sdog-nist
commented
7 years ago We feel this threat is already addressed by APP-14: Repackaging or impersonating a benign app to contain malicious functionality.
Open sdog-mitre opened 7 years ago
sdog-nist
commented
7 years ago We feel this threat is already addressed by APP-14: Repackaging or impersonating a benign app to contain malicious functionality.
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc.
New Threat
Threat Category: Application: Vulnerable Application
Threat: Copying, distributing and re-publishing the applications illegally.
Threat Origin: None
Exploit Example:
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fake-apps.pdf
http://www.cs.columbia.edu/~nieh/pubs/sigmetrics2014_playdrone.pdf
https://github.com/nviennot/playdrone
CVE Example: None
Possible Countermeasures:
References: None
Additional Information: Hackers are increasingly targeting binary code to launch attacks on high-value mobile applications. A few easy steps and widely available (and often free) tools make it easy for adversaries to directly access, compromise, and exploit application’s code -
a. Analyze or reverse-engineer the binary, and identify or expose sensitive information (keys, credentials, data) or vulnerabilities and flaws for broader exploitation
b. Lift or expose proprietary intellectual property out of the application binary to develop counterfeit applications
c. Modify the binary to change its behavior. For example, disabling security controls, bypassing business rules, licensing restrictions, purchasing requirements or ad displays in the mobile app — and potentially distributing it as a patch, crack or even as a new application
d. Inject malicious code into the binary, and then either repackage the apps and publish it as a new (supposedly legitimate) app, distribute under the guise of a patch or a crack, or surreptitiously (re)install it on an unsuspecting user’s device