Hacker Lexicon: What Is Application Shielding?

As hackers become increasingly adept at targeting smartphones, app security has become a pressing issue. Attackers can exploit vulnerabilities in mobile software to spy on users, grab their data, or even steal their money. In response, security companies are increasingly touting a feature called "application shielding," a process that obfuscates an application's binary code, ostensibly making it harder for hackers to reverse-engineer.

Application shielding is mainly used to protect intellectual property and cut down on piracy; the techniques modify a service's application code, making it more difficult for someone to tamper with it, or to figure out how to remove digital rights locks and steal media like music or movie files.

Over the past few years, though, the term has evolved to encapsulate other features as well. Sometimes called "binary protection," shielding can run integrity and validity checks to ensure that an app is running in a safe, untainted environment. It can also include biometric authentication checks to make it more difficult for hackers to analyze an application's binary to look for ways of attacking it.

  • Here's How To Guarantee You Get The Cheapest Flight Available, EVERY Time...
  • You can create Instant covering letters and job application letters for your job search and resume
  • Hacking... Hacking Everywhere From Hillary To The Dnc To Main Street. Protect Now.
  • College Admission Services For Ivy League Applicants.
  • Put small animated peel image at the top corner right or left on webpage
  • Get premium dividend data for stocks going ex-dividend each month.
  • Make Money Giving Away A Free Mieoko Kabuki Makeup Brush To Your Audience.
  • Get The Top 12 Fat Burning Workout Challenge From Transformation Expert Jeremy Scott...
  • Learn How To Spot Iffy Sources And Recognize Author Bias.
  • Get Laid By Simply Activating a Woman's Natural Sexual Programming
  • The Web's best resource for Ivy League applicants.
  • Exercises That Foster Insight As Experiential Understanding Of The True Nature Of Being.
  • This program will give you sleek and sexy fitness model within 12 weeks.
  • Speed up your Mac by removing leftover files, settings and folders uninstalled and moved application
  • Learn how to make your own wooden lures. I will show you how.
  • HOW YOU CAN DESIGN YOUR MARKETING STRATEGY TO ATTRACT MORE CLIENTS AS A PRACTITIONERS TODAY
  • Copy my trading strategy that turns 1000 into 1M in 38 Trades
  • Get rid of all those malicious errors that gobble up your PC's speed and increase its speed.
  • Discover the secret recipes from the world's finest restaurants and cook like 5-star chef
  • Packed full of the info you need for profitable horse racing
  •  

    While many of these mechanisms do help strengthen app defenses, security engineers note that mobile application shielding is still evolving as a concept. And they suggest that some of its purported benefits, like claiming to deter hackers by occluding an app's binary code, may be overstated.

    "I suspect many of these mobile shielding techniques will evolve into either standard development libraries or just standard coding practice, and may see an uptick in adoption more quickly among financial enterprises and other high-value environments," says Kenn White, director of the Open Crypto Audit Project. "But other tactics, like obfuscation, are of more dubious value. An attacker should be able to know everything there is to find about your system without it giving them an advantage."

    Think of shielding code like hiding a safe behind a painting. If you have a secure enough lock, it shouldn't matter who can see it.

    Still, application shielding—and the lack thereof—has garnered attention of late. One study released at the beginning of April (and commissioned by Arxan, an application security company that sells mobile shielding tools) assessed the security of 30 financial services apps for Android downloaded from the Google Play Store. It found numerous basic security issues in the vast majority of the apps including weak encryption, features that leaked data, and architecture issues where apps stored user data in insecure locations.

    Alissa Knight, a senior cybersecurity analyst for the advisory firm Aite Group who conducted the research, told WIRED at the end of March that she considered the lack of shielding to be surprisingly careless. Without it, Knight was able to pull out things like private authentication certificates and keys to the directories an app uses to access data. And Knight says that the most important weakness she found in 29 out of the 30 apps tested was lack of binary obfuscation.

    "Looking at banks, retail banking, stock brokerage firms, one of the things that I came across and found was that they’re not obfuscating their code," Knight said. "If you’re putting a mobile app out there there’s so much in there that you would expect pretty much everyone to obfuscate whether they’re a bank or a game. I knew that there was a problem, I didn’t know it was this bad."

    In general, mobile security researchers agree that carelessness and lack of investment often lead to security missteps that developers could—and should—avoid. But many also note that attackers can get around obfuscation if they're motivated to. "Obfuscation in general is just a speed bump," the Open Crypto Audit Project's White says. "By no means does it stop a skilled practitioner."

    One reason "shielding" is such an amorphous term is that it can also be used in other cybersecurity contexts. For example, customers can use shielding as part of their protections on data and applications they store outside of their own servers in third-party cloud environments. This way they can get the flexibility and reach of a cloud service while still defending their turf against unauthorized access. But where shielding is more established as a protection in untrusted cloud environments, it is still evolving as a defense for mobile applications.

