Earlier this week, I had a really great discussion on mobile app security with the friendly team at Application Security Weekly. One of the things we talked about is why hackers might target an app, and the reasons may not be why you think!
When we think of mobile applications that might be targeted by hackers, we can be tempted to think quite narrowly about what value our app might have. Healthcare apps process healthcare records which are very valuable on the dark web. Payments and banking apps process payment information, which can also be monetized by hackers. But what about an app that doesn’t handle personal data, doesn’t have secret credentials, and is already free? Does that really mean the developer doesn’t need to worry about an attack?
It’s important that we step back and think like a hacker. That means forgetting what we think the app does and think about what a hacker can make it do. For example, sometimes the most valuable feature of an app is the number of people that have installed it. Maybe the app doesn’t process sensitive data, but if a hacker can clone it, package it with malware and reach a huge community of users, then the app becomes an extremely valuable vehicle to launch attacks targeting users and their devices. Thinking about how a hacker might use your app as a tool is a new idea for some of us, but we can be sure that hackers are already thinking this way.
Curious to understand what I mean? I explain more in this webcast!