Hacker Lexicon: What Is Application Shielding?

As hackers become increasingly adept at targeting smartphones, app security has become a pressing issue. Attackers can exploit vulnerabilities in mobile software to spy on users, grab their data, or even steal their money. In response, security companies are increasingly touting a feature called "application shielding," a process that obfuscates an application's binary code, ostensibly making it harder for hackers to reverse-engineer.

Application shielding is mainly used to protect intellectual property and cut down on piracy; the techniques modify a service's application code, making it more difficult for someone to tamper with it, or to figure out how to remove digital rights locks and steal media like music or movie files.

Over the past few years, though, the term has evolved to encapsulate other features as well. Sometimes called "binary protection," shielding can run integrity and validity checks to ensure that an app is running in a safe, untainted environment. It can also include biometric authentication checks to make it more difficult for hackers to analyze an application's binary to look for ways of attacking it.


Latest Discounts
  • Get Laid By Simply Activating a Woman's Natural Sexual Programming
  • Get The Top 12 Fat Burning Workout Challenge From Transformation Expert Jeremy Scott...
  • Make Money Giving Away A Free Mieoko Kabuki Makeup Brush To Your Audience.
  • Here's How To Guarantee You Get The Cheapest Flight Available, EVERY Time...
  • Put small animated peel image at the top corner right or left on webpage
  • Get premium dividend data for stocks going ex-dividend each month.
  • College Admission Services For Ivy League Applicants.
  • You can create Instant covering letters and job application letters for your job search and resume
  • Hacking... Hacking Everywhere From Hillary To The Dnc To Main Street. Protect Now.
  • Learn How To Spot Iffy Sources And Recognize Author Bias.
  • The Web's best resource for Ivy League applicants.
  • The secret to selling your home for top dollar and saving lots of money by doing it yourself
  • Content Writing Made Easy-the Ultimate Content Writing Shortcut
  • How to organize and preserve your entire photo collection in as little as 10 days.
  • The Best RSS Autoblog Tool For Blogger Blogspot Blog.
  • A Comprehensive Guide To Local Lead Generation And Local Affiliate Marketing.
  • HOW YOU CAN DESIGN YOUR MARKETING STRATEGY TO ATTRACT MORE CLIENTS AS A PRACTITIONERS TODAY
  • Quickly And Easily Crank Out An Amazing Resume That Is Guaranteed To Have Hot Top Job Offers
  • The 100 Day Marathon Plan. Helps All-level-runners Achieve Their Marathon Goals.
  • K Optimizer Simplifies Kindle Publishing Saving You Time
  • Get picks from hundreds of world-class sports handicappers for less than the price of one.
  • Clickbank Ads
     

    While many of these mechanisms do help strengthen app defenses, security engineers note that mobile application shielding is still evolving as a concept. And they suggest that some of its purported benefits, like claiming to deter hackers by occluding an app's binary code, may be overstated.

    "I suspect many of these mobile shielding techniques will evolve into either standard development libraries or just standard coding practice, and may see an uptick in adoption more quickly among financial enterprises and other high-value environments," says Kenn White, director of the Open Crypto Audit Project. "But other tactics, like obfuscation, are of more dubious value. An attacker should be able to know everything there is to find about your system without it giving them an advantage."

    Think of shielding code like hiding a safe behind a painting. If you have a secure enough lock, it shouldn't matter who can see it.

    Still, application shielding—and the lack thereof—has garnered attention of late. One study released at the beginning of April (and commissioned by Arxan, an application security company that sells mobile shielding tools) assessed the security of 30 financial services apps for Android downloaded from the Google Play Store. It found numerous basic security issues in the vast majority of the apps including weak encryption, features that leaked data, and architecture issues where apps stored user data in insecure locations.

    Alissa Knight, a senior cybersecurity analyst for the advisory firm Aite Group who conducted the research, told WIRED at the end of March that she considered the lack of shielding to be surprisingly careless. Without it, Knight was able to pull out things like private authentication certificates and keys to the directories an app uses to access data. And Knight says that the most important weakness she found in 29 out of the 30 apps tested was lack of binary obfuscation.

    "Looking at banks, retail banking, stock brokerage firms, one of the things that I came across and found was that they’re not obfuscating their code," Knight said. "If you’re putting a mobile app out there there’s so much in there that you would expect pretty much everyone to obfuscate whether they’re a bank or a game. I knew that there was a problem, I didn’t know it was this bad."

    In general, mobile security researchers agree that carelessness and lack of investment often lead to security missteps that developers could—and should—avoid. But many also note that attackers can get around obfuscation if they're motivated to. "Obfuscation in general is just a speed bump," the Open Crypto Audit Project's White says. "By no means does it stop a skilled practitioner."


