Blogs -5 Ways Hackers Attack Mobile Devices and Applications

5 Ways Hackers Attack Mobile Devices and Applications


June 12, 2018

author

Beth Kindig

Lead Tech Analyst

Hackers go about achieving their goals with reverse engineering software to find vulnerabilities they can exploit, data they can extract, or ways to modify the software to do something it was never intended to do. The primary consequences of applications getting hacked include financial loss, destroyed brand reputation, exposure to liability, and regulatory risk.

Over 7 billion identities have been stolen in data breaches over the last eight years equal to one data breach for every person on the planet. 

Why do Hackers Attack Mobile Devices and Applications?

In order to understand threats, we must understand what hackers are trying to achieve. Hackers will mount different kinds of attacks to achieve different kinds of goals. And so, defending against hackers in the context of application security may involve defending against many different kinds of attacks on your mobile device.

Hackers might be interested in bypassing business logic. For example, they might want to bypass controls that let them cheat at a video game or violate the terms of a software license. Of more serious concern is the potential for hackers to bypass controls in safety critical systems. It is not inconceivable that lives could be at risk if a hacker were able to hack a medical device, connected car or some component of critical infrastructure, such as a wind farm, a coal or nuclear power plant, a power grid, or a water treatment facility.

According to a recent study, automobiles today run systems that have more than 100 million lines of code. Those applications often contain valuable intellectual property, which hackers would rather steal than develop. For example, they might be a competitor or a nation state with inferior technology attempting to improve their own products in order to compete more effectively.

Hackers might also be interested in obtaining valuable pieces of data that are managed within the application, such as music or video, financial data, or privacy sensitive health data.

While data can be protected with cryptography, this only shifts the problem from protecting the data directly to protecting the cryptographic keys. Cryptographic keys are not only used to protect data. They can also be used to create a secure identity for a device.

A device may need such a key to authenticate to a cloud service. If a hacker were able to obtain this secret, they might be able to masquerade as that device or as the owner of the device. Cryptographic keys are also used to establish secure communications. For example, HTTPS is a familiar protocol that uses SSL/TLS to secure communication to websites. If a hacker were able to obtain these keys, they could snoop on or alter supposedly secure communications.

For all of these reasons, hackers are highly motivated to steal cryptographic keys embedded in or controlled by an application.

Sometimes hackers aren’t interested in the application itself, but using the application as a digital stepping stone to try to achieve some other goal. Hackers are often interested in obtaining root access on the device the application is running on, so they can install malware or use the device as a launch pad to attack something else.

Consider the 2016 Mirai botnet that infected web enabled cameras and installed a piece of malware that launched the largest distributed denial of service attack in history against the dynamic domain name service Dyn, causing wide spread internet outages. Those 100,000 cameras were able to launch 1.2 terabytes per second of data at a major piece of the global internet infrastructure. Here the goal of the attacker was not to compromise the webcam directly, but rather to bring down the web services of many companies whose DNS was controlled by Dyn.

https://images.prismic.io/bethtechnology/0c4ed1c4-eaaf-45dc-8dea-cb9401020d10_1_4idajMUvAc-9r4di_T4JMg.png?auto=compress,format

Hacking Mobile Devices: Reverse Engineering and Tampering

Hackers employ two fundamental techniques when attacking: reverse engineering and tampering. If the hacker is trying to bypass business logic, they have to find where in the application the business logic resides. That requires reverse engineering. Then they typically must tamper with the application to bypass that logic.

If the hacker is trying to steal intellectual property, sensitive data or cryptographic keys from an application, they have to know where to look in the application. Unless those secrets are obvious, hackers need to reverse engineer the application to find them.

https://images.prismic.io/bethtechnology/b7bc9cbe-61f1-4643-95b9-37ca7fac4e5d_1_W-J4RtdfrHYDIzPbZNAeAw.png?auto=compress,format

If the hacker is trying to create a stepping stone attack, they often use the workflow shown in Figure 1:

  • First, they find some vulnerability in the application, which again requires reverse engineering;
  • Then, they craft an exploit that takes advantage of that vulnerability;
  • Finally, they attack by launching the exploit to the application.

In a remote attack like the popular SQL injection attack, this may involve sending the message to the application over the internet. But if they have physical access to the device, which with mobile and IoT based systems can be as easy as a trip to the store, then they can directly tamper with the device.

Gains of up to 2,250% from our Free Newsletter.


Here are sample stock gains from the I/O Fund’s newsletter --- produced weekly and all for free!

2,250% on Nvidia

670% on Bitcoin

*as of Mar 04, 2025

Our newsletter provides an edge in the world’s most valuable industry – technology. Due to the enormous gains from this particular industry, we think it’s essential that every stock investor have a credible source who specializes in tech. Subscribe for Free Weekly Analysis on the Best Tech Stocks.

If you are a more serious investor, we have a premium service that offers lower entries and real-time trade alerts. Sample returns on the premium site include 3,580% on Nvidia, 860% on Chainlink, and 1,010% on Bitcoin. The I/O Fund is audited annually to prove it’s one of the best-performing Funds on the market, with returns that beat Wall Street funds.

beth
head bg

Get a bonus for subscription!

Subscribe to our free weekly stock
analysis and receive the "AI Stock: 5
Things Nobody is Telling you" brochure
for free.

