App hardening isn’t a new concept. However, if you are unfamiliar with the term, Security Intelligence described it this way:
Hardening is a key step at the end of any secure software development life cycle process, which ensures that the app is running as designed at runtime and thwarts cybercriminals’ efforts to reverse engineer the app back to source code.
The problem is that app hardening is failing in two industries where security has to be a top priority – finance/banking and health.
According to a January report in Healthcare IT News, the vast majority of health-related apps are failing to address major risks:
Most health apps are susceptible to code tampering and reverse-engineering, two of the most common hacking techniques, the report found. Ninety-five percent of the FDA-approved apps lack binary protection and have insufficient transport layer protection, leaving them open to hacks that could result in privacy violations, theft of personal health information, as well as device tampering and patient safety issues.
Also this month, Lookout warned of four new threats aimed at banking apps that researchers say could be handled with app hardening. They are Slembunk, which monitors a device, waiting for the bank app to be used and then deploys malware; Asacub, which uses phishing techniques to spread malware; Marchcaban, which targets Paypal users; and finally there was an alert released warning of a fake WhatsApp updated that actually steals credit card information stored on the device.
Santosh Krishnan, VP of Platform Products at Lookout, said in an email comment:
As mobile banking, among other sensitive industries, become more ubiquitous, app developers will become more accountable to the security inside their apps. App hardening technology will undoubtedly be able to assist developers and protect enterprises and institutions from leaving the door to fraud unlocked in their mobile apps.
When looking at security trends for 2016, security experts repeatedly mentioned the risks in mobile apps and the rise of mobile malware. One solution? Ensuring that apps are developed with security in mind. App hardening has to be part of that plan.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba.