Typically, an attacker seeks to understand extraneous functionality within a mobile app in order to discover hidden functionality in in backend systems. The attacker will typically exploit extraneous functionality directly from their own systems without any involvement by end-users. An attacker will download and examine the mobile app within their…
Mobile Top 10 OWASP M9 Reverse Engineering
An attacker will typically download the targeted app from an app store and analyze it within their own local environment using a suite of different tools. An attacker must perform an analysis of the final core binary to determine its original string table, source code, libraries, algorithms, and resources embedded…
Mobile Top 10 OWASP M8 Code Tampering
Typically, an attacker will exploit code modification via malicious forms of the apps hosted in third-party app stores. The attacker may also trick the user into installing the app via phishing attacks. Typically, an attacker will do the following things to exploit this category: Make direct binary changes to the…
Mobile Top 10 OWASP M7 Poor Code Quality
Threat Agents include entities that can pass untrusted inputs to method calls made within mobile code. These types of issues are not necessarily security issues in and of themselves but lead to security vulnerabilities. For example, buffer overflows within older versions of Safari (a poor code quality vulnerability) led to…