1. PSD2 Highlights Mobile Banking Application Vulnerabilities
In January 2018, the EU’s modified Payments Services Directive 2 (PSD2) came into force. Now, banking clients can perform their online monetary operations through 3rd party service providers such as social media platforms. While PSD2 uses consumers´ extraordinary opportunities for choosing their online banking services, financial companies will encounter extra obstacles.
Particularly in regard to security, this brand-new regulation of third-parties is vital. The Application Programming Interfaces (APIs) that exchange data between banks and counter-parties present vulnerabilities that hackers can exploit. The interfaces also contain the cryptographic keys that make transactions secure.
If a hacker is successful in exposing the source code of mobile applications, they can access the keys. The discovery exposes any other application that uses the same APIs to intrusion. The criminal might also be able to access the bank’s server through financial services apps. PSD2 will bring scrutiny of reliable security options for financial applications into the spotlight, especially in relation to ensuring the keys are secured.
2. Connected Medical Applications: Interconnected Devices Expose Patients to Cyber Threats
The year 2017 saw nearly 500,000 wearers of pacemakers informed they were at risk due to a crucial software application vulnerability. Patient security in the era of the Internet of Medical Devices and Medical apps is presenting IT departments significant challenges. Hackers, researchers illustrated, could take control of the medical devices. Though no known cases of threats actually came to the fore, the research results shocked the industry, nevertheless.
No medical software application – regardless of whether it’s a mobile application or software embedded in hardware controllers – can be completely safeguarded. It doesn’t even have to be a professional hacker that infiltrates medical systems: basic Malware and hacking tools are openly available on the web. The cyber weapons can manipulate medical applications and expose the source code that runs devices. Once inside the code, thieves can rapidly get the cryptographic keys to control software applications.
In addition to the threat to physical safety, medical device hacks present dangers to patient data. Patient data is now more valuable on the Darknet than financial data. It is paramount, then, that medical gadget producers and designers concentrate on hardening their software applications in the coming year.
3. Fake Applications More Prevalent
In 2017 one million Android users downloaded a fake version of the WhatsApp messaging app. It was supposedly an official update. It even included the well-known logo from the Play Store. The aim of the app, however, was to entice users to select advertisements that would download and activate malware.
It is disconcerting that companies as large and sophisticated as Google cannot keep fake applications out of their app stores. Cybercriminals are becoming more successful at smuggling their malicious fake applications into the stores as regular versions of popular apps.
Customers are finding it difficult to distinguish between genuine and fake apps. Malware that masquerades as legitimate software is hardly recognizable at first glance. The compromised programs not only carry the same name as the originals but are often also sport the same logos as namesakes.
Fake apps infect devices with Malware that can steal data or display unwanted ads. 2018 is set to be at least as bad as 2017 for the volume and maliciousness of fake apps. App users must be wary of counterfeit versions of software in the coming year.
Cybersecurity analysts have already advised app stores and especially Google Play to revise their security defences. Protecting their customers from malicious software is important to preserve the reputations of the companies,
Google has already made a good start, admittedly. It has announced it has implemented AI algorithms to police its app store. However, these obviously require optimization, as the WhatsApp incident has shown.
Cybersecurity Solutions in 2018
Promon will continue to develop its application shielding technologies. For instance, our WhiteBox cryptography feature dissolves security keys into the programming code and obscures algorithms, even at runtime. The technique keeps keys safe even when an attacker has complete access to the device on which the cryptographic functions are executing.
Promon also offers app repackaging protection through its Promon SHIELD™ Software Development Kit (SDK). Repackaging an app means that an attacker obtains a copy of a software application from an authorized app store, turns into it malware, then re-distributes it to users who believe that they are using a legitimate app or the original app. Promon SHIELD™ detects when an app has been modified (repackaged). As a result, the original app that has Promon SHIELD™ implemented cannot be executed repackaged – which means, no fake-apps run on a user’s device.
While the black hats will continue to range the Wild West of internet connected technologies in 2018, we will continue to provide solutions that proactively protect personal and corporate integrity.