Subscribe for Free Weekly Stock Analysis

Beth's analysis helps drive decisions for a top-performing tech portfolio.

Blogs -5 Ways Hackers Attack Mobile Devices and Applications

5 Ways Hackers Attack Mobile Devices and Applications


June 12, 2018

author

Beth Kindig

Lead Tech Analyst

Hackers go about achieving their goals with reverse engineering software to find vulnerabilities they can exploit, data they can extract, or ways to modify the software to do something it was never intended to do. The primary consequences of applications getting hacked include financial loss, destroyed brand reputation, exposure to liability, and regulatory risk.

Over 7 billion identities have been stolen in data breaches over the last eight years equal to one data breach for every person on the planet. 

Why do Hackers Attack Mobile Devices and Applications?

In order to understand threats, we must understand what hackers are trying to achieve. Hackers will mount different kinds of attacks to achieve different kinds of goals. And so, defending against hackers in the context of application security may involve defending against many different kinds of attacks on your mobile device.

Hackers might be interested in bypassing business logic. For example, they might want to bypass controls that let them cheat at a video game or violate the terms of a software license. Of more serious concern is the potential for hackers to bypass controls in safety critical systems. It is not inconceivable that lives could be at risk if a hacker were able to hack a medical device, connected car or some component of critical infrastructure, such as a wind farm, a coal or nuclear power plant, a power grid, or a water treatment facility.

According to a recent study, automobiles today run systems that have more than 100 million lines of code. Those applications often contain valuable intellectual property, which hackers would rather steal than develop. For example, they might be a competitor or a nation state with inferior technology attempting to improve their own products in order to compete more effectively.

Hackers might also be interested in obtaining valuable pieces of data that are managed within the application, such as music or video, financial data, or privacy sensitive health data.

While data can be protected with cryptography, this only shifts the problem from protecting the data directly to protecting the cryptographic keys. Cryptographic keys are not only used to protect data. They can also be used to create a secure identity for a device.

A device may need such a key to authenticate to a cloud service. If a hacker were able to obtain this secret, they might be able to masquerade as that device or as the owner of the device. Cryptographic keys are also used to establish secure communications. For example, HTTPS is a familiar protocol that uses SSL/TLS to secure communication to websites. If a hacker were able to obtain these keys, they could snoop on or alter supposedly secure communications.

For all of these reasons, hackers are highly motivated to steal cryptographic keys embedded in or controlled by an application.

Sometimes hackers aren’t interested in the application itself, but using the application as a digital stepping stone to try to achieve some other goal. Hackers are often interested in obtaining root access on the device the application is running on, so they can install malware or use the device as a launch pad to attack something else.

Consider the 2016 Mirai botnet that infected web enabled cameras and installed a piece of malware that launched the largest distributed denial of service attack in history against the dynamic domain name service Dyn, causing wide spread internet outages. Those 100,000 cameras were able to launch 1.2 terabytes per second of data at a major piece of the global internet infrastructure. Here the goal of the attacker was not to compromise the webcam directly, but rather to bring down the web services of many companies whose DNS was controlled by Dyn.

https://images.prismic.io/bethtechnology/0c4ed1c4-eaaf-45dc-8dea-cb9401020d10_1_4idajMUvAc-9r4di_T4JMg.png?auto=compress,format

Hacking Mobile Devices: Reverse Engineering and Tampering

Hackers employ two fundamental techniques when attacking: reverse engineering and tampering. If the hacker is trying to bypass business logic, they have to find where in the application the business logic resides. That requires reverse engineering. Then they typically must tamper with the application to bypass that logic.

If the hacker is trying to steal intellectual property, sensitive data or cryptographic keys from an application, they have to know where to look in the application. Unless those secrets are obvious, hackers need to reverse engineer the application to find them.

https://images.prismic.io/bethtechnology/b7bc9cbe-61f1-4643-95b9-37ca7fac4e5d_1_W-J4RtdfrHYDIzPbZNAeAw.png?auto=compress,format

If the hacker is trying to create a stepping stone attack, they often use the workflow shown in Figure 1:

  • First, they find some vulnerability in the application, which again requires reverse engineering;
  • Then, they craft an exploit that takes advantage of that vulnerability;
  • Finally, they attack by launching the exploit to the application.

