Is Your Favorite App a Hacker’s Playground?
- By CDOTrends editors
- October 24, 2023
The security of mobile applications is no longer just a technical concern but a fundamental necessity for individual privacy and corporate security. A recent report has highlighted this issue, revealing that over half of all applications are experiencing active security threats. This reality reminds us of the invisible digital war occurring behind our screens.
Digital.ai released its first annual Application Security Threat Report, which found that 57% of all monitored apps are under constant attack, particularly on gaming and financial service applications. Surprisingly, the study indicates that an app's likelihood of being attacked is not necessarily correlated with its popularity.
Greg Ellis, the general manager of application security at Digital.ai, explained, “There were a staggering 100 billion mobile app downloads in 2021 alone. Between curious actors and threat actors, the reasons and motivations for attacks on any app are varied and increasing.” He highlighted the financial incentives and prestige within hacking communities as significant motivators behind these cyberattacks.
The report delves deeper into the unsettling realities of the digital world in 2023. Tools for reverse engineering and dynamic instrumentation, like Ghidra and Frida, have evolved, making it easier for threat actors to exploit applications. The emergence of cryptocurrencies and peer-to-peer payment apps has simplified monetizing these schemes, primarily through ransomware. Additionally, the nationalization of cyber-attacks has given threat actors resources previously unimaginable.
Derek Holt, chief executive officer of Digital.ai, stressed the challenges faced by application developers: "Application owners know all too well the pressures of creating more apps faster, especially with the addition of AI-code assist tools. This leads to security getting short-changed; it is often not included in the DevOps process, or it is seen as an impediment without an obvious starting point.”
The report highlights the vulnerabilities and points out the industries most at risk. Gaming applications face a 63% likelihood of being attacked, while financial service apps stand at 62%. The reasons range from hackers' direct income from selling pirated games in grey-market app stores to the respect gained by cracking high-security games.
The situation isn't any less grim for other sectors. Apps in industries outside of gaming and financial services, including those linked to implantable medical devices and Bluetooth-connected functionalities, have a 54% chance of facing these invisible onslaughts.
In response to these threats, Digital.ai advocates for a more robust approach to app security. Their platform assists teams in integrating security measures early in the development cycle, providing critical tools for monitoring applications in production and offering insights into potential risks.
Image credit: iStockphoto/minianne