Use cryptographic key protection solution such as Whitebox Cryptography to ensure -
a. Cryptographic keys are not discovered at any time, and are not present in static form or in runtime memory
b. Data is protected at rest, in transit and in-use
Protect API from reverse-engineering and code tampering/modification attacks
Leverage vulnerability/penetration testing and ensure that known risks – including those identified in the OWASP mobile top 10 list, in particular, are addressed
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc.
New Threat
Threat Category: Payment
Threat: Vulnerabilities of 3rd party payment API for code analysis/tampering and cryptographic key lifting attacks.
Threat Origin: API Attacks
http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c18.pdf
Exploit Example: None
CVE Example: None
Possible Countermeasures:
References: None