I recently wrote an article about hackers getting iOS App developers to use a bogus Xcode development kit downloaded from a Chinese site to create applications. The development kit contained malicious code that caused all types of security problems in iPhone and iPad apps. Read the entire article here.
This is a new frontier for hackers. Rather than attacking perimeter security defenses, like firewalls and end point encryption applications, the hackers are getting developers to embed security vulnerabilities into their code. This essentially bypasses the middle man, since the applications are already compromised. Hackers just need to activate malicious capabilities to steal sensitive information or compromise systems. It’s a clever ploy and takes these attacks to a new level.
Fortunately there is a way to thwart these attacks. Using a semantic-based static analysis tool helps developers discover and eliminate these security vulnerabilities in the source code. It can analyze millions of lines of code quickly and locate bugs, security holes, runtime errors, hard-coded passwords, cross-site scripting, SQL injections and more at the early stages of software development.
Most organizations and regulations now demand that developers follow secure coding compliance requirements for software development. This is in reaction to major incidents of cyber terrorism and events like the compromised App Store applications. According to NIST, if organizations detect and remove security weaknesses before completing development, they can reduce a maximum of 30 times of the expense compared to finding and removing security weaknesses after development. The use of a semantic-based static analysis tool is the only way to detect all of these security weaknesses within the source code before it is released.
As everyone relies more heavily on apps, especially with the emergence of IoT (Internet of Things), hackers will go where the sensitive and private information lives. Your phone and tablet can access a lot of sensitive personal and business information, giving attackers a lot of bang for the buck. Stopping bugs and security vulnerabilities before you create and release your apps, ensures that users of those apps can do so safely without concern for a data breach. Stop the bugs before they stop you and your users.
Photo credit Brian Klug