     

    One reason "shielding" is such an amorphous term is that it can also be used in other cybersecurity contexts. For example, customers can use shielding as part of their protections on data and applications they store outside of their own servers in third-party cloud environments. This way they can get the flexibility and reach of a cloud service while still defending their turf against unauthorized access. But where shielding is more established as a protection in untrusted cloud environments, it is still evolving as a defense for mobile applications.

    "Application shielding, particularly obfuscation, is a layer of digital rights management which a company may want to add to their apps in order to satisfy licensing or regulatory requirements. It is genuinely useful for that purpose and I would recommend the technology to a company creating something like a video streaming service," says Will Strafach, an iOS security researcher and the president of Sudo Security Group. "But in something like financial apps the choice to not obfuscate their code is not a problem, because it does not add security and can be defeated without much difficulty."

    Strafach says that part of the reason he is skeptical about binary obfuscation is that it could simply be used to allow app developers to mask components of what their app does—a tactic malware authors already use to sneak malicious apps past app store screening by Apple and Google. And Strafach notes another issue he and his research group have begun to see in their own application security analysis.

    "Obfuscation may lead a developer to believe that they can safely leave sensitive content embedded in an app, thinking outsiders could not see it due to the app shielding," Strafach says. "We have noticed quite a few cases of this in apps." Think again of the hidden safe. Putting that painting in front doesn't mean you can leave it unlocked.

    When application shielding is used as a sort of suite of best practices to authenticate a user, check the integrity of an operating system, promote cryptographic checks like transaction signing, or confirm device identity it contributes to much-needed mobile defenses. But as the fledgling toolset evolves, it's important to remember that like anything else, it's not a security panacea.


    Latest Discounts
  • The Web's best resource for Ivy League applicants.
  • Get premium dividend data for stocks going ex-dividend each month.
  • You can create Instant covering letters and job application letters for your job search and resume
  • Get The Top 12 Fat Burning Workout Challenge From Transformation Expert Jeremy Scott...
  • Here's How To Guarantee You Get The Cheapest Flight Available, EVERY Time...
  • Make Money Giving Away A Free Mieoko Kabuki Makeup Brush To Your Audience.
  • Put small animated peel image at the top corner right or left on webpage
  • College Admission Services For Ivy League Applicants.
  • Get Laid By Simply Activating a Woman's Natural Sexual Programming
  • Hacking... Hacking Everywhere From Hillary To The Dnc To Main Street. Protect Now.
  • Learn How To Spot Iffy Sources And Recognize Author Bias.
  • Fired Travel Agent Wants Revenge Here's The Secret To Cheap Flights.
  • Over 350 Companies Ready To Hire Take Online Surveys for Cash.
  • HOW YOU CAN DESIGN YOUR MARKETING STRATEGY TO ATTRACT MORE CLIENTS AS A PRACTITIONERS TODAY
  • An Ultimate Program, Reveals The Easy Techniques To Attract Women
  • Discover A Smart Trade Technology That Turns All Of Your Losing Trades Into Winning Trades
  • Develop a skill set that gives you an edge over other players, allowing you to dominate online poker games.
  • ApeSurvival is all about survival and self-defense products, tips and news.
  • Top Salesman Exact Word-for-word Rebuttals and Closes. Try This
  • Clickbank Ads
     

    "Though we often think of mobile applications as code that runs on our Android or iOS smartphones, that's only part of the picture," says Adrian Sanabria, an independent security researcher. "Most mobile apps are more like websites that run partially on our phone and partially in the cloud. Application shielding may make it tougher to hack the parts of apps that run on our phones, but app developers still have to consider protecting the parts of the application that don't live on the phone."


    Original Article : HERE ; The Ultimate Survival Food: The Lost Ways

     


    RELATED PRODUCTS
  • Make Money Giving Away A Free Mieoko Kabuki Makeup Brush To Your Audience.
  • Here's How To Guarantee You Get The Cheapest Flight Available, EVERY Time...
  • Get The Top 12 Fat Burning Workout Challenge From Transformation Expert Jeremy Scott...
  • Hacking... Hacking Everywhere From Hillary To The Dnc To Main Street. Protect Now.
  • The Web's best resource for Ivy League applicants.
  • You can create Instant covering letters and job application letters for your job search and resume
  • Get premium dividend data for stocks going ex-dividend each month.
  • College Admission Services For Ivy League Applicants.
  • Learn How To Spot Iffy Sources And Recognize Author Bias.
  • Put small animated peel image at the top corner right or left on webpage
  • Get Laid By Simply Activating a Woman's Natural Sexual Programming
  • A comprehensive DIY Kit for the application of a United States green card through the NIW track.
  • Make Up Your Own Songs, Solos And Riffs On The Guitar Off The Top Of Your Head.
  • Learn secrets that competitors will never know for pulling money out of your website.
  • Clickbank Ads