More To Explore

Newsletter

Futuristic AI data center featuring NVIDIA’s GB200 Superchip, designed for AI superclusters, high-performance computing, and generative AI training with up to 27 trillion parameters.

NVIDIA’s GB200s for up to 27 Trillion Parameter Models: Scaling Next-Gen AI Superclusters

Supercomputers and advanced AI data centers are driving the AI revolution, enabling breakthroughs in deep learning and large-scale model training. As AI workloads become increasingly complex, next-gen

March 21, 2025
NVIDIA Blackwell Ultra GPU unveiled at GTC 2025, revolutionizing AI and HPC with unprecedented efficiency and power.

NVIDIA Blackwell Ultra Fuels AI & HPC Innovation, Efficiency and Capability  

NVIDIA’s latest Blackwell Ultra GPU, unveiled at NVIDIA GTC 2025, is transforming AI acceleration and high-performance computing (HPC). Designed for the “Age of Reasoning,” these cutting-edge GPUs del

March 21, 2025
Nvidia CEO Jensen Huang discusses AI market dominance at GTC 2025, addressing demand concerns and future growth projections.

Nvidia CEO Predicts AI Spending Will Increase 300%+ in 3 Years

Nvidia has traversed choppy waters so far in 2025 as concerns have mounted about how the company plans to sustain its historic levels of demand. At GTC, Huang threw cold water on many of the Street’s

March 20, 2025
AI data centers are driving the AI revolution, but their soaring energy demands pose sustainability challenges. With power consumption projected to rise 160% by 2030, data centers are integrating brown, clean, and renewable energy sources. Goldman Sachs predicts 40% of new capacity will come from renewables, but can solar, wind, and nuclear sustain AI’s 24/7 operations? Explore how hyperscalers are evolving their energy strategies to meet growing AI demands.

AI Data Center Power Wars: Brown vs. Clean vs. Renewable Energy Sources

AI data centers are at the heart of the AI revolution, but their massive energy demands raise critical questions. With power consumption expected to grow 160% by 2030, data centers are turning to a mi

March 19, 2025
Natural gas pipelines supporting AI data centers as energy demand surges, with Texas and Louisiana emerging as key hubs for AI infrastructure growth.

Why Gas Pipelines Are the Unsung Heroes of AI Data Center Expansion

Natural gas is emerging as the backbone of AI data center expansion, with demand expected to reach up to 6 billion cubic feet per day by 2030. As AI-driven infrastructure surges, data centers are turn

March 19, 2025
Alibaba’s AI revenue growth accelerates, but remains significantly lower than U.S. tech leaders like Microsoft, highlighting China’s competitive AI landscape.

Alibaba Stock: China Has Low AI Revenue Compared to United States

Alibaba’s AI-driven cloud revenue is surging with six consecutive quarters of triple-digit growth. However, its AI earnings remain a fraction of what U.S. tech giants report, with Microsoft leading at

March 14, 2025
By 2030, AI data centers may consume 9% of U.S. electricity as GPU power usage surges, with Nvidia’s GB200 reaching 2,700W. To ensure sustainability, data centers are adopting long-term PPAs and exploring high-efficiency energy sources like nuclear and SOFCs.

Unlocking the Future of AI Data Centers: Which Fuel Source Reigns Supreme in Efficiency?

AI data centers are projected to consume 9% of U.S. electricity by 2030, driven by soaring GPU power demands, with Nvidia’s GB200 reaching 2,700W—a 300% increase over previous generations. As AI racks

March 13, 2025
Tesla faces declining deliveries in 2024 and mounting challenges in 2025, with sharp sales drops in China and Europe, margin pressures, and shifting growth targets.

Tesla Has a Demand Problem; The Stock is Dropping 

Tesla’s growth faces major hurdles in 2025 after its first annual decline in deliveries. Sales are plunging in key markets like China and Europe, while margins remain under pressure. Optimism around r

March 07, 2025
Stock market data with AI and crypto trends highlighted. I/O Fund provides institutional-grade stock analysis, offering insights on AI, semiconductors, and Bitcoin. Stay ahead with expert research and real-time trade transparency.

I/O Fund’s Top 10 of 2024

The digital world is overloaded with noise—millions of posts, comments, and messages flood the internet every minute. For investors, this creates a challenge: filtering out distractions to focus on hi

March 06, 2025
Stock market data overlaid with social media activity metrics, highlighting the challenge of information overload for investors and the importance of quality stock analysis in the tech sector.

10 Timeless Free Articles You Won't Want to Miss

In a world flooded with information, investors face an overwhelming amount of noise. Quality stock analysis is the key to cutting through the clutter. At I/O Fund, we provide in-depth, free investment

March 05, 2025
newsletter

Sign up for Analysis on
the Best Tech Stocks

https://bethtechnology.cdn.prismic.io/bethtechnology/e0a8f1ff-95b9-432c-a819-369b491ce051_Logo_Final_Transparent_IOFUND.svg
The I/O Fund specializes in tech growth stocks and offers in-depth research for Premium Members. Investors get access to a transparent portfolio, a forum, webinars, and real-time trade notifications. Sign up for Premium.

We are on social networks


Copyright © 2010 - 2025