August 17, 2022

    Top Mobile App Security Trends From Black Hat USA 2022

    Black Hat is a global event series that provides the security industry with the latest research, trends, and developments in the world of cybersecurity. The sessions and trainings that take place during these events are created based on the needs and interests of the global security community. Black Hat events and sessions are attended and executed by a variety of professions in the industry:

    • IT specialists
    • Security analysts
    • Risk managers
    • Security architects/engineers
    • Penetration testers
    • Security software developers
    • Cryptographers
    • Programmers
    • Government employees

    The Black Hat USA 2022 conference took place from August 10th-11th in Las Vegas. Guardsquare’s Chief Product Officer Ryan Lloyd attended the conference and connected with many attendees at the Guardsquare booth on mobile app security trends and takeaways from the presentations.

    Here are the two security trends that stood out the most.

    1) The best way to fight against attackers? Get in their heads.

    A powerful and innovative way to prevent and defend against mobile app attacks is by carrying them out yourself (or watching someone else do it). Many of the sessions at Black Hat featured presenters staging attacks from the perspective of a threat actor, or showcased responsibly disclosed exploitable vulnerabilities. A couple of good examples related to mobile were covered, Google Reimagined our Phone. It was Our Job to Red Team and Secure It, as well as Android Universal Root Exploiting xPU Drivers.

    Self-engineered attacks increase your knowledge of how reverse engineering works in both iOS and Android apps. Not only can this help you prevent these attacks, but it can accurately illustrate the criticality of strong mobile app security. Take, for example, our blog The Current State & Future of Reversing Flutter™ Apps which explores the tools threat actors leverage to speed up the reverse engineering of Flutter apps.

    This blog demonstrates that the tools assisting threat actors to reverse engineer Flutter apps are not difficult to develop. We also saw that with only several lines of code, the metadata information could be used to speed up the reverse-engineering process. As Flutter and other types of apps mature, reverse-engineering methods and tools will be sure to follow suit.

    Another good example of how to think about security from the perspective of a threat actor is this Android App Reverse Engineering 101 workshop on GitHub. In this workshop, participants learn the foundations for reverse engineering Android applications. The lesson is focused on reverse engineering through static analysis – the process of analyzing and understanding an app by examining its code. The author of the workshop specifically states that she focused on static analysis because, “[Static analysis] tends to be a less approachable skill for people to pick up on their own, so I want to help you do it!”

    There is a virtually unlimited amount of resources available online to help threat actors learn how to reverse engineer apps. If you want to get ahead of attackers, you need to learn their attack methods and modes of operation to prepare a defense plan.

    2) Security is a cat and mouse game.

    The mobile threat landscape is constantly evolving. Developers need experience and dedication to keep up with new threats, especially if you have a popular, high-value app that is attractive to attackers.

    Mobile app security can be thought of as a cat-and-mouse game. The attackers are the cats, and our apps are the mice. The sophistication and dedication of the skilled reverse engineering community are cats learning the mice’s hiding spots. Consequently, we mice have to stay up to date with new and innovative protection measures. In other words, the mice have to change their hiding spots and defense tactics.

    An effective way to stop attacks (or stop the cat) before they happen is to continuously monitor for reverse engineering and tampering attempts in your released app. Threat monitoring allows you to identify potential threat actors, find security gaps that need fixing, and gain security knowledge to apply in future development.

    An example of a monitoring tool for mobile apps is Guardsquare’s ThreatCast. A monitoring tool like ThreatCast enables developers to:

    • View attacks and suspicious activity in real-time
    • Review events to analyze attacks attempts and identify repeated attack vectors
    • Set custom alerts for threat events so you can step in before any damage can be done.

    So, if a mouse had a tool that watches over its home and alerts it whenever a cat is approaching, there would probably be a lot more mice in the world.

    To learn more about defending your apps against complex threats, the true dangers of an unprotected mobile app, and what security teams should look for in a protection solution, check out this interview from Security Guy TV with Guardsquare’s own Ryan Lloyd.

    Executive Summary

    1. Guardsquare’s Chief Product Officer Ryan Lloyd attended the Black Hat USA 2022 conference and connected with attendees about emerging security trends. Here are the two that stood out the most.
    2. A powerful way to prevent and defend against mobile app attacks is to look at security from the attacker's perspective, even by carrying out the attack yourself.
    3. Security can always be better, as more sophisticated threats emerge every day. An effective way to strengthen your mobile app security posture is by leveraging tools to regularly monitor for attack attempts.

    Guardsquare

    Discover how Guardsquare provides industry-leading protection for mobile apps.

    Request Pricing

    Other posts you might be interested in