Blogs -5 Ways Hackers Attack Mobile Devices and Applications

5 Ways Hackers Attack Mobile Devices and Applications

June 12, 2018


Beth Kindig

Lead Tech Analyst

Hackers go about achieving their goals with reverse engineering software to find vulnerabilities they can exploit, data they can extract, or ways to modify the software to do something it was never intended to do. The primary consequences of applications getting hacked include financial loss, destroyed brand reputation, exposure to liability, and regulatory risk.

Over 7 billion identities have been stolen in data breaches over the last eight years equal to one data breach for every person on the planet. 

Why do Hackers Attack Mobile Devices and Applications?

In order to understand threats, we must understand what hackers are trying to achieve. Hackers will mount different kinds of attacks to achieve different kinds of goals. And so, defending against hackers in the context of application security may involve defending against many different kinds of attacks on your mobile device.

Hackers might be interested in bypassing business logic. For example, they might want to bypass controls that let them cheat at a video game or violate the terms of a software license. Of more serious concern is the potential for hackers to bypass controls in safety critical systems. It is not inconceivable that lives could be at risk if a hacker were able to hack a medical device, connected car or some component of critical infrastructure, such as a wind farm, a coal or nuclear power plant, a power grid, or a water treatment facility.

According to a recent study, automobiles today run systems that have more than 100 million lines of code. Those applications often contain valuable intellectual property, which hackers would rather steal than develop. For example, they might be a competitor or a nation state with inferior technology attempting to improve their own products in order to compete more effectively.

Hackers might also be interested in obtaining valuable pieces of data that are managed within the application, such as music or video, financial data, or privacy sensitive health data.

While data can be protected with cryptography, this only shifts the problem from protecting the data directly to protecting the cryptographic keys. Cryptographic keys are not only used to protect data. They can also be used to create a secure identity for a device.

A device may need such a key to authenticate to a cloud service. If a hacker were able to obtain this secret, they might be able to masquerade as that device or as the owner of the device. Cryptographic keys are also used to establish secure communications. For example, HTTPS is a familiar protocol that uses SSL/TLS to secure communication to websites. If a hacker were able to obtain these keys, they could snoop on or alter supposedly secure communications.

For all of these reasons, hackers are highly motivated to steal cryptographic keys embedded in or controlled by an application.

Sometimes hackers aren’t interested in the application itself, but using the application as a digital stepping stone to try to achieve some other goal. Hackers are often interested in obtaining root access on the device the application is running on, so they can install malware or use the device as a launch pad to attack something else.

Consider the 2016 Mirai botnet that infected web enabled cameras and installed a piece of malware that launched the largest distributed denial of service attack in history against the dynamic domain name service Dyn, causing wide spread internet outages. Those 100,000 cameras were able to launch 1.2 terabytes per second of data at a major piece of the global internet infrastructure. Here the goal of the attacker was not to compromise the webcam directly, but rather to bring down the web services of many companies whose DNS was controlled by Dyn.,format

Hacking Mobile Devices: Reverse Engineering and Tampering

Hackers employ two fundamental techniques when attacking: reverse engineering and tampering. If the hacker is trying to bypass business logic, they have to find where in the application the business logic resides. That requires reverse engineering. Then they typically must tamper with the application to bypass that logic.

If the hacker is trying to steal intellectual property, sensitive data or cryptographic keys from an application, they have to know where to look in the application. Unless those secrets are obvious, hackers need to reverse engineer the application to find them.,format

If the hacker is trying to create a stepping stone attack, they often use the workflow shown in Figure 1:

  • First, they find some vulnerability in the application, which again requires reverse engineering;
  • Then, they craft an exploit that takes advantage of that vulnerability;
  • Finally, they attack by launching the exploit to the application.

In a remote attack like the popular SQL injection attack, this may involve sending the message to the application over the internet. But if they have physical access to the device, which with mobile and IoT based systems can be as easy as a trip to the store, then they can directly tamper with the device.

Gains of up to 403% from our Free Newsletter.

Here are sample stock gains from the I/O Fund’s newsletter --- produced weekly and all for free!