    "Application shielding, particularly obfuscation, is a layer of digital rights management which a company may want to add to their apps in order to satisfy licensing or regulatory requirements. It is genuinely useful for that purpose and I would recommend the technology to a company creating something like a video streaming service," says Will Strafach, an iOS security researcher and the president of Sudo Security Group. "But in something like financial apps the choice to not obfuscate their code is not a problem, because it does not add security and can be defeated without much difficulty."

    Strafach says that part of the reason he is skeptical about binary obfuscation is that it could simply be used to allow app developers to mask components of what their app does—a tactic malware authors already use to sneak malicious apps past app store screening by Apple and Google. And Strafach notes another issue he and his research group have begun to see in their own application security analysis.

    "Obfuscation may lead a developer to believe that they can safely leave sensitive content embedded in an app, thinking outsiders could not see it due to the app shielding," Strafach says. "We have noticed quite a few cases of this in apps." Think again of the hidden safe. Putting that painting in front doesn't mean you can leave it unlocked.

    When application shielding is used as a sort of suite of best practices to authenticate a user, check the integrity of an operating system, promote cryptographic checks like transaction signing, or confirm device identity it contributes to much-needed mobile defenses. But as the fledgling toolset evolves, it's important to remember that like anything else, it's not a security panacea.

  • Make Money Giving Away A Free Mieoko Kabuki Makeup Brush To Your Audience.
  • You can create Instant covering letters and job application letters for your job search and resume
  • Here's How To Guarantee You Get The Cheapest Flight Available, EVERY Time...
  • College Admission Services For Ivy League Applicants.
  • Get Laid By Simply Activating a Woman's Natural Sexual Programming
  • Put small animated peel image at the top corner right or left on webpage
  • Get The Top 12 Fat Burning Workout Challenge From Transformation Expert Jeremy Scott...
  • Get premium dividend data for stocks going ex-dividend each month.
  • Hacking... Hacking Everywhere From Hillary To The Dnc To Main Street. Protect Now.
  • Learn How To Spot Iffy Sources And Recognize Author Bias.
  • The Web's best resource for Ivy League applicants.
  • Know the keys to the pigeon racing secrets that you have always been denied.
  • ApeSurvival is all about survival and self-defense products, tips and news.
  • The secret to selling your home for top dollar and saving lots of money by doing it yourself
  • Fired Travel Agent Wants Revenge Here's The Secret To Cheap Flights.
  • A proprietary trend reversal system to detect turning points in the market
  • Learn how to make your own wooden lures. I will show you how.
  •  

    "Though we often think of mobile applications as code that runs on our Android or iOS smartphones, that's only part of the picture," says Adrian Sanabria, an independent security researcher. "Most mobile apps are more like websites that run partially on our phone and partially in the cloud. Application shielding may make it tougher to hack the parts of apps that run on our phones, but app developers still have to consider protecting the parts of the application that don't live on the phone."


    Original Article : HERE ; The Ultimate Survival Food: The Lost Ways

     

  • Get premium dividend data for stocks going ex-dividend each month.
  • Learn How To Spot Iffy Sources And Recognize Author Bias.
  • Here's How To Guarantee You Get The Cheapest Flight Available, EVERY Time...
  • Put small animated peel image at the top corner right or left on webpage
  • College Admission Services For Ivy League Applicants.
  • Get Laid By Simply Activating a Woman's Natural Sexual Programming
  • You can create Instant covering letters and job application letters for your job search and resume
  • The Web's best resource for Ivy League applicants.
  • Hacking... Hacking Everywhere From Hillary To The Dnc To Main Street. Protect Now.
  • Make Money Giving Away A Free Mieoko Kabuki Makeup Brush To Your Audience.
  • Get The Top 12 Fat Burning Workout Challenge From Transformation Expert Jeremy Scott...
  • The coolest SEO tool ever made in the history of man on this planet.
  • ApeSurvival is all about survival and self-defense products, tips and news.
  • How to organize and preserve your entire photo collection in as little as 10 days.
  • Know the keys to the pigeon racing secrets that you have always been denied.
  • Create your own Body Beyond Belief
  • Food For Freedom is a new guide to creating your own unlimited food supply.
  • Approved And Used In All Seniornet Nz Learning Centers.
  • Develop a skill set that gives you an edge over other players, allowing you to dominate online poker games.
  • Have hot Latina girls blowing up your phone in less than 4 weeks
  • Reverse diabetes, lower blood sugar, increase weight loss in 30 days.
  • K Optimizer Simplifies Kindle Publishing Saving You Time
  • The book Master Mentalism teaches you the tricks of magic, hypnosis, mentalism etc.
  •