, and even enable malware to spread to a victim’s contacts through push message phishing.
Domain Generation Algorithm (DGA)
Malware such as the Sharkbot banking Trojan utilizes DGA to constantly generate new domain names and IP addresses for its servers, making detection and blocking difficult for security teams.
Bypassing App Store Detection
Cybercriminals are finding ways to bypass app store security measures, such as using Apple’s TestFlight beta testing platform and Web Clips feature, or paying developers to incorporate malicious SDKs into their apps.
Refined Development Practices
Android banking Trojans are being developed with advanced update capabilities, like the Xenomorph malware. This allows for improved features and new functionalities on compromised devices.
AWA’s Mobile App Penetration Services
The way that hackers gain access to mobile app data and mobile devices is constantly evolving. Yet, we individuals and companies are relying more and more on apps with their data for all types of activities, from banking to shopping. Our mobile app penetration testing services are designed to identify vulnerabilities in an apps security controls. This inludes:
- Client-side attacks,
- Server-side attacks,
- Update attacks,
- Functional testing, and
- Data traffic monitoring.
Find out more about our full suite of cybersecurity services and mobile application pen testing by contacting us today.
- AppKnox, Hardeep Singh. “Top 10 Data Breaches of 2022,” October 2022.
- DarkReading, Storm Swendsboe. “6 Scary Tactics Used in Mobile App Attacks,” May 2022.
- MUO, PRANAV BHARDWAJ. “The Top 10 Mobile App Security Threats That Put Your Data at Risk,” March 2023.