+344% on Nvidia

+403% on Bitcoin

+218% on Roku

*as of March 15, 2022

Our newsletter provides an edge in the world’s most valuable industry – technology. Due to the enormous gains from this particular industry, we think it’s essential that every stock investor have a credible source who specializes in tech. Subscribe for Free Weekly Analysis on the Best Tech Stocks.

If you are a more serious investor, we have a premium service that offers lower entries and real-time trade alerts. Sample returns on the premium site include 324% on Zoom, 601% on Nvidia, 445% on Bitcoin, and 4-digits on an alt-coin. The I/O Fund is audited annually to prove it’s one of the best performing Funds on the market with returns that beat Wall Street funds. 


More To Explore


Investing In AI with Beth Kindig: 1-Hour Video Interview

Investing In AI with Beth Kindig: 1-Hour Video Interview

Jordi Visser, CIO and Chairman of Weiss Multi-Strategy Advisers, spoke to Beth Kindig on the Real Vision podcast on March 20th, to dive deep into AI’s potential for explosive economic growth, how to f

April 19, 2024,compress

Semiconductor Stocks Q4 Overview: AI Gains Heat Up

Semiconductor stocks are standout performers so far in 2024, with investor appetite for AI stocks remaining elevated as AI chip leader Nvidia continues its streak of high growth.

April 15, 2024
I/O Fund Catapults to 131% Cumulative Performance Due to Leading AI Allocation

I/O Fund Catapults to 131% Cumulative Performance Due to Leading AI Allocation: Official Press Release

I/O Fund, a tech research site that actively manages a real-time portfolio, announces returns of 57% in 2023 with a cumulative return of 131% since inception. This compares to popular tech ETFs that h

April 03, 2024
The Importance of Verified Returns and Risk Management for Retail Investors

The Importance of Verified Returns and Risk Management for Retail Investors

Last year was a stellar year for investors – in 2023, the Nasdaq 100 rose 54% for its best annual return since 1999, while the S&P 500 gained 24%. The Magnificent 7 were the de facto leaders of this m

March 27, 2024
ARM Building

Arm Stock: AI Chip Favorite Is Overpriced

Arm Holdings is positioned to capitalize on the growing adoption of artificial intelligence (AI) technologies, leveraging its established licensing model and extensive ecosystem to drive future growth

March 26, 2024
Meta Building Picture

Top 3 Ad-Tech Stocks For 2024

Ad spending growth is widely forecast to accelerate in 2024, after a challenging macro environment significantly dented budgets and growth in 2023. The US advertising market is already showing positiv

March 18, 2024
Cybersecurity Apps

Cybersecurity Stocks: CrowdStrike Soars While Palo Alto And Zscaler Fall

This year has led to a split landscape for cybersecurity stocks, with two of cybersecurity leaders up more than 20% YTD while others are negative YTD. In the past, we’ve discussed the resiliency of th

March 10, 2024
The Magnificent 7 Are Falling Like Dominos; Only 3 Remain

The Magnificent 7 Are Falling Like Dominos; Only 3 Remain

The Magnificent 7 of 2023 have now become 2024’s Magnificent 3: Nvidia, Meta and Amazon. Of these, Nvidia’s saw a stellar start to the year as shares have gained nearly 60% YTD due to the GPU leader’s

March 05, 2024
Nvidia Stock Gained $1.5 Trillion To Surpass The FAANGs - Apple Is Next

Nvidia Stock Gained $1.5 Trillion To Surpass The FAANGs - Apple Is Next

Today, Nvidia surpassed a $2 trillion market cap compared to Apple’s $2.8 trillion. The company has surpassed Amazon, Google, Tesla, Meta and Netflix. The only one left standing is Apple and we have 2

February 28, 2024,format

Palantir Stock Surges From Artificial Intelligence Platform

Palantir’s Q4 earnings confirmed an acceleration in its US commercial business as it closed out its first GAAP profitable year. Shares are reflecting the optimism surrounding Palantir’s commercial seg

February 20, 2024

Sign up for Analysis on
the Best Tech Stocks
The I/O Fund specializes in tech growth stocks and offers in-depth research for Premium Members. Investors get access to a transparent portfolio, a forum, webinars, and real-time trade notifications. Sign up for Premium.

We are on social networks

Copyright © 2010 - 2024
Get Free Weekly Analysis on the Best Tech Stocks