In a remote attack like the popular SQL injection attack, this may involve sending the message to the application over the internet. But if they have physical access to the device, which with mobile and IoT based systems can be as easy as a trip to the store, then they can directly tamper with the device.

head bg

More To Explore

Newsletter

Beth Kindig, Lead Tech Analyst at I/O Fund, interviewed on Fox Business discussing Nvidia’s earnings beat and solid guidance.

AI Stocks in 2025: What Every Investor Should Know

The market evolves quickly, and nowhere is that more apparent than in AI stocks, which continue to lead in both innovation and returns. At the I/O Fund, our deep coverage of AI stocks, combined with a

July 03, 2025
Modern data center building next to a nuclear power plant cooling tower.

Nuclear Power Emerging as a Clean AI Data Center Energy Source

Data center power demand is forecast to surge over the next decade, with some estimates seeing demand increasing 3x by 2030. Inference is expected to be a primary driver with power demand growth proje

June 27, 2025
Nvidia vs. AMD CEOs in AI GPU race, spotlighting AI inference competition.

AMD vs Nvidia: The AI Stock That Could Win by 2028

Last week, AMD offered more details on the release of their groundbreaking GPUs with little fanfare in the markets – which is par for the course as AMD has a history of being forgotten about until the

June 20, 2025
AI chip powering data growth with green upward graph, symbolizing semiconductor and AI market expansion

This AI Stock is Set to Surge from Inference Demand

Up until now, the AI conversation has been dominated by training and compute, yet inference is showing signs of exploding growth. Microsoft and Google recently highlighted 5x to 9x YoY growth in AI to

June 13, 2025
Taiwan Semiconductor drives AI growth amid geopolitical risk

Taiwan Semiconductor Stock: AI Growth Amid Geopolitical Risk 

Despite their leadership, AI stocks like Taiwan Semiconductor and Nvidia are flat year-to-date and trading at similar levels as June 2024. Clearly, the AI trade is not as straightforward as it might s

June 06, 2025
Man walks on a broken bridge with a stock chart overlay, symbolizing market challenges

Historic Market Uncertainty Meets $7 Trillion Debt Wall: What Comes Next for the S&P 500

We are seeing mounting evidence that this bounce may be the start of a new push to all-time highs, such as improved breadth, better than expected earnings plus the size of this bounce. However, one ca

May 27, 2025
a baseball stadium with Nvidia billboard

Nvidia Stock Faces a Choppy Q2, But Tailwinds Build for H2 Acceleration

Nvidia’s streak of blockbuster earnings has turned investor expectations into a high-stakes game— anything short of perfection risks disappointment. As the company gears up to report fiscal Q1 results

May 23, 2025
Microsoft stock up as Azure tops AWS, Google Cloud in Q3 2025

Microsoft Stock Surges After Q3 2025 Earnings: What Separates Azure from AWS, Google Cloud

Microsoft stock jumped after Q3 2025 earnings as Azure emerged as the only major cloud platform to accelerate growth this quarter — a rare feat amid macro pressures. Azure’s 35% constant currency grow

May 16, 2025
Bitcoin price chart signaling potential top despite favorable crypto news

Why Bitcoin’s Bull Run May Be Nearing a Top Despite Pro-Crypto Tailwinds

Since calling the Bitcoin bottom near $16,000 in late 2022, the I/O Fund has maintained a disciplined, contrarian approach — issuing 13 buy alerts before Bitcoin surged above $100,000. Now, signs sugg

May 09, 2025
S&P 500 hits key 2025 target as bond market and consumer trends signal rising volatility and shifting stock-bond correlation.

2025 Market Outlook: Why Stocks and Bonds Are Signaling More Volatility

As the S&P 500 reaches a key bounce target, troubling signs in bonds and consumer behavior suggest this market rally may be on thin ice. I/O Fund’s Knox Ridley explains why volatility may intensify an

May 02, 2025
newsletter

Sign up for Analysis on
the Best Tech Stocks

https://bethtechnology.cdn.prismic.io/bethtechnology/e0a8f1ff-95b9-432c-a819-369b491ce051_Logo_Final_Transparent_IOFUND.svg
The I/O Fund specializes in tech growth stocks and offers in-depth research for Premium Members. Investors get access to a transparent portfolio, a forum, webinars, and real-time trade notifications. Sign up for Premium.

We are on social networks


Copyright © 2010 - 2025