THE TOP 6 MOBILE API PROTECTION TECHNIQUES - ARE THEY ENOUGH?

Sat 22 December 2018 By Paulo Renato

Category: API Keys, Mobile App Authentication, Scrapers, Bots, Threats

APIs are a necessary and central part of the strategy of any digital business that wants to stay competitive and monetize its assets. Additionally, end users’ form factor of choice when using digital services is now firmly mobile. The trend towards APIs and mobile devices has moved the attack surface in a significant way and digital businesses must adapt and evolve their security policies accordingly.

Read More

API ABUSE IN 2017 (PART 3)

Mon 19 February 2018 By Barry O'Rourke

Category: Business, CheatingAsAService, Aggregators, Threats, A Series - API Abuse

Two particularly challenging forms of API abuse are Aggregation and Cheating as a Service. In both these cases your own users are enabling and sometimes funding the individuals and organizations abusing your APIs.

Read More

API ABUSE IN 2017 (PART 2)

Tue 13 February 2018 By Barry O'Rourke

Category: Business, Account Hijacking, Fake Accounts, Scrapers, Threats, A Series - API Abuse

Our first batch of business level attacks are Data Scrapers and Account Hijack. We also take a look at the lucrative business of Fake Account Factories.

Read More

API ABUSE IN 2017 (PART 1)

Fri 09 February 2018 By Barry O'Rourke

Category: Business, Threats, A Series - API Abuse

2017 has seen our customers tackling a wide range of abuse and misuse of their Mobile APIs. We are seeing multiple approaches where the business process transparency provided by APIs has resulted in exploitation. Time for a retrospective...

Read More

THE SPECTRE OF THE ZYGOTE

Wed 10 January 2018 By Richard Taylor

Category: Threats

In part1 of this blog I provided an overview of the Meltdown and Spectre and in this blog I look at the potential impact for mobile security.

Read More

YOU JUST NEED TO SPECULATE TO EXFILTRATE

Tue 09 January 2018 By Richard Taylor

Category: Threats

There is much to discuss in the wake of the security news flow last week. It was dominated by the Meltdown and Spectre CPU bug announcements — 2018 has certainly got off to an interesting start. In part one of this two part blog I will look at these bugs from a high level. In part two I shine the spotlight on the implications for mobile security, and for Android in particular.

Read More

IF YOU CAN'T MAKE IT, FAKE IT

Wed 22 November 2017 By Shona Hossell

Category: Business, Mobile App Authentication, Bots, Threats

As many social media platforms continue to experience incredible growth in popularity, the supporting apps, and the APIs that service them, remain top targets for bad actors. The ability to communicate quickly and indirectly with the platforms’ vast user bases make them ideal for spreading malware, phishing attacks, or fake news. Networks of automated accounts, gaining artificial levels of popularity and influence are often used to instigate attacks and the recent admission by Facebook that Kremlin linked propaganda may have been seen by as many as 126 million users gives us some idea of the scale of the threat and the ambition of the attackers.

Read More

CAPITALISING ON UBER'S LONDON MISADVENTURE

Tue 17 October 2017 By David Stewart

Category: Business, Mobile App Authentication, Threats

RIVAL CAB COMPANIES ARE QUICK TO MOVE, BUT CYBER CRIMINALS MAY BE QUICKER

Read More

UNINTENTIONAL UNPINNING WITH FIREBASE

Mon 28 August 2017 By Barry O'Rourke

Category: Integration, Mobile App Authentication, Threats

Google's Firebase provides comprehensive set of analytics services for developers to integrate with their apps. On Android the basic functionality is enabled simply by integrating the desired plugins. No code changes required.

Read More

SWIPE LEFT TO SCRAPE

Tue 02 May 2017 By Richard Taylor

Category: Scrapers, Bots, Threats

Yesterday morning security forums reported news that an AI researcher had published a dataset of 40,000 photos that had been scraped from the dating app Tinder. The purpose was simply to extract a real world data set that can be used for training Convolutional Neural Networks (CNN) to tell the difference between men and women. This seems innocent enough, although the author's choice of variable naming caused a bit of a stir. He quickly changed the variable name "hoe" to "subject" soon after the story broke. Apparently this original naming was inherited from the Tinder Auto-Liker code.

Read More

Page 1 of 2