Security key to mHealth success

Thu 23 July 2020 By David Stewart

Category: Mobile App Authentication, Repackaged Apps, MitM Attack, Certificate Pinning, API Security, Healthcare

 

 
In 2016, mHealth apps were the third fastest-growing category of apps behind games and utilities. In 2017, the number of healthcare applications available for smartphone users doubled from that of 2015 to 325,000, from 84,000 different publishers, with an estimated 3.7 billion downloads that year. By 2018, nearly a third of all patients were using their mobile phone for health-related searches and for booking appointments, an overwhelming 99% of consumers believed that mHealth apps improved their quality of life and 70% of millennials were interested in a mobile app that would help them actively manage their well-being. By 2027, mHealth app usage among patients is projected to grow at a 10-year CAGR of 40%.
Read More

Preventing Faked Proximity

Fri 15 May 2020 By Richard Taylor

Category: Threats, MitM Attack, API Abuse, API Security, Healthcare

We’ve been thinking a lot about contact tracing apps in recent weeks. There are ongoing debates about whether a centralised or decentralised model is superior, and how the ensuing discussions around privacy will impact their takeup. 

Read More

Quick Analysis: NHSX Contact Tracing App

Mon 11 May 2020 By Richard Taylor

Category: Reverse Engineering, Threats, API, Mobile App Development, MitM Attack, Certificate Pinning, API Abuse, API Security

When the NHSX contact tracing app was made available in the app stores last Thursday we decided to take a quick look at its operation and how the code has been put together. We used the Android version and the excellent MobSF tools to do our reversing analysis. On Friday the full source code of the app was also published on github

Read More

Approov Backend Quickstarts

Wed 29 April 2020 By Richard Taylor

Category: Integration, Mobile App Authentication, API, MitM Attack, Certificate Pinning, API Security

Photo by Ankush Rathi from Pexels

Approov lets your mobile app prove to a backend API that it really is the official mobile app making the call, and that it is not running in an environment that may be compromised. Only requests from the apps that you specifically allow can make successful requests.

Read More

Securing the Enterprise for Remote Work

Thu 02 April 2020 By David Stewart

Category: Business, Mobile App Authentication, Threats, MitM Attack, API Security

At a time when the world could use some good news, any good news, the central health crisis continues to get compounded by a persistent wave of cyberattacks targeted at companies and their employees. Not even healthcare institutions and agencies at the center of responding to the emergency have been spared, with the World Health Organization, the U.S. Department of Health and Human Services and even a UK-based coronavirus testing facility being targeted by cyber profiteers.

Read More

Top 5 Threats to APIs Servicing Mobile Apps

Sun 29 March 2020 By David Stewart

Category: Fake Accounts, Scrapers, Bots, Repackaged Apps, MitM Attack, API Abuse, API Security

 

As mobile apps become increasingly paramount to operating successfully in today’s markets, a big question mark over API security is raised. Gartner has previously predicted that by 2022, “API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” Since every mobile app out there is powered by APIs, securing them is clearly a top priority.

Read More

Blockchain renders online votes immutable, including fake votes!

Thu 19 March 2020 By David Stewart

Category: Fake Accounts, Bots, Repackaged Apps, API, MitM Attack, API Abuse, API Security

“It's the wave of the future,” declared the US State of West Virginia's Secretary of State of following a limited deployment of a blockchain-based voting app for the state's general midterm elections. For cybersecurity and election integrity advocates, however, the move was “an example of all the things states shouldn’t do when it comes to securing their elections.”

Read More

How to Protect Against Certificate Pinning Bypassing

Tue 15 October 2019 By Paulo Renato

Category: Mobile App Authentication, Repackaged Apps, Reverse Engineering, Threats, API, MitM Attack, Certificate Pinning

In my previous article, we saw how to bypass certificate pinning within a device you control and, as promised, we will now see how you can protect yourself against such an attack.

In this article you will learn how to use a mobile app attestation service to protect your API server from accepting requests that come from a mobile app where certificate pinning has been bypassed. This means that even though the attacker has bypassed the certificate pinning, he will not be able to receive successful responses from the API server. Instead, the server will always return 401 responses, thus protecting your valuable data from getting into the wrong hands.

Read More

Bypassing Certificate Pinning

Sun 18 August 2019 By Paulo Renato

Category: Android, Mobile App Development, MitM Attack, Certificate Pinning

In a previous article we saw how to protect the https communication channel between a mobile app and an API server with certificate pinning, and as promised at the end of that article we will now see how to bypass certificate pinning.

To demonstrate how to bypass certificate pinning we will use the same Currency Converter Demo mobile app that was used in the previous article.

In this article you will learn how to repackage a mobile app in order to make it trust custom ssl certificates. This will allow us to bypass certificate pinning.

Read More

Improve the Security of API Keys

Wed 24 July 2019 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, Reverse Engineering, API, Mobile App Development, MitM Attack

Securely identify your API Caller

Read More

Page 1 of 2